Re: Sanitize field from xss attacks in django models

Are you using the safe filter in your templates as otherwise that "attack" won't do anything but you are right that other XSS attack vectors can be used as per the example in the docs - https://docs.djangoproject.com/en/3.2/topics/security/#cross-site-scripting-xss-protection

If you are using safe then you could put a clean method on the form you are using to store the data in the first place to perform the validation/cleaning and if you wanted to go a step further and have places that update outside of forms then overload the save method of the class, put the custom validation in, then call super afterwards.

You could also look at django-bleach - https://pypi.org/project/django-bleach/

On Saturday, 6 November 2021 at 12:44:05 UTC omark...@gmail.com wrote:

hi all

i want to sanitize 'content' field from XSS attacks in django models

so i installed 'bleach' and used but script like "an <script>evil()</script> example" store as is (without sanitize script)

Note: i need bleach via function in models

Any idea ?

Thanks

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ba551e69-e4be-4f96-9aee-01c58c54c09en%40googlegroups.com.