[{"data":1,"prerenderedAt":9981},["ShallowReactive",2],{"navigation":3,"/security/cross-site-scripting":1016,"/security/cross-site-scripting-surround":9976},[4,54,89,123,165,211,253,331,389,439,462,488,514,540,578,624,650,672,702,736,774,800,850,856,862,868,874,928],{"title":5,"path":6,"stem":7,"children":8},"Introduction and Foundations","/introduction-and-foundations","01.introduction-and-foundations/01.index",[9,10,14,18,22,26,30,34,38,42,46,50],{"title":5,"path":6,"stem":7},{"title":11,"path":12,"stem":13},"What is Django","/introduction-and-foundations/what-is-django","01.introduction-and-foundations/02.what-is-django",{"title":15,"path":16,"stem":17},"Key Concepts and Philosophy","/introduction-and-foundations/key-concepts-and-philosophy","01.introduction-and-foundations/03.key-concepts-and-philosophy",{"title":19,"path":20,"stem":21},"MVC vs MVT: Understanding Django's Architecture","/introduction-and-foundations/mvc-vs-mvt","01.introduction-and-foundations/04.mvc-vs-mvt",{"title":23,"path":24,"stem":25},"Project Structure Overview","/introduction-and-foundations/project-structure-overview","01.introduction-and-foundations/05.project-structure-overview",{"title":27,"path":28,"stem":29},"Installing Django","/introduction-and-foundations/installing-django","01.introduction-and-foundations/06.installing-django",{"title":31,"path":32,"stem":33},"Creating Your First Django Project","/introduction-and-foundations/creating-first-project","01.introduction-and-foundations/07.creating-first-project",{"title":35,"path":36,"stem":37},"Creating Your First Django App","/introduction-and-foundations/creating-first-app","01.introduction-and-foundations/08.creating-first-app",{"title":39,"path":40,"stem":41},"Your First Django \"Hello World\"","/introduction-and-foundations/hello-world","01.introduction-and-foundations/09.hello-world",{"title":43,"path":44,"stem":45},"Django Quick Start Guide","/introduction-and-foundations/quick-start-guide","01.introduction-and-foundations/10.quick-start-guide",{"title":47,"path":48,"stem":49},"How Django Handles Requests","/introduction-and-foundations/how-django-handles-requests","01.introduction-and-foundations/11.how-django-handles-requests",{"title":51,"path":52,"stem":53},"Django Settings","/introduction-and-foundations/django-settings","01.introduction-and-foundations/12.django-settings",{"title":55,"path":56,"stem":57,"children":58},"The Development Environment","/development-environment","02.development-environment/1.index",[59,61,65,69,73,77,81,85],{"title":60,"path":56,"stem":57},"Development Environment",{"title":62,"path":63,"stem":64},"Recommended Tooling for Django Development","/development-environment/recommended-tooling","02.development-environment/2.recommended-tooling",{"title":66,"path":67,"stem":68},"Virtual Environments","/development-environment/virtual-environments","02.development-environment/3.virtual-environments",{"title":70,"path":71,"stem":72},"Django Admin and Management Commands","/development-environment/admin-and-management-commands","02.development-environment/4.admin-and-management-commands",{"title":74,"path":75,"stem":76},"Django Project Settings","/development-environment/project-settings","02.development-environment/5.project-settings",{"title":78,"path":79,"stem":80},"Managing Django Environments: Local, Staging, and Production","/development-environment/environments-local-staging-production","02.development-environment/6.environments-local-staging-production",{"title":82,"path":83,"stem":84},"Running Django Development Server","/development-environment/running-development-server","02.development-environment/7.running-development-server",{"title":86,"path":87,"stem":88},"Working with Django Shell","/development-environment/working-with-shell","02.development-environment/8.working-with-shell",{"title":90,"path":91,"stem":92,"children":93},"Templates and Presentation Layer","/templates-and-presentation","03.templates-and-presentation/1.index",[94,95,99,103,107,111,115,119],{"title":90,"path":91,"stem":92},{"title":96,"path":97,"stem":98},"Introduction to Django Templates","/templates-and-presentation/introduction-to-templates","03.templates-and-presentation/2.introduction-to-templates",{"title":100,"path":101,"stem":102},"The Django Template Language","/templates-and-presentation/django-template-language","03.templates-and-presentation/3.django-template-language",{"title":104,"path":105,"stem":106},"Template Inheritance","/templates-and-presentation/template-inheritance","03.templates-and-presentation/4.template-inheritance",{"title":108,"path":109,"stem":110},"Built-in Template Tags and Filters","/templates-and-presentation/built-in-template-tags-and-filters","03.templates-and-presentation/5.built-in-template-tags-and-filters",{"title":112,"path":113,"stem":114},"Including Static Files","/templates-and-presentation/including-static-files","03.templates-and-presentation/6.including-static-files",{"title":116,"path":117,"stem":118},"Working with Media Files","/templates-and-presentation/working-with-media-files","03.templates-and-presentation/7.working-with-media-files",{"title":120,"path":121,"stem":122},"Using Alternative Template Engines","/templates-and-presentation/using-alternative-template-engines","03.templates-and-presentation/8.using-alternative-template-engines",{"title":124,"path":125,"stem":126,"children":127},"URLs and Views","/urls-and-views","04.urls-and-views/01.index",[128,129,133,137,141,145,149,153,157,161],{"title":124,"path":125,"stem":126},{"title":130,"path":131,"stem":132},"The URL Dispatcher","/urls-and-views/the-url-dispatcher","04.urls-and-views/02.the-url-dispatcher",{"title":134,"path":135,"stem":136},"Writing Function-Based Views","/urls-and-views/writing-function-based-views","04.urls-and-views/03.writing-function-based-views",{"title":138,"path":139,"stem":140},"View Decorators","/urls-and-views/view-decorators","04.urls-and-views/04.view-decorators",{"title":142,"path":143,"stem":144},"Rendering