How to strip html/javascript from text input in django


Question

What is the easiest way to strip all html/javascript from a string?

1
70
5/18/2009 10:53:47 PM

Accepted Answer

If you want to strip tags in the python, you can use:

from django.utils.html import strip_tags

strip_tags(string_value)

EDIT: If you are using strip_tags, than you should update your django. Because security researchers found a way in order to bypass strip_tags . Further information : http://www.mehmetince.net/django-strip_tags-bypass-vulnerability-exploit/

150
3/31/2014 10:02:00 AM

The striptags template filter.

{{ value|striptags }}

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon