It would be interesting to perhaps extend something like django-lint
to pick up on what could be mistakes in templates.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubs
>
> is this what you're looking for?
>
> http://www.owasp.org/index.php/OWASP_Application_Security_FAQ
>
> Mike
Hi Mike. Well in this case the page would be
http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
but yes that link is a good starting point.
I should c
On Friday, February 18, 2011 06:07:57 am dave b wrote:
> On 19 February 2011 00:57, Shawn Milochik wrote:
> > I also didn't see the part where they state that you shouldn't put your
> > database login information in a template. That's probably because Django
> > is designed to allow Web developer
> Which of course it can't - it is properly escaped.
>
> Cheers
>
> Tom
>
Yes.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
dj
On Fri, Feb 18, 2011 at 1:52 PM, dave b wrote:
> Hi I cannot see where in the django documentation it states that you
> shouldn't do something like this:
> ** (as an example of a potential
> attribute injection vector[0] - where you are not using a URLField or
> failure to call full_clean (on a
On 19 February 2011 01:36, Masklinn wrote:
> On 2011-02-18, at 15:31 , dave b wrote:
>> On 19 February 2011 01:29, Shawn Milochik wrote:
>>> By the way -- I realized what happened. You CC'd me on the e-mail to the
>>> list. So when I replied it went directly to you.
>>
>> Ah sorry about the mix
On 2011-02-18, at 15:31 , dave b wrote:
> On 19 February 2011 01:29, Shawn Milochik wrote:
>> By the way -- I realized what happened. You CC'd me on the e-mail to the
>> list. So when I replied it went directly to you.
>
> Ah sorry about the mix up then!
> Yeah :P
>
> My view on this is that do
Dave, may I ask you to provide some proof of concept code in regards to
this? It'll also make life a lot easier for you when submitting a bug report
to the django devs.
On Fri, Feb 18, 2011 at 2:22 PM, dave b wrote:
> On 19 February 2011 01:19, Shawn Milochik wrote:
> > Don't take my comment as
On 19 February 2011 01:29, Shawn Milochik wrote:
> By the way -- I realized what happened. You CC'd me on the e-mail to the
> list. So when I replied it went directly to you.
Ah sorry about the mix up then!
Yeah :P
My view on this is that documentation can always be improved !
--
You received
On 19 February 2011 01:19, Shawn Milochik wrote:
> Don't take my comment as a personal attack. I was just pointing out that
> injection attacks are one of those things we're all responsible for being
> aware of and not opening ourselves up to.
>
> To the extent that Django protects us from such
On 19 February 2011 00:57, Shawn Milochik wrote:
> I also didn't see the part where they state that you shouldn't put your
> database login information in a template. That's probably because Django is
> designed to allow Web developers to do their jobs more easily, not allow
> people who don't kn
I also didn't see the part where they state that you shouldn't put your
database login information in a template. That's probably because Django
is designed to allow Web developers to do their jobs more easily, not
allow people who don't know what they're doing make Web applications. If
you're
Hi I cannot see where in the django documentation it states that you
shouldn't do something like this:
** (as an example of a potential
attribute injection vector[0] - where you are not using a URLField or
failure to call full_clean (on a URLField) ).
That is I cannot see where django states that
13 matches
Mail list logo
