I'm guessing this is going to involve regexp or something, but I'll give it a shot. At the minute, a user can break a website by typing something similar to £$(*£$(£@$&£($ in the title field, which is converted into a slug using Django slugify.
Because none of these characters can be converted, Django returns an error. My question is, what should I put in the form validation method to raise a forms.ValidationError when the user uses a title like this?
Thanks.
This question is half a decade old so in updating my question I should explain that I'm at least nodding to the past where some features might not have existed.
The easiest way to handle slugs in forms these days is to just use django.models.SlugField. It will validate itself for you and imply that this field is an index.
If you're not using this on a model, you can still hook in the same validator that SlugField uses:
from django.core.validators import validate_slug
slug = forms.CharField(..., validators=[validate_slug])
If you just want to do behind-the-scenes checking or write your own validator, you can use a similar technique to pull in Django's definition of a valid slug. It's just the compiled regex that validate_slug above uses:
from django.core.validators import slug_re
if slug_re.match(...):
...
I can't imagine it will change, but by locking yourself to Django's idea of a slug, you'll ensure consistency if Django does change one day.
SLUG_REGEX = re.compile('^[-\w]+$')
