#5882: Cross-site scripting not mentioned in the tutorial
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: closed | Component: Documentation
Version: SVN | Resolution: invalid
Keywords: xss cross-site-scripting | Stage: Unreviewed
Has_patch: 0 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
----------------------------------------+-----------------------------------
Changes (by brosner):
* status: new => closed
* needs_better_patch: => 0
* resolution: => invalid
* needs_tests: => 0
* needs_docs: => 0
Comment:
Protecting yourself against XSS is a fundamental security issue that any
person doing web development must know and protect against. Django
provides an ```escape``` template filter. I am closing this ticket since:
1. You should be using ```escape``` on user input regardless.
2. The admin site where a user would enter that (through the admin) is
for trusted users and not the general public.
--
Ticket URL: <http://code.djangoproject.com/ticket/5882#comment:1>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
