In the security chapter of Django Book , he says that I should always use a template tag {% escape %}to protect my site from cross-site scripting.
{% escape %}
Do I really need to put an escape tag on every line of the template? Is there any way to indicate this at the application level?
This version of the Django book was written long before the release of 1.0 and is significantly outdated. All template content has been auto-exploited for quite some time.
django . , autoescape. , , , 1.1.
{% autoescape off %} safe stuff {% endautoscape %}
Source: https://habr.com/ru/post/1790898/More articles:С# захват микрофона - c#Delphi 2010 Search Wrap Around - searchTrying to find a good picture / SQL Server security diagram: logins, roles, etc. - securityWhy are there different versions of Ruby on Rails? - ruby-on-railsChange messages in Drupal 7 - phpЭффективная веб-камера - javaHow to send data and redirect to another page using GWT? - spring-mvchttps://translate.googleusercontent.com/translate_c?depth=1&pto=aue&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1790901/struts-2-encode-input-parameters-to-avoid-xss&usg=ALkJrhivajxuQsthG3HOpkr3oY5aaWuUSQprotect jsp pages againt xss - javaI want git to provide me with a list of files in a folder that has not been edited from a particular version - gitAll Articles