Sanitizes input data to prevent XSS i.e. cross site scripting attacks.
Project description
A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns valid HTML in the output. It is a wrapper around Python’s bleach library to easily integrate it with Django framework.
Setup
Install input-sanitizer via pip:
pip install input-sanitizer
Add input-sanitizer to your INSTALLED_APPS:
INSTALLED_APPS = [ # ... 'input_sanitizer', # ... ]Add default configurations for allowed tags, etc in settings.py. These configurations are optional and will defaults to using the bleach defaults. Refer to bleach documentation for their use:
# tags which are allowed BLEACH_ALLOWED_TAGS = ["div", "section", "a", "i"] # remove all tags from input BLEACH_STRIP_TAGS = True # remove comments from input BLEACH_STRIP_TAGS = True # Strip comments, or leave them in. BLEACH_STRIP_COMMENTS = True
Usage
In Django Models
input-sanitizer provides two custom model fields SanitizedCharField and SanitizedTextField to automatically remove malicious content from input before saving data into database, but keep in mind that it won’t work with bulk update, bulk create, etc as these operations are done at the database level. You can still manually sanitize input data to use for bulk update, bulk create, etc operations.
# in models.py
from django import models
from input_sanitizer import sanitized_fields
class User(models.Model):
username = sanitized_fields.SanitizedCharField()
info = sanitized_fields.SanitizedTextField()SanitizedCharField and SanitizedTextField may take following arguments to alter cleaning behaviour. Please, refer bleach documentation for their use:
allowed_tags
strip_comments
strip_tags
SanitizedCharField is a extension of Django’s CharField and therefore, it will accept all normal CharField arguments.
SanitizedTextField is a extension of Django’s TextField and therefore, it will accept all normal TextField arguments.
In Views
To manually sanitize data, you can use sanitize_data function. It can be used to sanitize data to be used for bulk update, bulk create, etc.
from input_sanitizer import sanitizers
cleaned_data = sanitizers.sanitize_data(data, bleach_kwargs={})bleach_kwargs arguments are optional and will default to using the bleach defaults. You may pass following arguments to alter cleaned output as per your requirement.
allowed_tags
strip_comments
strip_tags
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
File details
Details for the file input_sanitizer-0.1.9-py3-none-any.whl.
File metadata
- Download URL: input_sanitizer-0.1.9-py3-none-any.whl
- Upload date:
- Size: 3.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8343be983bdab3bf20589951dc0c97ac8095136d3cb9d2bae2d5ca02ba3e41f7 |
|
| MD5 | d7ed569b0fb588aef76a1f6ddfa882d7 |
|
| BLAKE2b-256 | a25f82b3bdad19047dfc4641e10997aa03b6be56b462b82076d839cdbb57eec4 |