Responses","/urls-and-views/rendering-responses","04.urls-and-views/05.rendering-responses",{"title":146,"path":147,"stem":148},"Redirects","/urls-and-views/redirects","04.urls-and-views/06.redirects",{"title":150,"path":151,"stem":152},"Handling HTTP Methods","/urls-and-views/handling-http-methods","04.urls-and-views/07.handling-http-methods",{"title":154,"path":155,"stem":156},"Conditional View Processing","/urls-and-views/conditional-view-processing","04.urls-and-views/08.conditional-view-processing",{"title":158,"path":159,"stem":160},"File Uploads","/urls-and-views/file-uploads","04.urls-and-views/09.file-uploads",{"title":162,"path":163,"stem":164},"Using Django Shortcut Functions","/urls-and-views/using-django-shortcut-functions","04.urls-and-views/10.using-django-shortcut-functions",{"title":166,"path":167,"stem":168,"children":169},"Class Based Views","/class-based-views","05.class-based-views/01.index",[170,171,175,179,183,187,191,195,199,203,207],{"title":166,"path":167,"stem":168},{"title":172,"path":173,"stem":174},"Introduction to Class-Based Views","/class-based-views/introduction-to-class-based-views","05.class-based-views/02.introduction-to-class-based-views",{"title":176,"path":177,"stem":178},"Common Base Classes","/class-based-views/common-base-classes","05.class-based-views/03.common-base-classes",{"title":180,"path":181,"stem":182},"Built-in Generic Views","/class-based-views/built-in-generic-views","05.class-based-views/04.built-in-generic-views",{"title":184,"path":185,"stem":186},"Views for CRUD Operations","/class-based-views/views-for-crud-operations","05.class-based-views/05.views-for-crud-operations",{"title":188,"path":189,"stem":190},"Handling Forms with Class-Based Views","/class-based-views/handling-forms-with-class-based-views","05.class-based-views/06.handling-forms-with-class-based-views",{"title":192,"path":193,"stem":194},"Using Mixins","/class-based-views/using-mixins","05.class-based-views/07.using-mixins",{"title":196,"path":197,"stem":198},"URL Configuration with Class-Based Views","/class-based-views/url-configuration-with-class-based-views","05.class-based-views/08.url-configuration-with-class-based-views",{"title":200,"path":201,"stem":202},"Subclassing Generic Views","/class-based-views/subclassing-generic-views","05.class-based-views/09.subclassing-generic-views",{"title":204,"path":205,"stem":206},"Asynchronous Class-Based Views","/class-based-views/asynchronous-class-based-views","05.class-based-views/10.asynchronous-class-based-views",{"title":208,"path":209,"stem":210},"Pagination","/class-based-views/pagination","05.class-based-views/11.pagination",{"title":212,"path":213,"stem":214,"children":215},"Forms and User Input","/forms-and-user-input","06.forms-and-user-input/01.index",[216,217,221,225,229,233,237,241,245,249],{"title":212,"path":213,"stem":214},{"title":218,"path":219,"stem":220},"Understanding HTML Forms","/forms-and-user-input/understanding-html-forms","06.forms-and-user-input/02.understanding-html-forms",{"title":222,"path":223,"stem":224},"Django's Role in Form Handling","/forms-and-user-input/djangos-role-in-form-handling","06.forms-and-user-input/03.djangos-role-in-form-handling",{"title":226,"path":227,"stem":228},"Creating Forms with Forms API","/forms-and-user-input/creating-forms-with-forms-api","06.forms-and-user-input/04.creating-forms-with-forms-api",{"title":230,"path":231,"stem":232},"Form Validation","/forms-and-user-input/form-validation","06.forms-and-user-input/05.form-validation",{"title":234,"path":235,"stem":236},"Built-in Fields and Widgets","/forms-and-user-input/built-in-fields-and-widgets","06.forms-and-user-input/06.built-in-fields-and-widgets",{"title":238,"path":239,"stem":240},"Form Rendering in Templates","/forms-and-user-input/form-rendering-in-templates","06.forms-and-user-input/07.form-rendering-in-templates",{"title":242,"path":243,"stem":244},"Model Forms","/forms-and-user-input/model-forms","06.forms-and-user-input/08.model-forms",{"title":246,"path":247,"stem":248},"Advanced Form Techniques","/forms-and-user-input/advanced-form-techniques","06.forms-and-user-input/09.advanced-form-techniques",{"title":250,"path":251,"stem":252},"Security Considerations for Forms","/forms-and-user-input/security-considerations-for-forms","06.forms-and-user-input/10.security-considerations-for-forms",{"title":254,"path":255,"stem":256,"children":257},"Models and Databases","/models-and-databases","07.models-and-databases/01.index",[258,259,263,267,271,275,279,283,287,291,295,299,303,307,311,315,319,323,327],{"title":254,"path":255,"stem":256},{"title":260,"path":261,"stem":262},"Understanding Django Models","/models-and-databases/understanding-django-models","07.models-and-databases/02.understanding-django-models",{"title":264,"path":265,"stem":266},"Defining Fields","/models-and-databases/defining-fields","07.models-and-databases/03.defining-fields",{"title":268,"path":269,"stem":270},"Relationships and Foreign Keys","/models-and-databases/relationships-and-foreign-keys","07.models-and-databases/04.relationships-and-foreign-keys",{"title":272,"path":273,"stem":274},"Examples of Relationship Patterns","/models-and-databases/examples-of-relationship-patterns","07.models-and-databases/05.examples-of-relationship-patterns",{"title":276,"path":277,"stem":278},"Making Queries","/models-and-databases/making-queries","07.models-and-databases/06.making-queries",{"title":280,"path":281,"stem":282},"Filtering, Ordering, and Slicing","/models-and-databases/filtering-ordering-slicing","07.models-and-databases/07.filtering-ordering-slicing",{"title":284,"path":285,"stem":286},"Managers and QuerySets","/models-and-databases/managers-and-querysets","07.models-and-databases/08.managers-and-querysets",{"title":288,"path":289,"stem":290},"Aggregation","/models-and-databases/aggregation","07.models-and-databases/09.aggregation",{"title":292,"path":293,"stem":294},"Search","/models-and-databases/search","07.models-and-databases/10.search",{"title":296,"path":297,"stem":298},"Raw SQL