Re: Will django escaping ever consider context of javascript and CSS?

On 03/05/12 17:49, Voulnet wrote: > The document you linked says it doesn't make it safe to use, but rather > helps in fixing syntax errors. > > " escapejs > > Escapes characters for use in JavaScript strings. This does not make the > string safe for use in HTML, but does protect you from syntax

Re: Will django escaping ever consider context of javascript and CSS?

The document you linked says it doesn't make it safe to use, but rather helps in fixing syntax errors. " escapejs Escapes characters for use in JavaScript strings. This does not make the string safe for use in HTML, but does protect you from syntax errors when using templates to generate

Re: Will django escaping ever consider context of javascript and CSS?

On Fri, Apr 27, 2012 at 11:58 PM, Voulnet wrote: > Hello provides great protection from XSS by escaping output to > webpages, but it only does it in HTML context. XSS can be executed > when user input is inserted into javascript or CSS, which have > different context and rules

Will django escaping ever consider context of javascript and CSS?

Hello provides great protection from XSS by escaping output to webpages, but it only does it in HTML context. XSS can be executed when user input is inserted into javascript or CSS, which have different context and rules than HTML, so HTML context escaping doesn't help/protect. Are there any