Saturday, November 6, 2021

Re: Sanitize field from xss attacks in django models

My final solution :

On Saturday, November 6, 2021 at 6:03:59 PM UTC+2 wrote:
Are you using the safe filter in your templates as otherwise that "attack" won't do anything but you are right that other XSS attack vectors can be used as per the example in the docs -

If you are using safe then you could put a clean method on the form you are using to store the data in the first place to perform the validation/cleaning and if you wanted to go a step further and have places that update outside of forms then overload the save method of the class, put the custom validation in, then call super afterwards.

You could also look at django-bleach -

On Saturday, 6 November 2021 at 12:44:05 UTC wrote:
hi all
i want to sanitize 'content' field from XSS attacks in django models
so i installed 'bleach' and used but script like "an <script>evil()</script> example" store as is (without sanitize script)
Note: i need bleach via function in models
Any idea ?

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

No comments:

Post a Comment