Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sanitize input in Django Rest Framework

Tags:

python

django

django-rest-framework

If I send something like

{
    "description": "Hello World <script>alert('hacked');</script>"
}

to my django rest framework view, I want to get rid of the the script tags.

  1. Is there a convenient way to do this, that does not involve overwriting all the things and add strip_tags?
  2. What else is to do to sanitize input?
  3. Did I really overread that section in the drf docs or isn't that covered?
like image 648
shredding Avatar asked Apr 14 '15 19:04

shredding

People also ask

Does Django sanitize input?

Django by default sanitizes quoted data.

How do you disinfect input in python?

To sanitize a string input which you want to store to the database (for example a customer name) you need either to escape it or plainly remove any quotes (', ") from it. This effectively prevents classical SQL injection which can happen if you are assembling an SQL query from strings passed by the user.

What is Validated_data in Django REST?

validated_data is an OrderedDict and you can see it only after is_valid() and is_valid() == True.

What is Restapi in Django?

Django REST framework is a powerful and flexible toolkit for building Web APIs. Some reasons you might want to use REST framework: The Web browsable API is a huge usability win for your developers. Authentication policies including packages for OAuth1a and OAuth2.

1 Answers

Ignore the answers here, they are terrible.

Use bleach. You won't get every edge case. This is the situation to use a library in. Your client has control of the client side by definition.

like image 96
dreamriver Avatar answered Oct 13 '22 16:10

dreamriver
Sign in to Comment

Related questions

How do I set the width of a Tkinter.Text widget scrollbar?
QAbstractItemModel index() and parent() methods
Django 1.7 makemigrations renaming tables to None
Spark can't pickle method_descriptor
Setup Spyder to work with Anaconda python on Ubuntu 14.04
Dealing with backslash as a command line argument in Python
How are a name and its reference value related?
How to import and use csvkit in a Python script
How do I respond to a "CONNECT" method request in a proxy server using socket in python?
How to move code of an inner class to different file (Python)?
Using Cython to wrap a c++ template to accept any numpy array
Can I use SQLAlchemy relationships in ORM event callbacks? Always get None
Scipy filter with multi-dimensional (or non-scalar) output
DjangoAdmin adding weird characters to ImageField
'List' object has no attribute 'Values' error
Encrypt and Decrypt by AES algorithm in both python and android
ImportError: No module named cv2
Single colorbar for two subplots changes the size of one of the subplots
Not able to install python-pip on SUSE
Prevent RAM from paging to swap area (mlock)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!