class BleachXSSMiddleware(object):
def process_request(self, request):
if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE') and
request.user.is_authenticated():
mutable = request.POST._mutable
request.POST._mutable = True
for k, v in request.POST.items():
if len (request.POST.getlist(k)) > 1:
pass
else:
request.POST[k] = bleach_val(v)
request.POST._mutable = mutable
request.bleach_data = request.POST
I have a middleware as above that cleans request.POST data all over my site
using mozilla bleach which works all through my site.
However I noticed that because DRF clones the request into Request, this
bleaching doesn't get passed into the viewset create and xss happens.
How can I do something similar on the Request that DRF clones?
--
You received this message because you are subscribed to the Google Groups
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-rest-framework/78195bc8-23c8-4b05-8e94-7080c4729e59%40googlegroups.com.
