Django ERR_BLOCKED_BY_XSS_AUDITOR

时间:2019-03-05 18:38:30

标签: django

我有一个FormView,它使我们的用户可以编辑HTML页面的内容。 

class PrelanderUpdate(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
    model = Prelander
    form_class = PrelanderForm

    template_name = 'generic/form.html'
    success_message = 'Prelander updated successfully.'

    def get_success_url(self):
        return reverse('mediabuying:prelander:list')

这是我的表格:

class PrelanderForm(forms.ModelForm):
    class Meta:
        model = Prelander
        fields = [
            'is_active', 'vertical', 'angle',
            'description', 'static_prefix', 'content'
        ]
        help_texts = {
            'description': '<i>Keep this short:</i> This will be shown in the dropdown',     # noqa
            'content': 'HTML code only.',
            'static_prefix': 'folder name in s3',
        }

    vertical = forms.ChoiceField(choices=Choices.Verticals)

    def clean_content(self):
        data = self.cleaned_data['content']
        if '<meta name="referrer" content="always">' not in data:
            raise forms.ValidationError(
                'Missing <meta name="referrer" content="always">'
            )
        return data

当我编辑预置器的content时,如果预置器没有<meta name="referrer" content="always">并且抛出了验证错误,我会看到此错误:

enter image description here

为什么会这样?为什么只有在引发异常时才会发生这种情况?

(prelander的内容是一个html页面)

0 个答案:

没有答案
相关问题
最新问题