Queries","/models-and-databases/raw-sql-queries","07.models-and-databases/11.raw-sql-queries",{"title":300,"path":301,"stem":302},"Transactions","/models-and-databases/transactions","07.models-and-databases/12.transactions",{"title":304,"path":305,"stem":306},"Multiple Databases","/models-and-databases/multiple-databases","07.models-and-databases/13.multiple-databases",{"title":308,"path":309,"stem":310},"Tablespaces","/models-and-databases/tablespaces","07.models-and-databases/14.tablespaces",{"title":312,"path":313,"stem":314},"Composite Primary Keys","/models-and-databases/composite-primary-keys","07.models-and-databases/15.composite-primary-keys",{"title":316,"path":317,"stem":318},"Database Instrumentation","/models-and-databases/database-instrumentation","07.models-and-databases/16.database-instrumentation",{"title":320,"path":321,"stem":322},"Database Optimization","/models-and-databases/database-optimization","07.models-and-databases/17.database-optimization",{"title":324,"path":325,"stem":326},"Fixtures","/models-and-databases/fixtures","07.models-and-databases/18.fixtures",{"title":328,"path":329,"stem":330},"Signals","/models-and-databases/signals","07.models-and-databases/19.signals",{"title":332,"path":333,"stem":334,"children":335},"Migrations","/migrations","08.migrations/01.index",[336,337,341,345,349,353,357,361,365,369,373,377,381,385],{"title":332,"path":333,"stem":334},{"title":338,"path":339,"stem":340},"How Migrations Work","/migrations/how-migrations-work","08.migrations/02.how-migrations-work",{"title":342,"path":343,"stem":344},"Management Commands","/migrations/management-commands","08.migrations/03.management-commands",{"title":346,"path":347,"stem":348},"Dependencies and Workflow","/migrations/dependencies-and-workflow","08.migrations/04.dependencies-and-workflow",{"title":350,"path":351,"stem":352},"Transaction Handling","/migrations/transaction-handling","08.migrations/05.transaction-handling",{"title":354,"path":355,"stem":356},"Adding Migrations to Apps","/migrations/adding-migrations-to-apps","08.migrations/06.adding-migrations-to-apps",{"title":358,"path":359,"stem":360},"Reversing Migrations","/migrations/reversing-migrations","08.migrations/07.reversing-migrations",{"title":362,"path":363,"stem":364},"Historical Models","/migrations/historical-models","08.migrations/08.historical-models",{"title":366,"path":367,"stem":368},"Considerations When Removing Fields","/migrations/considerations-when-removing-fields","08.migrations/09.considerations-when-removing-fields",{"title":370,"path":371,"stem":372},"Data Migrations","/migrations/data-migrations","08.migrations/10.data-migrations",{"title":374,"path":375,"stem":376},"Squashing Migrations","/migrations/squashing-migrations","08.migrations/11.squashing-migrations",{"title":378,"path":379,"stem":380},"Serializing Values","/migrations/serializing-values","08.migrations/12.serializing-values",{"title":382,"path":383,"stem":384},"Supporting Multiple Django Versions","/migrations/supporting-multiple-django-versions","08.migrations/13.supporting-multiple-django-versions",{"title":386,"path":387,"stem":388},"Django Serialization Framework","/migrations/django-serialization-framework","08.migrations/14.django-serialization-framework",{"title":390,"path":391,"stem":392,"children":393},"Authentication and Authorization","/authentication-and-authorization","09.authentication-and-authorization/01.index",[394,395,399,403,407,411,415,419,423,427,431,435],{"title":390,"path":391,"stem":392},{"title":396,"path":397,"stem":398},"Overview of Django's Authentication System","/authentication-and-authorization/overview-of-django-authentication-system","09.authentication-and-authorization/02.overview-of-django-authentication-system",{"title":400,"path":401,"stem":402},"Users and Groups","/authentication-and-authorization/users-and-groups","09.authentication-and-authorization/03.users-and-groups",{"title":404,"path":405,"stem":406},"Permissions","/authentication-and-authorization/permissions","09.authentication-and-authorization/04.permissions",{"title":408,"path":409,"stem":410},"Password Management","/authentication-and-authorization/password-management","09.authentication-and-authorization/05.password-management",{"title":412,"path":413,"stem":414},"Authentication Views","/authentication-and-authorization/authentication-views","09.authentication-and-authorization/06.authentication-views",{"title":416,"path":417,"stem":418},"Login and Logout","/authentication-and-authorization/login-and-logout","09.authentication-and-authorization/07.login-and-logout",{"title":420,"path":421,"stem":422},"Custom User Models","/authentication-and-authorization/custom-user-models","09.authentication-and-authorization/08.custom-user-models",{"title":424,"path":425,"stem":426},"Middleware for Authentication","/authentication-and-authorization/middleware-for-authentication","09.authentication-and-authorization/09.middleware-for-authentication",{"title":428,"path":429,"stem":430},"Authorization in Views and Templates","/authentication-and-authorization/authorization-in-views-and-templates","09.authentication-and-authorization/10.authorization-in-views-and-templates",{"title":432,"path":433,"stem":434},"Integrating Social Authentication","/authentication-and-authorization/integrating-social-authentication","09.authentication-and-authorization/11.integrating-social-authentication",{"title":436,"path":437,"stem":438},"Security Best Practices","/authentication-and-authorization/security-best-practices","09.authentication-and-authorization/12.security-best-practices",{"title":440,"path":441,"stem":442,"children":443},"Sessions, Cookies, and State","/sessions-cookies-state","10.sessions-cookies-state/01.index",[444,446,450,454,458],{"title":445,"path":441,"stem":442},"Sessions, Cookies, and State Management",{"title":447,"path":448,"stem":449},"Introduction to Sessions","/sessions-cookies-state/introduction-to-sessions","10.sessions-cookies-state/02.introduction-to-sessions",{"title":451,"path":452,"stem":453},"Working with Cookies","/sessions-cookies-state/working-with-cookies","10.sessions-cookies-state/03.working-with-cookies",{"title":455,"path":456,"stem":457},"Server-Side