{ "info": { "author": "shaowenchen", "author_email": "email@chenshaowen.com", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Topic :: Internet :: WWW/HTTP", "Topic :: Internet :: WWW/HTTP :: Dynamic Content" ], "description": "==================\ndjango-xss-cleaner\n==================\n\ndjango-xss-cleaner \u662f\u4e00\u4e2a\u57fa\u4e8e bleach \u7684 django XSSFilter \u5de5\u5177\uff0c\u5b9e\u73b0\u4e86\u5bf9 GET \u548c POST \u8bf7\u6c42\u53c2\u6570\u7684 XSS \u767d\u540d\u5355\u8fc7\u6ee4\u529f\u80fd\u3002\u5305\u4e2d\u5185\u7f6e\u4e86\u90e8\u5206\u767d\u540d\u5355 HTML \u6807\u7b7e\u3001\u5c5e\u6027\u8bbe\u7f6e\uff0c\u540c\u65f6\u4e5f\u652f\u6301\u81ea\u5b9a\u4e49\u6269\u5c55\u3002\n\n\nsettings.py \u5b89\u88c5\u548c\u914d\u7f6e\u8bf4\u660e\n-----------------------------\n\n1. \u5b89\u88c5\u4e2d\u95f4\u4ef6\n\n \u6dfb\u52a0\u4e2d\u95f4\u4ef6 \"xss_cleaner.middlewares.CleanXssMiddleware\" \u5230 settings \u4e2d\n\n ::\n\n MIDDLEWARE_CLASSES = (\n 'xss_cleaner.middlewares.CleanXssMiddleware',\n ...\n )\n\n \u5efa\u8bae\u5c06 CleanXssMiddleware \u5c3d\u91cf\u7684\u9760\u524d\u653e\u7f6e\uff0c\u6700\u597d\u662f\u7b2c\u4e00\u4e2a\u3002\u8fd9\u662f\u4e3a\u4e86\u4fdd\u8bc1\u540e\u7aef\u83b7\u53d6\u7684\u6570\u636e\u90fd\u901a\u8fc7\u4e86 XSS \u8fc7\u6ee4\uff0c\u907f\u514d XSS \u5411\u91cf\u88ab\u6ce8\u5165\u3002\n\n\n2. [\u53ef\u9009]\u914d\u7f6eClean XSS\u7ea7\u522b\n\n \u9ed8\u8ba4\u914d\u7f6e\u4e3a 'HIGHT'\uff0c\u53ef\u9009\u53c2\u6570\uff1a['LOW', 'HIGH']\n\n ::\n\n XSS_LEVEL = 'HIGH'\n\n \u5982\u679c\u8bbe\u7f6e\u4e3a \u2018HIGHT\u2019 \uff0c\u5141\u8bb8\u7684\u6807\u7b7e\u548c\u5c5e\u6027\u4e3a\n ::\n\n {\n 'tags': ['a', 'img', 'strong', 'p', 'div', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'table', 'ul', 'ol', 'tr', 'th', 'td', 'li'],\n 'attributes': {'a': ['href', 'title', 'target'], 'img': ['width', 'height', 'src']},\n 'styles': [],\n 'strip': False,\n 'strip_comments': False\n }\n\n \u5982\u679c\u8bbe\u7f6e\u4e3a 'LOW' \uff0c\u5141\u8bb8\u7684\u6807\u7b7e\u548c\u5c5e\u6027\u4e3a\n ::\n\n {\n 'tags': ['a', 'img', 'br', 'strong', 'b', 'code', 'pre', 'p', 'div', 'em', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'table', 'ul', 'ol', 'tr', 'th', 'td', 'hr', 'li', 'u'],\n 'attributes': {'a': ['href', 'title', 'target'], 'img': ['width', 'height', 'src', 'alt'],\n '*': ['class', 'style']},\n 'styles': [],\n 'strip': False,\n 'strip_comments': False\n }\n\n \u53c2\u6570\u7684\u542b\u4e49\uff0c\u5728\u4e0b\u9762\u4f1a\u6709\u4ecb\u7ecd\u3002\n\n3. [\u53ef\u9009]\u81ea\u5b9a\u4e49\u65b0\u589e\u767d\u540d\u5355\n\n \u589e\u91cf\u5f0f\u6dfb\u52a0\u65b0\u7684\u6807\u7b7e\u548c\u5c5e\u6027\u5230\u767d\u540d\u5355\u3002\n ::\n\n BLEACH_WHITE_LIST = {\n 'tags': [],\n 'attributes': {},\n 'styles': [],\n 'strip': False,\n 'strip_comments': False\n }\n\n \u53c2\u6570\u8bf4\u660e\uff1a\n\n - tags (list) \u2013 \u5141\u8bb8\u7684\u6807\u7b7e\uff0c\u4e0d\u5728\u767d\u540d\u5355\u7684\u6807\u7b7e\u88ab\u8f6c\u4e49\n - attributes (dict) \u2013 \u5141\u8bb8\u7684\u5c5e\u6027\uff0c\u4e0d\u5728\u767d\u540d\u5355\u7684\u5c5e\u6027\u88ab\u5220\u9664\n - styles (list) \u2013 \u5141\u8bb8\u7684\u6837\u5f0f\uff0c\u4e0d\u5728\u767d\u540d\u5355\u7684\u6837\u5f0f\u88ab\u5220\u9664\n - strip (bool) \u2013 \u662f\u5426\u5254\u9664\u8f6c\u4e49\u540e\u7684\u5b57\u7b26\n - strip_comments (bool) \u2013 \u662f\u5426\u5254\u9664 HTML comments\n\n\n BLEACH_WHITE_LIST \u4e2d\u7684\u6807\u7b7e\u3001\u5c5e\u6027\u3001\u6837\u5f0f\uff0c\u5c06\u4f1a\u4ee5\u589e\u91cf\u7684\u5f62\u5f0f\u589e\u52a0\u5728 Clean XSS \u7ea7\u522b\u5141\u8bb8\u7684\u767d\u540d\u5355\u4e0a\u3002\u5982\u679c\u8bbe\u7f6e\u4e86 strip\u3001strip_comments \uff0c\u5c06\u8986\u76d6\u9ed8\u8ba4\u8bbe\u7f6e\u3002\n\n4. [\u53ef\u9009]\u662f\u5426\u6253\u5370\u6216\u8bb0\u5f55\u8f6c\u4e49\n\n \u4e3a\u4e86\u65b9\u4fbf\u8c03\u8bd5\uff0c\u8bb0\u5f55 XSS Filter \u7684\u4fe1\u606f\uff0c\u63d0\u4f9b\u4e00\u4e2a\u5f00\u5173:\n\n ::\n\n BLEACH_SHOW = True\n\n \u9ed8\u8ba4\u503c\u4e3a True\uff0c\u53ef\u9009\u503c\u4e3a [True \uff0cFalse]\n\n \u5982\u679c\u662f\u672c\u5730\u5f00\u53d1\uff0c\u8f6c\u6362\u65e5\u5fd7\u5c06\u76f4\u63a5 print \u5728 Console\u3002\u5982\u679c\u662f\u7ebf\u4e0a\uff0c\u5c06\u6253\u5370\u4e3a warning \u65e5\u5fd7\u3002\n\n\nxss_cleaner \u8c41\u514d\u88c5\u9970\u5668\n------------------------\n\nxss_cleaner \u5305\u63d0\u4f9b\u4e86\u4e24\u4e2a\u88c5\u9970\u5668\uff0c\u7528\u4e8e\u8c41\u514d XSS Filter \u5904\u7406\u3002\n\n- escape_clean\uff0c\u63d0\u4f9b View \u7ea7\u522b\u7684\u8c41\u514d\u3002\n\n ::\n\n from cleanxss.decorators import escape_clean\n @escape_clean\n def home(request):\n pass\n\n- escape_clean_param\uff0c\u63d0\u4f9b\u53c2\u6570\u7ea7\u522b\u7684\u8c41\u514d\u3002\n\n ::\n\n from cleanxss.decorators import escape_clean_param\n @escape_clean_param('param1', 'param2')\n def home(request):\n pass\n\n\n\n\nxss_cleaner \u5904\u7406\u793a\u4f8b\n-----------------------\n\n\u4e0b\u9762\u4f7f\u7528\u7684\u662f\u9ed8\u8ba4\u914d\u7f6e\uff1a XSS_LEVEL= \u2018HIGH'\n\n\n ::\n\n \u8f6c\u4e49\u975e\u767d\u540d\u5355\u6807\u7b7e\n XSS Clean: Transfer an example To <b><i>an example</i></b>\n\n \u5220\u9664\u975e\u767d\u540d\u5355\u6837\u5f0f\n XSS Clean: Transfer

