subject:"\[Django\] #23502\: Request for an escape_all filter for non alphanumeric chars with ASCII values less than 256"

Re: [Django] #23502: Request for an escape_all filter for non alphanumeric chars with ASCII values less than 256

2014-09-30 Thread Django

#23502: Request for an escape_all filter for non alphanumeric chars with ASCII
values less than 256
-+--
 Reporter:  djbug|Owner:  nobody
 Type:  New feature  |   Status:  closed
Component:  Utilities|  Version:  1.7
 Severity:  Normal   |   Resolution:  wontfix
 Keywords:   | Triage Stage:  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+--
Changes (by timgraham):

 * status:  new => closed
 * needs_better_patch:   => 0
 * resolution:   => wontfix
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 I think it would be better to start this off as a 3rd party package to
 prove there is sufficient interest for its inclusion in core.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/063.cbab0382f4560c0b86b8d35b3d283fcd%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #23502: Request for an escape_all filter for non alphanumeric chars with ASCII values less than 256

2014-09-17 Thread Django

#23502: Request for an escape_all filter for non alphanumeric chars with ASCII
values less than 256
-+
 Reporter:  djbug|  Owner:  nobody
 Type:  New feature  | Status:  new
Component:  Utilities|Version:  1.7
 Severity:  Normal   |   Keywords:
 Triage Stage:  Unreviewed   |  Has patch:  0
Easy pickings:  0|  UI/UX:  0
-+
 If you want to put untrusted data in attributes,
 
[https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_
 .232_-
 _Attribute_Escape_Before_Inserting_Untrusted_Data_into_HTML_Common_Attributes
 OWASP recommends] escaping a lot more characters than what's needed for
 escaping untrusted data in HTML elements:


 > Except for alphanumeric characters, escape all characters with ASCII
 values less than 256 with the

Re: [Django] #23502: Request for an escape_all filter for non alphanumeric chars with ASCII values less than 256

[Django] #23502: Request for an escape_all filter for non alphanumeric chars with ASCII values less than 256

2 matches

Site Navigation

Mail list logo

Footer information