Session Storage Options","/sessions-cookies-state/server-side-session-storage-options","10.sessions-cookies-state/04.server-side-session-storage-options",{"title":459,"path":460,"stem":461},"Session Security","/sessions-cookies-state/session-security","10.sessions-cookies-state/05.session-security",{"title":463,"path":464,"stem":465,"children":466},"Working with Files","/working-with-files","11.working-with-files/01.index",[467,468,472,476,480,484],{"title":463,"path":464,"stem":465},{"title":469,"path":470,"stem":471},"Files in Models","/working-with-files/files-in-models","11.working-with-files/02.files-in-models",{"title":473,"path":474,"stem":475},"The File Object","/working-with-files/the-file-object","11.working-with-files/03.the-file-object",{"title":477,"path":478,"stem":479},"Storage Backends","/working-with-files/storage-backends","11.working-with-files/04.storage-backends",{"title":481,"path":482,"stem":483},"Using Cloud Storage Providers","/working-with-files/using-cloud-storage-providers","11.working-with-files/05.using-cloud-storage-providers",{"title":485,"path":486,"stem":487},"Managing Media in Production","/working-with-files/managing-media-in-production","11.working-with-files/06.managing-media-in-production",{"title":489,"path":490,"stem":491,"children":492},"Admin Site","/admin-site","12.admin-site/01.index",[493,494,498,502,506,510],{"title":489,"path":490,"stem":491},{"title":495,"path":496,"stem":497},"Enabling the Admin","/admin-site/enabling-the-admin","12.admin-site/02.enabling-the-admin",{"title":499,"path":500,"stem":501},"Registering Models","/admin-site/registering-models","12.admin-site/03.registering-models",{"title":503,"path":504,"stem":505},"Customizing Admin Display","/admin-site/customizing-admin-display","12.admin-site/04.customizing-admin-display",{"title":507,"path":508,"stem":509},"Admin Actions","/admin-site/admin-actions","12.admin-site/05.admin-actions",{"title":511,"path":512,"stem":513},"Admin Security Best Practices","/admin-site/admin-security-best-practices","12.admin-site/06.admin-security-best-practices",{"title":515,"path":516,"stem":517,"children":518},"Middleware","/middleware","13.middleware/01.index",[519,520,524,528,532,536],{"title":515,"path":516,"stem":517},{"title":521,"path":522,"stem":523},"Middleware Overview","/middleware/middleware-overview","13.middleware/02.middleware-overview",{"title":525,"path":526,"stem":527},"Built-in Middleware","/middleware/built-in-middleware","13.middleware/03.built-in-middleware",{"title":529,"path":530,"stem":531},"Creating Custom Middleware","/middleware/creating-custom-middleware","13.middleware/04.creating-custom-middleware",{"title":533,"path":534,"stem":535},"Middleware Ordering","/middleware/middleware-ordering","13.middleware/05.middleware-ordering",{"title":537,"path":538,"stem":539},"Performance and Debugging","/middleware/performance-and-debugging","13.middleware/06.performance-and-debugging",{"title":541,"path":542,"stem":543,"children":544},"Security","/security","14.security/01.index",[545,546,550,554,558,562,566,570,574],{"title":541,"path":542,"stem":543},{"title":547,"path":548,"stem":549},"Django Security Philosophy","/security/django-security-philosophy","14.security/02.django-security-philosophy",{"title":551,"path":552,"stem":553},"Cross Site Request Forgery","/security/cross-site-request-forgery","14.security/03.cross-site-request-forgery",{"title":555,"path":556,"stem":557},"Cross Site Scripting","/security/cross-site-scripting","14.security/04.cross-site-scripting",{"title":559,"path":560,"stem":561},"SQL Injection Protection","/security/sql-injection-protection","14.security/05.sql-injection-protection",{"title":563,"path":564,"stem":565},"Clickjacking Protection","/security/clickjacking-protection","14.security/06.clickjacking-protection",{"title":567,"path":568,"stem":569},"HTTPS Setup and HSTS","/security/https-setup-and-hsts","14.security/07.https-setup-and-hsts",{"title":571,"path":572,"stem":573},"Password Storage and Cryptography","/security/password-storage-and-cryptography","14.security/08.password-storage-and-cryptography",{"title":575,"path":576,"stem":577},"Secure Deployment Checklist","/security/secure-deployment-checklist","14.security/09.secure-deployment-checklist",{"title":579,"path":580,"stem":581,"children":582},"Testing","/testing","15.testing/01.index",[583,584,588,592,596,600,604,608,612,616,620],{"title":579,"path":580,"stem":581},{"title":585,"path":586,"stem":587},"Introduction to Django Testing","/testing/introduction-to-django-testing","15.testing/02.introduction-to-django-testing",{"title":589,"path":590,"stem":591},"Writing and Running Tests","/testing/writing-and-running-tests","15.testing/03.writing-and-running-tests",{"title":593,"path":594,"stem":595},"Test Tools","/testing/test-tools","15.testing/04.test-tools",{"title":597,"path":598,"stem":599},"Testing Models","/testing/testing-models","15.testing/05.testing-models",{"title":601,"path":602,"stem":603},"Testing Views","/testing/testing-views","15.testing/06.testing-views",{"title":605,"path":606,"stem":607},"Testing Forms","/testing/testing-forms","15.testing/07.testing-forms",{"title":609,"path":610,"stem":611},"Testing Templates","/testing/testing-templates","15.testing/08.testing-templates",{"title":613,"path":614,"stem":615},"Testing Authentication","/testing/testing-authentication","15.testing/09.testing-authentication",{"title":617,"path":618,"stem":619},"Advanced Testing Topics","/testing/advanced-testing-topics","15.testing/10.advanced-testing-topics",{"title":621,"path":622,"stem":623},"Performance Testing","/testing/performance-testing","15.testing/11.performance-testing",{"title":625,"path":626,"stem":627,"children":628},"Static Assets and Frontend Integration","/static-assets-and-frontend-integration","16.static-assets-and-frontend-integration/01.index",[629,630,634,638,642,646],{"title":625,"path":626,"stem":627},{"title":631,"path":632,"stem":633},"Working with Static