New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

django-secure-input

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

django-secure-input

django-secure-input provides custom form fields to render wysiwyg editor instead of regular textareas. It takes care of cleaning html for you too. With its super secure defaults you do not want to modified it's whitelisting rules.

  • 0.9.3
  • PyPI
  • Socket score

Maintainers
1

secure_input

Let your users input html into your textareas without losing any sleep. django-secure-input sanitizes user's input and allows only some tags to be interpreted as html and escapes the rest. By default,

.. image:: https://secure.travis-ci.org/rochapps/django-secure-input.png?branch=master :alt: Build Status :target: https://secure.travis-ci.org/rochapps/django-secure-input

Requirements/Installing

django-secure-input requires Python 2.6-2.7 or 3.2+. It also requires Django >= 1.4 and bleach.

The easiest way to install django-secure-input is using pip <http://www.pip-installer.org/>_::

pip install django-secure-input

The add it to your install apps::

INSTALLED_APP += ('secure_input')

Fields

Use one of our provided custom form fields in your forms and you are all set.

**SafeCharFieldInput**
    Textarea that allows saving html.

**WYSIWYGField**
    wysiwyg widget

**MiniWYSIWYGField**
    wysiwyg widget (limiited tools)

Defaults settings

The defaults provided by our validation method can be overwritten, to set your own overwrite this on your settings.py file:

**ALLOWED_TAGS**:       Tuple of allowed tags, for example: ('p', 'h2', 'h3').

**ALLOWED_STYLES**:     Tuple of inline style allowable in your html, for
                      example: ('font', 'font-size', 'color').

**ALLOWED_ATTRIBUTES**: A dict of tags -> attributes, for example:
                      {'a': ['href', 'title'], '*': ['class']}

Example

Simplest way to start using our custom fields::

from django import forms
from secure_input.fields import MiniWYSIWYGField

class MySecureForm(forms.ModelForm):
    text = MiniWYSIWYGField()

    class Meta:
        model = MyModel

Template

Make sure to include the following css and js files in the template where you are rendering your form.

In your template {{ form.media.css }}::

and {{form.media.js }}::

Finally, you need to initialize the js plugin::

$("#commentForm").secureInput();

Documentation

Additional documentation on using django-secure-input is available on Read The Docs <http://readthedocs.org/docs/django-secure-input/>_.

Running the Tests

You can run the tests with via::

python setup.py test

or::

python runtests.py

License

django-secure-input is released under the BSD License. See the LICENSE <https://github.com/rochapps/django-secure-input/blob/master/LICENSE>_ file for more details.

Contributing

If you think you've found a bug or are interested in contributing to this project check out django-secure-input on Github <https://github.com/rochapps/django-secure-input>_.

Development sponsored by RochApps, LLC <http://www.rochapps.com/services>_.

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc