Sign In
Sign Up
Posts
Posts Tags Users Services
new
Django: Custom safe excludes from dangerous XSS Injection
Create a Post
0

Django Custom safe excludes from dangerous XSS Injection. Answered from: http://stackoverflow.com/a/41434870/6396981

from bs4 import BeautifulSoup
from django import template
from django.utils.html import escape

register = template.Library()
INVALID_TAGS = ['script', 'style']

def clean_html(value):
    soup = BeautifulSoup(value)
    for tag in soup.findAll(True):
        if tag.name in INVALID_TAGS:
            #tag.hidden = True # you also can hidden it
            tag.replaceWith(escape(tag))
    return soup.renderContents()

@register.filter
def safe_exclude(text):
    """egg: {{ post.description|safe_exclude|safe }}"""  
    return clean_html(text)

This is an example of clean_html.

https://gist.github.com/agusmakmun/b78a713f5387fe4405368239a031d43c

Hope it usefull…

django tricks solution problem security templates python
Facebook
Twitter
Google+
LinkedIn

Your Answer

blog comments powered by Disqus
viewed62
your ip3.83.192.109
posted1 year, 1 month ago
active1 year, 1 month ago
How to fix the XSS injection on Django
How to Install SSL Certificate on NGINX
How to export database mongodb
django address model

Related posts

0
django address model
 0
How to fix the XSS injection on Django
 1
How to Install SSL Certificate on NGINX
 0
Creating a django logs with mongodb
 1
IDGenerator
Developers APIContact About
Python Learning
© 2014-2019 Python Learning.
Disclaimer Terms Privacy