Files","/static-assets-and-frontend-integration/working-with-static-files","16.static-assets-and-frontend-integration/02.working-with-static-files",{"title":635,"path":636,"stem":637},"Integrating CSS and JavaScript","/static-assets-and-frontend-integration/integrating-css-and-javascript","16.static-assets-and-frontend-integration/03.integrating-css-and-javascript",{"title":639,"path":640,"stem":641},"Using Build Tools like Vite or Webpack","/static-assets-and-frontend-integration/using-build-tools-like-vite-or-webpack","16.static-assets-and-frontend-integration/04.using-build-tools-like-vite-or-webpack",{"title":643,"path":644,"stem":645},"Using React or Vue with Django","/static-assets-and-frontend-integration/using-react-or-vue-with-django","16.static-assets-and-frontend-integration/05.using-react-or-vue-with-django",{"title":647,"path":648,"stem":649},"Managing CORS","/static-assets-and-frontend-integration/managing-cors","16.static-assets-and-frontend-integration/06.managing-cors",{"title":651,"path":652,"stem":653,"children":654},"Internationalization and Localization","/internationalization-and-localization","17.internationalization-and-localization/01.index",[655,656,660,664,668],{"title":651,"path":652,"stem":653},{"title":657,"path":658,"stem":659},"Enabling Translation","/internationalization-and-localization/enabling-translation","17.internationalization-and-localization/02.enabling-translation",{"title":661,"path":662,"stem":663},"Translating Text in Code and Templates","/internationalization-and-localization/translating-text-in-code-and-templates","17.internationalization-and-localization/03.translating-text-in-code-and-templates",{"title":665,"path":666,"stem":667},"Timezone Support","/internationalization-and-localization/timezone-support","17.internationalization-and-localization/04.timezone-support",{"title":669,"path":670,"stem":671},"Locale Middleware","/internationalization-and-localization/locale-middleware","17.internationalization-and-localization/05.locale-middleware",{"title":673,"path":674,"stem":675,"children":676},"Caching","/caching","18.caching/01.index",[677,678,682,686,690,694,698],{"title":673,"path":674,"stem":675},{"title":679,"path":680,"stem":681},"Introduction to Caching","/caching/introduction-to-caching","18.caching/02.introduction-to-caching",{"title":683,"path":684,"stem":685},"Cache Backends","/caching/cache-backends","18.caching/03.cache-backends",{"title":687,"path":688,"stem":689},"Per View Caching","/caching/per-view-caching","18.caching/04.per-view-caching",{"title":691,"path":692,"stem":693},"Low Level Cache API","/caching/low-level-cache-api","18.caching/05.low-level-cache-api",{"title":695,"path":696,"stem":697},"Template Fragment Caching","/caching/template-fragment-caching","18.caching/06.template-fragment-caching",{"title":699,"path":700,"stem":701},"Deployment Level Caching Patterns","/caching/deployment-level-caching-patterns","18.caching/07.deployment-level-caching-patterns",{"title":703,"path":704,"stem":705,"children":706},"Asynchronous Django","/asynchronous-django","19.asynchronous-django/01.index",[707,708,712,716,720,724,728,732],{"title":703,"path":704,"stem":705},{"title":709,"path":710,"stem":711},"Introduction to ASGI","/asynchronous-django/introduction-to-asgi","19.asynchronous-django/02.introduction-to-asgi",{"title":713,"path":714,"stem":715},"Async Views","/asynchronous-django/async-views","19.asynchronous-django/03.async-views",{"title":717,"path":718,"stem":719},"Async ORM Status","/asynchronous-django/async-orm-status","19.asynchronous-django/04.async-orm-status",{"title":721,"path":722,"stem":723},"WebSockets with Channels","/asynchronous-django/websockets-with-channels","19.asynchronous-django/05.websockets-with-channels",{"title":725,"path":726,"stem":727},"Background Tasks with Celery or RQ","/asynchronous-django/background-tasks-with-celery-or-rq","19.asynchronous-django/06.background-tasks-with-celery-or-rq",{"title":729,"path":730,"stem":731},"Asynchronous Support","/asynchronous-django/asynchronous-support","19.asynchronous-django/07.asynchronous-support",{"title":733,"path":734,"stem":735},"Django's Tasks Framework","/asynchronous-django/django-tasks-framework","19.asynchronous-django/08.django-tasks-framework",{"title":737,"path":738,"stem":739,"children":740},"Deployment","/deployment","20.deployment/01.index",[741,742,746,750,754,758,762,766,770],{"title":737,"path":738,"stem":739},{"title":743,"path":744,"stem":745},"Preparing for Production","/deployment/preparing-for-production","20.deployment/02.preparing-for-production",{"title":747,"path":748,"stem":749},"Using WSGI and ASGI Servers","/deployment/using-wsgi-and-asgi-servers","20.deployment/03.using-wsgi-and-asgi-servers",{"title":751,"path":752,"stem":753},"Deploying on Linux Servers","/deployment/deploying-on-linux-servers","20.deployment/04.deploying-on-linux-servers",{"title":755,"path":756,"stem":757},"Using Docker","/deployment/using-docker","20.deployment/05.using-docker",{"title":759,"path":760,"stem":761},"Cloud Deployment Guides","/deployment/cloud-deployment-guides","20.deployment/06.cloud-deployment-guides",{"title":763,"path":764,"stem":765},"Scaling and Load Balancing","/deployment/scaling-and-load-balancing","20.deployment/07.scaling-and-load-balancing",{"title":767,"path":768,"stem":769},"Monitoring and Logging","/deployment/monitoring-and-logging","20.deployment/08.monitoring-and-logging",{"title":771,"path":772,"stem":773},"Backup Strategies","/deployment/backup-strategies","20.deployment/09.backup-strategies",{"title":775,"path":776,"stem":777,"children":778},"Performance and Optimization","/performance-and-optimization","21.performance-and-optimization/01.index",[779,780,784,788,792,796],{"title":775,"path":776,"stem":777},{"title":781,"path":782,"stem":783},"Query Optimization","/performance-and-optimization/query-optimization","21.performance-and-optimization/02.query-optimization",{"title":785,"path":786,"stem":787},"Template Rendering