0

I'm making a blog app in Django, where the users can write their own blog post.

I have the worry that the User could introduce malicious code in the database while writing a blog post.

For example, by writing javascript code in the blog post body:

alert("malicious code here, ahh!)

So there is any way to process the content of the user by parsing the value of the content, or something like that?

Daniel Diaz
  • 424
  • 6
  • 12
  • This is a very broad subject that can't be fully answered in a Stack Overflow post, but you might start by removing all HTML tags but a few allowed ones using something like [bleach](https://pypi.org/project/bleach/). – Selcuk Jan 13 '21 at 00:46
  • Thanks for the answer!, I'll check for bleach – Daniel Diaz Jan 13 '21 at 01:00
  • take a look at https://docs.djangoproject.com/en/3.1/ref/templates/builtins/#escape – hansTheFranz Jan 13 '21 at 02:09

0 Answers0