My final solution : [image: bb.png] On Saturday, November 6, 2021 at 6:03:59 PM UTC+2 [email protected] wrote:
> Are you using the safe filter in your templates as otherwise that "attack" > won't do anything but you are right that other XSS attack vectors can be > used as per the example in the docs - > https://docs.djangoproject.com/en/3.2/topics/security/#cross-site-scripting-xss-protection > > If you are using safe then you could put a clean method on the form you > are using to store the data in the first place to perform the > validation/cleaning and if you wanted to go a step further and have places > that update outside of forms then overload the save method of the class, > put the custom validation in, then call super afterwards. > > You could also look at django-bleach - > https://pypi.org/project/django-bleach/ > > On Saturday, 6 November 2021 at 12:44:05 UTC [email protected] wrote: > >> hi all >> i want to sanitize 'content' field from XSS attacks in django models >> so i installed 'bleach' and used but script like "an >> <script>evil()</script> example" store as is (without sanitize script) >> Note: i need bleach via function in models >> Any idea ? >> Thanks >> [image: bleach-Models.png] >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6da70f02-17ab-4e3f-8595-c6d492208abdn%40googlegroups.com.
