Sign In
Sign Up
Posts
Posts Tags Users Services
new
Django: Custom safe excludes from dangerous XSS Injection
Create a Post
0

Django Custom safe excludes from dangerous XSS Injection. Answered from: http://stackoverflow.com/a/41434870/6396981

from bs4 import BeautifulSoup
from django import template
from django.utils.html import escape

register = template.Library()
INVALID_TAGS = ['script', 'style']

def clean_html(value):
    soup = BeautifulSoup(value)
    for tag in soup.findAll(True):
        if tag.name in INVALID_TAGS:
            #tag.hidden = True # you also can hidden it
            tag.replaceWith(escape(tag))
    return soup.renderContents()

@register.filter
def safe_exclude(text):
    """egg: {{ post.description|safe_exclude|safe }}"""  
    return clean_html(text)

This is an example of clean_html.

https://gist.github.com/agusmakmun/b78a713f5387fe4405368239a031d43c

Hope it usefull…

django tricks solution problem security templates python
Facebook
Twitter
Google+
LinkedIn

Your Answer

blog comments powered by Disqus
viewed69
your ip34.204.176.189
posted1 year, 2 months ago
active1 year, 2 months ago
Martor 1.2.7 has been released
changewords - Simply python tool to change or replace the text string in the files
Menggunakan Graph API Facebook sangat mudah dengan Facepy
Simple bash scripting for login before open the terminal
How to fix the XSS injection on Django

Related posts

0
How to create a database view in Django
 0
Django ORM Optimization Tips
 0
Uploading files or images to aws s3 with django
 0
How to handle timezone (localtime) in django
 0
django address model
Developers APIContact About
Python Learning
© 2014-2019 Python Learning.
Disclaimer Terms Privacy