Django:安全验证不受信任的HTML输入 [英] Django: Safely validating untrusted HTML input
本文介绍了Django:安全验证不受信任的HTML输入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我知道有一个 Django Html Purifier ,但也许有点轻?如果我想允许用户使用的标签是非常有限的,例如只是< b>
?也许内建Django可以使用的东西?
解决方案
django-bleach
从PHP实现派生的通常是使用。
项目在这里: https://bitbucket.org/ionata/django-bleach
它的用法非常简单,根据文档似乎做你想要的:
#允许哪些HTML标签
BLEACH_ALLOWED_TAGS = ['p','b' ,'我','你','em','强','a']
干杯:)
I want to purify user input in Django.
I know there is Django Html Purifier but maybe there is something lighter? What if the tags I'd like to allow users to use are very limited, e.g. just <b>
? Maybe there is something built-in Django I could use?
解决方案
django-bleach
derived from a PHP implementation is commonly used.
The project is here: https://bitbucket.org/ionata/django-bleach
It's usage is really simple and according to the docs seems to do what you want:
# Which HTML tags are allowed
BLEACH_ALLOWED_TAGS = ['p', 'b', 'i', 'u', 'em', 'strong', 'a']
Cheers :)
这篇关于Django:安全验证不受信任的HTML输入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文