{ "info": { "author": "David Black", "author_email": "dblack@atlassian.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4" ], "description": "# django xss detection\r\nThis package contains a django template parser that can be used to find templates\r\nthat contain variables that will not be escaped. This package currently has\r\nno knowledge of custom filters, custom tags, and python code (e.g. uses of\r\nmark safe). The code has only been tested against django versions >= 1.5 and <= 1.7.\r\n\r\n\r\n## Requirements\r\n\t* django >= 1.5 and < 1.8\r\n\t* lxml\r\n## Usage\r\nThis package can be used on the command line by running\r\n> `python -m django_xss_detection.cli`\r\n\r\n## How does it work?\r\nThe code works by monkey patching django template code and providing through \r\na callback function to VariableNode that ends up referring to the\r\n`CompileStringWrapper.handle_callback` method. The callback function is used\r\nlater when the code `renders` a given template and encounters a variable node\r\nthat will not be escaped. The implementation of detecting unquoted variable nodes \r\nin element attributes and variable nodes in a javascript context lacking \r\njavascript escaping are not implemented through callbacks, see\r\n`get_non_quoted_attr_vars_for_template` and \r\n`get_non_js_escaped_results_for_template` in parse_template.py respectively.\r\n\r\nAdditionally, the code has modified versions of built in conditional tags,\r\nsuch as `{% if %}` and `{% ifequal %}`, so as to `render` all possible template\r\ncode. If this package does not work on your custom template tags then\r\nyou can add support for them similar to how `waffle` template tags are\r\nimplemented (see `templatetags/waffle.py` and the `patch` method in `util.py`).", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://bitbucket.org/atlassian/django_xss_detection", "keywords": "", "license": "BSD", "maintainer": "", "maintainer_email": "", "name": "django-xss-detection", "package_url": "https://pypi.org/project/django-xss-detection/", "platform": "any", "project_url": "https://pypi.org/project/django-xss-detection/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://bitbucket.org/atlassian/django_xss_detection" }, "release_url": "https://pypi.org/project/django-xss-detection/0.4.17/", "requires_dist": null, "requires_python": null, "summary": "This package contains a django template parser that can be used to find templates that contain variables that will not be escaped.", "version": "0.4.17" }, "last_serial": 3771028, "releases": { "0.4.14": [ { "comment_text": "", "digests": { "md5": "23d7ad006ac917652da22d6a39747c05", "sha256": "ff89d41ddff6adc740424852d91233a962add34f002cb6d984356e05b2d41527" }, "downloads": -1, "filename": "django-xss-detection-0.4.14.tar.gz", "has_sig": false, "md5_digest": "23d7ad006ac917652da22d6a39747c05", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11331, "upload_time": "2014-09-12T00:49:30", "url": "https://files.pythonhosted.org/packages/a6/1c/472c088e0b94c2004e1ca31f7c69beaaa54bd8b4b9aaeeda0e3d4a25c374/django-xss-detection-0.4.14.tar.gz" } ], "0.4.15": [ { "comment_text": "", "digests": { "md5": "60678dab96b96aeb7f237d0a6605dd34", "sha256": "73ff84818a48af3d41da1b85320ddaab40de89741360552e27f39ec2fb8d64dc" }, "downloads": -1, "filename": "django-xss-detection-0.4.15.tar.gz", "has_sig": false, "md5_digest": "60678dab96b96aeb7f237d0a6605dd34", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11388, "upload_time": "2014-11-19T02:11:11", "url": "https://files.pythonhosted.org/packages/df/f3/5496a2992cc8bbb4857ab0136967d068f431b9adcf7b10db5df43e57ee2a/django-xss-detection-0.4.15.tar.gz" } ], "0.4.16": [ { "comment_text": "", "digests": { "md5": "ee44b947af5f54d375bcb5b7d6dac317", "sha256": "c2fc61fcf0f5259511efa33267c6cbccc40610b5a8d48affd3e40dcb6cd01d4e" }, "downloads": -1, "filename": "django-xss-detection-0.4.16.tar.gz", "has_sig": false, "md5_digest": "ee44b947af5f54d375bcb5b7d6dac317", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11468, "upload_time": "2014-11-26T03:23:24", "url": "https://files.pythonhosted.org/packages/18/2c/b637b6db2641173a111e8919db6b22275e679ae6239db0cefd886b1999fc/django-xss-detection-0.4.16.tar.gz" } ], "0.4.17": [ { "comment_text": "", "digests": { "md5": "426c80d958bfffc7f0401c1ae61083e8", "sha256": "2405953534fa3e73c22e8d93def5f7c6e37839076b38ef527144aa4f6bf49298" }, "downloads": -1, "filename": "django-xss-detection-0.4.17.tar.gz", "has_sig": false, "md5_digest": "426c80d958bfffc7f0401c1ae61083e8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11538, "upload_time": "2015-05-22T02:55:08", "url": "https://files.pythonhosted.org/packages/95/2d/707b9414f40492800a22fef2f5171c556c87de39f4927781c400d8501dcf/django-xss-detection-0.4.17.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "426c80d958bfffc7f0401c1ae61083e8", "sha256": "2405953534fa3e73c22e8d93def5f7c6e37839076b38ef527144aa4f6bf49298" }, "downloads": -1, "filename": "django-xss-detection-0.4.17.tar.gz", "has_sig": false, "md5_digest": "426c80d958bfffc7f0401c1ae61083e8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11538, "upload_time": "2015-05-22T02:55:08", "url": "https://files.pythonhosted.org/packages/95/2d/707b9414f40492800a22fef2f5171c556c87de39f4927781c400d8501dcf/django-xss-detection-0.4.17.tar.gz" } ] }