I first posted this on the Django userslist but got no response, maybe
some on this list knows an answer.
Hi,
I wonder what's the preferred way/best practice for sanitizing user
input. Most fields of my models are not allowed to contain HTML tags or
javascript. I could use the striptags filter inside my templates but I
feel more like sanitizing it before it enters the database, so I can
trust the database. I could use the django.utils.html.strip_tags
function inside the save function of my models, but it seems foolish to
me to add this kind of sanitizing for allmost all of my fields (not
DRY). At the moment I do it like this:
from django.utils.html import strip_tags
fields = ('address', 'city')
for field in fields:
self.__dict__[field] = strip_tags(self.__dict__[field])
Maybe the CharField and TextField could have a strip_tags option?
Kind regards, Rudolph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers
-~----------~----~----~----~------~----~------~--~---
