Sanitizes input data to prevent XSS i.e. cross site scripting attacks.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for akshay-ghatul from gravatar.com akshay-ghatul

Unverified details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT

Author: Akshay Ghatul

Project description

A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns valid HTML in the output. It is a wrapper around Python’s bleach library.

Setup

  1. Install input-sanitizer via pip:

    pip install input-sanitizer

  2. Add input-sanitizer to your INSTALLED_APPS:

    INSTALLED_APPS = [
    # ...
    'input-sanitizer',
    # ...
]

  3. Add default configurations for allowed tags, etc in settings.py. These configurations are optional and will defauls to using the bleach defaults. Refer to bleach documentation:

    # tags which are allowed
BLEACH_ALLOWED_TAGS = ['div', 'i']

# remove all tags from input
BLEACH_STRIP_TAGS = True

# remove comments from input
BLEACH_STRIP_COMMENTS = Trues

Usage

In Django Models

input-sanitizer provides following two custom model fields to automatically remove malicious content from input before saving data into database, but beware it won’t work with bulk update, bulk create, etc as these operations are done at the database level. You can still manually sanitize input data to use for bulk update, bulk create, etc.

# in models.py
from django import models
from input_sanitizer import sanitized_fields

class User(models.Model):
    username = sanitized_fields.SanitizedCharField()
    info = sanitized_fields.SanitizedTextField()

SanitizedCharField and SanitizedTextField may take following arguments to alter cleaning behaviour. Please, refer bleach documentation for their use:

  • allowed_tags

  • strip_comments

  • strip_tags

SanitizedCharField is a extension of Django’s CharField and therefore, it will accept all normal CharField arguments.

SanitizedTextField is a extension of Django’s TextField and therefore, it will accept all normal TextField arguments.

In Views

To manually sanitize data, you can use get_sanitized_data function. It can be used to sanitize data to be used for bulk update, bulk create, etc.

from input_sanitizer import sanitizers
cleaned_data = sanitizers.get_sanitized_data(data, bleach_kwargs)

bleach_kwargs arguments are optional and will default to using the bleach defaults. You may pass following arguments to alter cleaned output as per your requirement.

  • allowed_tags

  • strip_comments

  • strip_tags

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for akshay-ghatul from gravatar.com akshay-ghatul

Unverified details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT

Author: Akshay Ghatul


Release history Release notifications | RSS feed

0.2.3

0.2.2

0.2.1

0.2.0

0.1.9

0.1.8

0.1.6

0.1.5

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

input_sanitizer-0.1.4-py3-none-any.whl (3.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page