This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description
# django xss detection
This package contains a django template parser that can be used to find templates
that contain variables that will not be escaped. This package currently has
no knowledge of custom filters, custom tags, and python code (e.g. uses of
mark safe). The code has only been tested against django versions >= 1.5 and <= 1.7.


## Requirements
* django >= 1.5 and < 1.8
* lxml
## Usage
This package can be used on the command line by running
> `python -m django_xss_detection.cli`

## How does it work?
The code works by monkey patching django template code and providing through
a callback function to VariableNode that ends up referring to the
`CompileStringWrapper.handle_callback` method. The callback function is used
later when the code `renders` a given template and encounters a variable node
that will not be escaped. The implementation of detecting unquoted variable nodes
in element attributes and variable nodes in a javascript context lacking
javascript escaping are not implemented through callbacks, see
`get_non_quoted_attr_vars_for_template` and
`get_non_js_escaped_results_for_template` in parse_template.py respectively.

Additionally, the code has modified versions of built in conditional tags,
such as `{% if %}` and `{% ifequal %}`, so as to `render` all possible template
code. If this package does not work on your custom template tags then
you can add support for them similar to how `waffle` template tags are
implemented (see `templatetags/waffle.py` and the `patch` method in `util.py`).
Release History

Release History

0.4.17

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.4.16

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.4.15

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.4.14

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django-xss-detection-0.4.17.tar.gz (11.5 kB) Copy SHA256 Checksum SHA256 Source May 22, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting