Thanks @GICodeWarrior for taking time commenting on the article. Shamefully, I c... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		elsadek 9 months ago \| parent \| context \| favorite \| on: Paged Out #6 [pdf] Thanks @GICodeWarrior for taking time commenting on the article. Shamefully, I can already imagine a scenario on how the attack could be carried out. Fortunately, the vulnerability can be corrected by introducing escapejs template filter. Big thanks to @gynvael.

GICodeWarrior 9 months ago [–]

Encoding for each scenario can be quite complex unfortunately. Django does have some template filters to help.

I recommend following the documentation carefully, and using a JSON API or other similarly standard mechanism if the documented options are insufficient.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact