Utility functions to prevent possible XSS attack on django/mako templates
Project description
Utilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.
Overview
This repo houses utility functions to protect edx codebase (Python, Javascript and other templating engine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters for django and mako templates. For more information, please read the Best Practices Preventing XSS. https://openedx.atlassian.net/wiki/spaces/SEC/pages/99090697/Best+Practices+for+Preventing+XSS
Documentation
The full documentation is in the docs directory TODO: Publish to https://xss-utils.readthedocs.org.
License
The code in this repository is licensed under the AGPL 3.0 unless otherwise noted.
Please see LICENSE.txt for details.
How To Contribute
Contributions are very welcome.
Please read How To Contribute for details.
Even though they were written with edx-platform in mind, the guidelines should be followed for Open edX code in general.
PR description template should be automatically applied if you are sending PR from github interface; otherwise you can find it it at PULL_REQUEST_TEMPLATE.md
Issue report template should be automatically applied if you are sending it from github UI as well; otherwise you can find it at ISSUE_TEMPLATE.md
Reporting Security Issues
Please do not report security issues in public. Please email security@edx.org.
Getting Help
Have a question about this repository, or about Open edX in general? Please refer to this list of resources if you need any assistance.
Change Log
Unreleased
[0.1.0] - 2018-08-17
Added
Utilities to enable html escaping, preventing Cross Site Scripting (XSS) attacks in Django templates.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file xss-utils-0.1.3.tar.gz.
File metadata
- Download URL: xss-utils-0.1.3.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca78d30d545e24265d968860592c52309ed08aec28e1f579cbdefb8e4ca0c6d0
|
|
| MD5 |
89b4b86dfd1bd3080f7ca4b052024191
|
|
| BLAKE2b-256 |
4765c5624ffcfe5c4e3a76cee278b7c3908bfa8bebaf31a714861d403b51592f
|
File details
Details for the file xss_utils-0.1.3-py2.py3-none-any.whl.
File metadata
- Download URL: xss_utils-0.1.3-py2.py3-none-any.whl
- Upload date:
- Size: 17.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.23.0 setuptools/46.1.3 requests-toolbelt/0.9.1 tqdm/4.45.0 CPython/3.5.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
84ec3f45ad18913835551dbdc7b843d81a0e794261b63574f3e76d1ea15a827f
|
|
| MD5 |
d2515c0da02d504de58c8dfd59838863
|
|
| BLAKE2b-256 |
1cc3a83bf812e99fd4a99e253fbac565de99340077b416eabb5ae16719ea296d
|