blah blah blah

To

blah blah blah

\n\n \u5220\u9664\u975e\u767d\u540d\u5355\u5c5e\u6027\n XSS Clean: Transfer \"an To \n\n \u81ea\u52a8\u8865\u5168\uff0c\u89c4\u8303\u5316 HTML\n XSS Clean: Transfer my text; a b b To my text; a b b\n\n\n\u4e0b\u9762\u4f7f\u7528\u7684\u662f\u9ed8\u8ba4\u914d\u7f6e\uff1a XSS_LEVEL= LOW'\n\n ::\n\n \u8f6c\u4e49\u975e\u767d\u540d\u5355\u6807\u7b7e\n XSS Clean: Transfer an example To <i>an example</i>\n\n \u5220\u9664\u975e\u767d\u540d\u5355\u6837\u5f0f\n XSS Clean: Transfer

blah blah blah

To

blah blah blah

\n\n \u5220\u9664\u975e\u767d\u540d\u5355\u5c5e\u6027\n XSS Clean: Transfer \"an To \"an\n\n \u81ea\u52a8\u8865\u5168\uff0c\u89c4\u8303\u5316 HTML\n XSS Clean: Transfer my text; a b b To my text; a b b\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://pypi.org/simple/", "keywords": "xss", "license": "BSD License", "maintainer": "", "maintainer_email": "", "name": "django-xss-cleaner", "package_url": "https://pypi.org/project/django-xss-cleaner/", "platform": "", "project_url": "https://pypi.org/project/django-xss-cleaner/", "project_urls": { "Homepage": "https://pypi.org/simple/" }, "release_url": "https://pypi.org/project/django-xss-cleaner/1.0.1/", "requires_dist": null, "requires_python": "", "summary": "clean xss", "version": "1.0.1" }, "last_serial": 5351635, "releases": { "1.0.1": [ { "comment_text": "", "digests": { "md5": "fd317cead69c369328b1b34023f92f8f", "sha256": "ab6f82cc7f03e5db3934a3cee3c9a39fd1c9ffd983244a61422f5ad37f7d4cac" }, "downloads": -1, "filename": "django-xss-cleaner-1.0.1.tar.gz", "has_sig": false, "md5_digest": "fd317cead69c369328b1b34023f92f8f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6759, "upload_time": "2019-06-03T09:28:20", "url": "https://files.pythonhosted.org/packages/1c/71/2629dbe70a9ad0ed02203949ca65f4a52228d8a48bbcedfd670614e85517/django-xss-cleaner-1.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "fd317cead69c369328b1b34023f92f8f", "sha256": "ab6f82cc7f03e5db3934a3cee3c9a39fd1c9ffd983244a61422f5ad37f7d4cac" }, "downloads": -1, "filename": "django-xss-cleaner-1.0.1.tar.gz", "has_sig": false, "md5_digest": "fd317cead69c369328b1b34023f92f8f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6759, "upload_time": "2019-06-03T09:28:20", "url": "https://files.pythonhosted.org/packages/1c/71/2629dbe70a9ad0ed02203949ca65f4a52228d8a48bbcedfd670614e85517/django-xss-cleaner-1.0.1.tar.gz" } ] }