Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

xss-utils

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

xss-utils

Utility functions to prevent possible XSS attack on django/mako templates

  • 0.6.0
  • PyPI
  • Socket score

Maintainers
1

xss-utils

Utilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.

Overview

This repo houses utility functions to protect edx codebase (Python, Javascript and other templating engine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters for django and mako templates. For more information, please read Preventing Cross Site Scripting Vulnerabilities <https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/index.html>_.

Documentation

The full documentation is in the docs directory TODO: Publish to https://xss-utils.readthedocs.org.

License

The code in this repository is licensed under the AGPL 3.0 unless otherwise noted.

Please see LICENSE.txt for details.

How To Contribute

Contributions are very welcome.

Please read How To Contribute <https://github.com/openedx/.github/blob/master/CONTRIBUTING.md>_ for details.

PR description template should be automatically applied if you are sending PR from github interface; otherwise you can find it it at PULL_REQUEST_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/PULL_REQUEST_TEMPLATE.md>_

Issue report template should be automatically applied if you are sending it from github UI as well; otherwise you can find it at ISSUE_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/ISSUE_TEMPLATE.md>_

Reporting Security Issues

Please do not report security issues in public. Please email security@openedx.org.

Getting Help

Have a question about this repository, or about Open edX in general? Please refer to this list of resources_ if you need any assistance.

.. _list of resources: https://open.edx.org/getting-help

.. |pypi-badge| image:: https://img.shields.io/pypi/v/xss-utils.svg :target: https://pypi.python.org/pypi/xss-utils/ :alt: PyPI

.. |ci-badge| image:: https://github.com/openedx/xss-utils/workflows/Python%20CI/badge.svg?branch=master :target: https://github.com/openedx/xss-utils/actions?query=workflow%3A%22Python+CI%22 :alt: CI

.. |codecov-badge| image:: http://codecov.io/github/edx/xss-utils/coverage.svg?branch=master :target: http://codecov.io/github/edx/xss-utils?branch=master :alt: Codecov

.. |doc-badge| image:: https://readthedocs.org/projects/xss-utils/badge/?version=latest :target: http://xss-utils.readthedocs.io/en/latest/ :alt: Documentation

.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/xss-utils.svg :target: https://pypi.python.org/pypi/xss-utils/ :alt: Supported Python versions

.. |license-badge| image:: https://img.shields.io/github/license/edx/xss-utils.svg :target: https://github.com/openedx/xss-utils/blob/master/LICENSE.txt :alt: License

Change Log

.. All enhancements and patches to xss_utils will be documented in this file. It adheres to the structure of http://keepachangelog.com/ , but in reStructuredText instead of Markdown (for ease of incorporation into Sphinx documentation and the PyPI description).

This project adheres to Semantic Versioning (http://semver.org/).

.. There should always be an "Unreleased" section for changes pending release.

Unreleased


[0.6.0] - 2024-04-22
  • Test and declare Python 3.11 and 3.12 compatibility.

[0.5.0] - 2023-08-01


* Switch from ``edx-sphinx-theme`` to ``sphinx-book-theme`` since the former is
  deprecated.  See https://github.com/openedx/edx-sphinx-theme/issues/184 for
  more details.
* Added supportt for Django 4.2

[0.4.0] - 2022-01-20

Added


  • Added Support for Django40

Dropped


  • Dropped Django22, 30, 31 from CI

[0.3.0] - 2021-07-07


Added
_____

* Support for django3.0, 3.1, 3.2

[0.1.0] - 2018-08-17

Added


  • Utilities to enable html escaping, preventing Cross Site Scripting (XSS) attacks in Django templates.

Keywords

FAQs


Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc