Utilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.
This repo houses utility functions to protect edx codebase (Python, Javascript and other templating engine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters for django and mako templates. For more information, please read Preventing Cross Site Scripting Vulnerabilities.
The full documentation is in the docs directory TODO: Publish to https://xss-utils.readthedocs.org.
The code in this repository is licensed under the AGPL 3.0 unless otherwise noted.
Please see LICENSE.txt for details.
Contributions are very welcome.
Please read How To Contribute for details.
PR description template should be automatically applied if you are sending PR from github interface; otherwise you can find it it at PULL_REQUEST_TEMPLATE.md
Issue report template should be automatically applied if you are sending it from github UI as well; otherwise you can find it at ISSUE_TEMPLATE.md
Please do not report security issues in public. Please email [email protected].
Have a question about this repository, or about Open edX in general? Please refer to this list of resources if you need any assistance.