Optimization","/performance-and-optimization/template-rendering-optimization","21.performance-and-optimization/03.template-rendering-optimization",{"title":789,"path":790,"stem":791},"Using Select Related and Prefetch Related","/performance-and-optimization/using-select-related-and-prefetch-related","21.performance-and-optimization/04.using-select-related-and-prefetch-related",{"title":793,"path":794,"stem":795},"Caching Strategies","/performance-and-optimization/caching-strategies","21.performance-and-optimization/05.caching-strategies",{"title":797,"path":798,"stem":799},"Profiling Django Apps","/performance-and-optimization/profiling-django-apps","21.performance-and-optimization/06.profiling-django-apps",{"title":801,"path":802,"stem":803,"children":804},"Advanced and Expert Topics","/advanced-and-expert-topics","22.advanced-and-expert-topics/01.index",[805,806,810,814,818,822,826,830,834,838,842,846],{"title":801,"path":802,"stem":803},{"title":807,"path":808,"stem":809},"System Architecture Patterns","/advanced-and-expert-topics/system-architecture-patterns","22.advanced-and-expert-topics/02.system-architecture-patterns",{"title":811,"path":812,"stem":813},"Domain Driven Design with Django","/advanced-and-expert-topics/domain-driven-design-with-django","22.advanced-and-expert-topics/03.domain-driven-design-with-django",{"title":815,"path":816,"stem":817},"Building Large Scale Django Projects","/advanced-and-expert-topics/building-large-scale-django-projects","22.advanced-and-expert-topics/04.building-large-scale-django-projects",{"title":819,"path":820,"stem":821},"Plugin Architectures for Django Apps","/advanced-and-expert-topics/plugin-architectures-for-django-apps","22.advanced-and-expert-topics/05.plugin-architectures-for-django-apps",{"title":823,"path":824,"stem":825},"Extending Django's Core","/advanced-and-expert-topics/extending-djangos-core","22.advanced-and-expert-topics/06.extending-djangos-core",{"title":827,"path":828,"stem":829},"Custom ORM Expressions","/advanced-and-expert-topics/custom-orm-expressions","22.advanced-and-expert-topics/07.custom-orm-expressions",{"title":831,"path":832,"stem":833},"Custom Management Commands","/advanced-and-expert-topics/custom-management-commands","22.advanced-and-expert-topics/08.custom-management-commands",{"title":835,"path":836,"stem":837},"Working with Signals","/advanced-and-expert-topics/working-with-signals","22.advanced-and-expert-topics/09.working-with-signals",{"title":839,"path":840,"stem":841},"Building Reusable Django Packages","/advanced-and-expert-topics/building-reusable-django-packages","22.advanced-and-expert-topics/10.building-reusable-django-packages",{"title":843,"path":844,"stem":845},"Integrating Microservices","/advanced-and-expert-topics/integrating-microservices","22.advanced-and-expert-topics/11.integrating-microservices",{"title":847,"path":848,"stem":849},"Advanced Security Hardening","/advanced-and-expert-topics/advanced-security-hardening","22.advanced-and-expert-topics/12.advanced-security-hardening",{"title":851,"path":852,"stem":853,"children":854},"Logging in Django","/logging-in-django","23.logging-in-django/01.index",[855],{"title":851,"path":852,"stem":853},{"title":857,"path":858,"stem":859,"children":860},"FAQ and Troubleshooting","/faq-and-troubleshooting","24.faq-and-troubleshooting/01.index",[861],{"title":857,"path":858,"stem":859},{"title":863,"path":864,"stem":865,"children":866},"External Packages and Ecosystem","/external-packages-and-ecosystem","25.external-packages-and-ecosystem/01.index",[867],{"title":863,"path":864,"stem":865},{"title":869,"path":870,"stem":871,"children":872},"Django Internals and Contributing","/django-internals-and-contributing","26.django-internals-and-contributing/01.index",[873],{"title":869,"path":870,"stem":871},{"title":875,"path":876,"stem":877,"children":878},"Microservices with Django","/microservices-with-django","27.microservices-with-django/01.index",[879,880,884,888,892,896,900,904,908,912,916,920,924],{"title":875,"path":876,"stem":877},{"title":881,"path":882,"stem":883},"What Is a Microservice?","/microservices-with-django/what-is-a-microservice","27.microservices-with-django/02.what-is-a-microservice",{"title":885,"path":886,"stem":887},"Introducing the Django Microservices Architecture","/microservices-with-django/django-microservices-architecture","27.microservices-with-django/03.django-microservices-architecture",{"title":889,"path":890,"stem":891},"Setting Up the Development and Runtime Environment","/microservices-with-django/development-environment","27.microservices-with-django/04.development-environment",{"title":893,"path":894,"stem":895},"Cloud-native Data Processing with MongoDB","/microservices-with-django/cloud-native-data-processing","27.microservices-with-django/05.cloud-native-data-processing",{"title":897,"path":898,"stem":899},"Creating RESTful APIs for Microservices","/microservices-with-django/restful-apis","27.microservices-with-django/06.restful-apis",{"title":901,"path":902,"stem":903},"Orchestrating Microservices with Celery and RabbitMQ","/microservices-with-django/orchestrating-celery-rabbitmq","27.microservices-with-django/07.orchestrating-celery-rabbitmq",{"title":905,"path":906,"stem":907},"Testing Microservices","/microservices-with-django/testing-microservices","27.microservices-with-django/08.testing-microservices",{"title":909,"path":910,"stem":911},"Deploying Microservices","/microservices-with-django/deploying-microservices","27.microservices-with-django/09.deploying-microservices",{"title":913,"path":914,"stem":915},"Securing Microservices","/microservices-with-django/securing-microservices","27.microservices-with-django/10.securing-microservices",{"title":917,"path":918,"stem":919},"Improving Microservices Performance with Caching","/microservices-with-django/performance-caching","27.microservices-with-django/11.performance-caching",{"title":921,"path":922,"stem":923},"Best Practices","/microservices-with-django/best-practices","27.microservices-with-django/12.best-practices",{"title":925,"path":926,"stem":927},"Transforming a Monolithic Web App into a Microservice version","/microservices-with-django/monolith-to-microservices","27.microservices-with-django/13.monolith-to-microservices",{"title":929,"path":930,"stem":931,"children":932},"Releases","/releases","releases",[933,936,940,944,948,952,956,960,964,968,972,976,980,984,988,992,996,1000,1004,1008,1012],{"title":934,"path":930,"stem":935},"Django Releases","releases/index",{"title":937,"path":938,"stem":939},"Django 5.1.10 release notes","/releases/5.1.10","releases/5.1.10",{"title":941,"path":942,"stem":943},"Django 5.1.11 release notes","/releases/5.1.11","releases/5.1.11",{"title":945,"path":946,"stem":947},"Django 5.1.12 release notes","/releases/5.1.12","releases/5.1.12",{"title":949,"path":950,"stem":951},"Django 5.1.13 release notes","/releases/5.1.13","releases/5.1.13",{"title":953,"path":954,"stem":955},"Django 5.1.14 release notes","/releases/5.1.14","releases/5.1.14",{"title":957,"path":958,"stem":959},"Django 5.1.15 release notes","/releases/5.1.15","releases/5.1.15",{"title":961,"path":962,"stem":963},"Django 5.2 release notes","/releases/5.2","releases/5.2",{"title":965,"path":966,"stem":967},"Django 5.2.1 release notes","/releases/5.2.1","releases/5.2.1",{"title":969,"path":970,"stem":971},"Django 5.2.10 release notes","/releases/5.2.10","releases/5.2.10",{"title":973,"path":974,"stem":975},"Django 5.2.2 release notes","/releases/5.2.2","releases/5.2.2",{"title":977,"path":978,"stem":979},"Django 5.2.3 release notes","/releases/5.2.3","releases/5.2.3",{"title":981,"path":982,"stem":983},"Django 5.2.4 release notes","/releases/5.2.4","releases/5.2.4",{"title":985,"path":986,"stem":987},"Django 5.2.5 release notes","/releases/5.2.5","releases/5.2.5",{"title":989,"path":990,"stem":991},"Django 5.2.6 release notes","/releases/5.2.6","releases/5.2.6",{"title":993,"path":994,"stem":995},"Django 5.2.7 release notes","/releases/5.2.7","releases/5.2.7",{"title":997,"path":998,"stem":999},"Django 5.2.8 release notes","/releases/5.2.8","releases/5.2.8",{"title":1001,"path":1002,"stem":1003},"Django 5.2.9 release notes","/releases/5.2.9","releases/5.2.9",{"title":1005,"path":1006,"stem":1007},"Django 6.0 release notes","/releases/6.0","releases/6.0",{"title":1009,"path":1010,"stem":1011},"Django 6.0.1 release notes","/releases/6.0.1","releases/6.0.1",{"title":1013,"path":1014,"stem":1015},"Django 6.1 release notes - UNDER DEVELOPMENT","/releases/6.1","releases/6.1",{"id":1017,"title":555,"body":1018,"description":1028,"extension":9971,"links":9972,"meta":9973,"navigation":1069,"path":556,"seo":9974,"stem":557,"__hash__":9975},"docs/14.security/04.cross-site-scripting.md",{"type":1019,"value":1020,"toc":9933},"minimark",[1021,1025,1029,1034,1039,1274,1278,1667,1671,1675,1678,1820,1824,2024,2028,2397,2401,2405,2547,2787,2791,4006,4010,4148,4152,4156,5245,5249,6121,6125,6129,6918,6922,7192,7196,7200,8195,8199,8854,8858,8862,9840,9844,9848,9869,9873,9887,9891,9905,9909,9923,9927,9930],[1022,1023,555],"h1",{"id":1024},"cross-site-scripting",[1026,1027,1028],"p",{},"Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Django provides robust protection against XSS attacks through automatic template escaping and security best practices.",[1030,1031,1033],"h2",{"id":1032},"understanding-xss-attacks","Understanding XSS Attacks",[1035,1036,1038],"h3",{"id":1037},"types-of-xss-attacks","Types of XSS Attacks",[1040,1041,1046],"pre",{"className":1042,"code":1043,"language":1044,"meta":1045,"style":1045},"language-html shiki shiki-themes material-theme-lighter vitesse-light vitesse-dark","\u003C!-- 1. Reflected XSS - Script in URL parameters -->\n\u003C!-- Malicious URL: https://example.com/search?q=\u003Cscript>alert('XSS')\u003C/script> -->\n\n\u003C!-- Vulnerable template (DON'T DO THIS) -->\n\u003Ch1>Search results for: {{ request.GET.q|safe }}\u003C/h1>\n\n\u003C!-- 2. Stored XSS - Script stored in database -->\n\u003C!-- Malicious comment stored in database -->\n\u003Cdiv class=\"comment\">\n    \u003C!-- If user input contains: \u003Cscript>steal_cookies()\u003C/script> -->\n    {{ comment.content|safe }}  \u003C!-- DANGEROUS! -->\n\u003C/div>\n\n\u003C!-- 3. DOM-based XSS - Client-side script manipulation -->\n\u003Cscript>\n    // Vulnerable JavaScript code\n    var userInput = \"{{ user_input|safe }}\";  // DANGEROUS!\n    document.getElementById('output').innerHTML = userInput;\n\u003C/script>\n","html","",[1047,1048,1049,1058,1064,1071,1077,1102,1107,1113,1119,1146,1152,1161,1170,1175,1181,1191,1197,1225,1265],"code",{"__ignoreMap":1045},[1050,1051,1054],"span",{"class":1052,"line":1053},"line",1,[1050,1055,1057],{"class":1056},"s9Tkl","\u003C!-- 1. Reflected XSS - Script in URL parameters -->\n",[1050,1059,1061],{"class":1052,"line":1060},2,[1050,1062,1063],{"class":1056},"\u003C!-- Malicious URL: https://example.com/search?q=\u003Cscript>alert('XSS')\u003C/script> -->\n",[1050,1065,1067],{"class":1052,"line":1066},3,[1050,1068,1070],{"emptyLinePlaceholder":1069},true,"\n",[1050,1072,1074],{"class":1052,"line":1073},4,[1050,1075,1076],{"class":1056},"\u003C!-- Vulnerable template (DON'T DO THIS) -->\n",[1050,1078,1080,1084,1087,1090,1094,1097,1099],{"class":1052,"line":1079},5,[1050,1081,1083],{"class":1082},"soVBu","\u003C",[1050,1085,1022],{"class":1086},"sJFLg",[1050,1088,1089],{"class":1082},">",[1050,1091,1093],{"class":1092},"sftqT","Search results for: {{ request.GET.q|safe }}",[1050,1095,1096],{"class":1082},"\u003C/",[1050,1098,1022],{"class":1086},[1050,1100,1101],{"class":1082},">\n",[1050,1103,1105],{"class":1052,"line":1104},6,[1050,1106,1070],{"emptyLinePlaceholder":1069},[1050,1108,1110],{"class":1052,"line":1109},7,[1050,1111,1112],{"class":1056},"\u003C!-- 2. Stored XSS - Script stored in database -->\n",[1050,1114,1116],{"class":1052,"line":1115},8,[1050,1117,1118],{"class":1056},"\u003C!