我如何防范以下字符串?
"><svg/onload=prompt(document.domain);>
Django的自动景观功能似乎没有帮助它。如果您尝试在其中一个字段中编辑带有该字符串的对象,则会弹出一个。
为评论者添加一些代码:
<form method='post' action='.'>
{{ form.as_ul }}
</form>
class UserForm(forms.ModelForm):
class Meta:
model = models.User
class UserUpdateView(FormView):
template_name = 'update_user.html'
form_class = forms.UserForm
def form_valid(self, form):
m = form.save()
messages.info(self.request, "User has been saved successfully")
return HttpResponseRedirect('/')