I am accepting user input using the Jeditable library for jQuery,
which sends the data as POST parameters "id" and "value". I am reading
these parameters into a django.forms.Form to sanitize it, like so:
class EditInPlaceForm(forms.Form):
id = forms.CharField()
value = forms.CharField()
def editinplace(request):
form = EditInPlaceForm(request.POST)
if form.is_valid():
data = form.cleaned_data
id = data['id']
value = data['value']
c = Component.objects.get(id=id)
c.attribute=value
c.save()
return HttpResponse(value, mimetype="text/plain")
Is this sufficient to guard against injection attacks and their ilk?
Thanks,
Rodrigo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
