![Oracle Drags Its Feet in the JavaScript Trademark Dispute](https://cdn.sanity.io/images/cgdhsj6q/production/919c3b22c24f93884c548d60cbb338e819ff2435-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
django-secure-input provides custom form fields to render wysiwyg editor instead of regular textareas. It takes care of cleaning html for you too. With its super secure defaults you do not want to modified it's whitelisting rules.
Let your users input html into your textareas without losing any sleep. django-secure-input sanitizes user's input and allows only some tags to be interpreted as html and escapes the rest. By default,
.. image:: https://secure.travis-ci.org/rochapps/django-secure-input.png?branch=master :alt: Build Status :target: https://secure.travis-ci.org/rochapps/django-secure-input
django-secure-input requires Python 2.6-2.7 or 3.2+. It also requires Django >= 1.4 and bleach.
The easiest way to install django-secure-input is using pip <http://www.pip-installer.org/>
_::
pip install django-secure-input
The add it to your install apps::
INSTALLED_APP += ('secure_input')
Use one of our provided custom form fields in your forms and you are all set.
**SafeCharFieldInput**
Textarea that allows saving html.
**WYSIWYGField**
wysiwyg widget
**MiniWYSIWYGField**
wysiwyg widget (limiited tools)
The defaults provided by our validation method can be overwritten, to set your own overwrite this on your settings.py file:
**ALLOWED_TAGS**: Tuple of allowed tags, for example: ('p', 'h2', 'h3').
**ALLOWED_STYLES**: Tuple of inline style allowable in your html, for
example: ('font', 'font-size', 'color').
**ALLOWED_ATTRIBUTES**: A dict of tags -> attributes, for example:
{'a': ['href', 'title'], '*': ['class']}
Simplest way to start using our custom fields::
from django import forms
from secure_input.fields import MiniWYSIWYGField
class MySecureForm(forms.ModelForm):
text = MiniWYSIWYGField()
class Meta:
model = MyModel
Make sure to include the following css and js files in the template where you are rendering your form.
In your template {{ form.media.css }}::
and {{form.media.js }}::
Finally, you need to initialize the js plugin::
$("#commentForm").secureInput();
Additional documentation on using django-secure-input is available on
Read The Docs <http://readthedocs.org/docs/django-secure-input/>
_.
You can run the tests with via::
python setup.py test
or::
python runtests.py
django-secure-input is released under the BSD License. See the
LICENSE <https://github.com/rochapps/django-secure-input/blob/master/LICENSE>
_ file for more details.
If you think you've found a bug or are interested in contributing to this project
check out django-secure-input on Github <https://github.com/rochapps/django-secure-input>
_.
Development sponsored by RochApps, LLC <http://www.rochapps.com/services>
_.
FAQs
django-secure-input provides custom form fields to render wysiwyg editor instead of regular textareas. It takes care of cleaning html for you too. With its super secure defaults you do not want to modified it's whitelisting rules.
We found that django-secure-input demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.