-- Malicious comment stored in database -->\n",[1050,1120,1122,1124,1127,1131,1134,1138,1142,1144],{"class":1052,"line":1121},9,[1050,1123,1083],{"class":1082},[1050,1125,1126],{"class":1086},"div",[1050,1128,1130],{"class":1129},"s5q8q"," class",[1050,1132,1133],{"class":1082},"=",[1050,1135,1137],{"class":1136},"sbYkP","\"",[1050,1139,1141],{"class":1140},"sTbE_","comment",[1050,1143,1137],{"class":1136},[1050,1145,1101],{"class":1082},[1050,1147,1149],{"class":1052,"line":1148},10,[1050,1150,1151],{"class":1056},"    \u003C!-- If user input contains: \u003Cscript>steal_cookies()\u003C/script> -->\n",[1050,1153,1155,1158],{"class":1052,"line":1154},11,[1050,1156,1157],{"class":1092},"    {{ comment.content|safe }}  ",[1050,1159,1160],{"class":1056},"\u003C!-- DANGEROUS! -->\n",[1050,1162,1164,1166,1168],{"class":1052,"line":1163},12,[1050,1165,1096],{"class":1082},[1050,1167,1126],{"class":1086},[1050,1169,1101],{"class":1082},[1050,1171,1173],{"class":1052,"line":1172},13,[1050,1174,1070],{"emptyLinePlaceholder":1069},[1050,1176,1178],{"class":1052,"line":1177},14,[1050,1179,1180],{"class":1056},"\u003C!-- 3. DOM-based XSS - Client-side script manipulation -->\n",[1050,1182,1184,1186,1189],{"class":1052,"line":1183},15,[1050,1185,1083],{"class":1082},[1050,1187,1188],{"class":1086},"script",[1050,1190,1101],{"class":1082},[1050,1192,1194],{"class":1052,"line":1193},16,[1050,1195,1196],{"class":1056},"    // Vulnerable JavaScript code\n",[1050,1198,1200,1204,1208,1211,1214,1217,1219,1222],{"class":1052,"line":1199},17,[1050,1201,1203],{"class":1202},"s5Kfy","    var",[1050,1205,1207],{"class":1206},"sSC40"," userInput",[1050,1209,1210],{"class":1082}," =",[1050,1212,1213],{"class":1136}," \"",[1050,1215,1216],{"class":1140},"{{ user_input|safe }}",[1050,1218,1137],{"class":1136},[1050,1220,1221],{"class":1082},";",[1050,1223,1224],{"class":1056},"  // DANGEROUS!\n",[1050,1226,1228,1231,1234,1238,1242,1245,1248,1250,1253,1255,1258,1260,1262],{"class":1052,"line":1227},18,[1050,1229,1230],{"class":1206},"    document",[1050,1232,1233],{"class":1082},".",[1050,1235,1237],{"class":1236},"sljsM","getElementById",[1050,1239,1241],{"class":1240},"snCua","(",[1050,1243,1244],{"class":1136},"'",[1050,1246,1247],{"class":1140},"output",[1050,1249,1244],{"class":1136},[1050,1251,1252],{"class":1240},")",[1050,1254,1233],{"class":1082},[1050,1256,1257],{"class":1206},"innerHTML",[1050,1259,1210],{"class":1082},[1050,1261,1207],{"class":1206},[1050,1263,1264],{"class":1082},";\n",[1050,1266,1268,1270,1272],{"class":1052,"line":1267},19,[1050,1269,1096],{"class":1082},[1050,1271,1188],{"class":1086},[1050,1273,1101],{"class":1082},[1035,1275,1277],{"id":1276},"xss-attack-examples","XSS Attack Examples",[1040,1279,1283],{"className":1280,"code":1281,"language":1282,"meta":1045,"style":1045},"language-python shiki shiki-themes material-theme-lighter vitesse-light vitesse-dark","# Example of vulnerable code (DON'T DO THIS)\ndef search_view(request):\n    \"\"\"VULNERABLE: Reflects user input without escaping\"\"\"\n    query = request.GET.get('q', '')\n    \n    # This is dangerous - user input is not escaped\n    html = f\"\u003Ch1>Results for: {query}\u003C/h1>\"\n    \n    return HttpResponse(html)\n\n# Malicious input examples:\n# ?q=\u003Cscript>alert('XSS')\u003C/script>\n# ?q=\u003Cimg src=x onerror=alert('XSS')>\n# ?q=javascript:alert('XSS')\n# ?q=\u003Csvg onload=alert('XSS')>\n\ndef comment_view(request):\n    \"\"\"VULNERABLE: Stores unescaped user input\"\"\"\n    if request.method == 'POST':\n        content = request.POST.get('content')\n        \n        # Storing raw HTML is dangerous\n        Comment.objects.create(\n            user=request.user,\n            content=content  # Could contain malicious scripts\n        )\n    \n    comments = Comment.objects.all()\n    return render(request, 'comments.html', {'comments': comments})\n","python",[1047,1284,1285,1290,1307,1320,1360,1365,1370,1396,1400,1415,1419,1424,1429,1434,1439,1444,1448,1461,1470,1498,1527,1533,1539,1558,1577,1591,1597,1602,1625],{"__ignoreMap":1045},[1050,1286,1287],{"class":1052,"line":1053},[1050,1288,1289],{"class":1056},"# Example of vulnerable code (DON'T DO THIS)\n",[1050,1291,1292,1295,1298,1300,1304],{"class":1052,"line":1060},[1050,1293,1294],{"class":1202},"def",[1050,1296,1297],{"class":1236}," search_view",[1050,1299,1241],{"class":1082},[1050,1301,1303],{"class":1302},"sCyAa","request",[1050,1305,1306],{"class":1082},"):\n",[1050,1308,1309,1313,1317],{"class":1052,"line":1066},[1050,1310,1312],{"class":1311},"sm7ve","    \"\"\"",[1050,1314,1316],{"class":1315},"sVyVU","VULNERABLE: Reflects user input without escaping",[1050,1318,1319],{"class":1311},"\"\"\"\n",[1050,1321,1322,1325,1327,1330,1332,1336,1338,1342,1344,1346,1349,1351,1354,1357],{"class":1052,"line":1073},[1050,1323,1324],{"class":1092},"    query ",[1050,1326,1133],{"class":1082},[1050,1328,1329],{"class":1092}," request",[1050,1331,1233],{"class":1082},[1050,1333,1335],{"class":1334},"sFGJz","GET",[1050,1337,1233],{"class":1082},[1050,1339,1341],{"class":1340},"siWMO","get",[1050,1343,1241],{"class":1082},[1050,1345,1244],{"class":1136},[1050,1347,1348],{"class":1140},"q",[1050,1350,1244],{"class":1136},[1050,1352,1353],{"class":1082},",",[1050,1355,1356],{"class":1136}," ''",[1050,1358,1359],{"class":1082},")\n",[1050,1361,1362],{"class":1052,"line":1079},[1050,1363,1364],{"class":1092},"    \n",[1050,1366,1367],{"class":1052,"line":1104},[1050,1368,1369],{"class":1056},"    # This is dangerous - user input is not escaped\n",[1050,1371,1372,1375,1377,1380,1383,1387,1390,1393],{"class":1052,"line":1109},[1050,1373,1374],{"class":1092},"    html ",[1050,1376,1133],{"class":1082},[1050,1378,1379],{"class":1202}," f",[1050,1381,1382],{"class":1140},"\"\u003Ch1>Results for: ",[1050,1384,1386],{"class":1385},"s3h35","{",[1050,1388,1389],{"class":1092},"query",[1050,1391,1392],{"class":1385},"}",[1050,1394,1395],{"class":1140},"\u003C/h1>\"\n",[1050,1397,1398],{"class":1052,"line":1115},[1050,1399,1364],{"class":1092},[1050,1401,1402,1406,1409,1411,1413],{"class":1052,"line":1121},[1050,1403,1405],{"class":1404},"siDh9","    return",[1050,1407,1408],{"class":1340}," HttpResponse",[1050,1410,1241],{"class":1082},[1050,1412,1044],{"class":1340},[1050,1414,1359],{"class":1082},[1050,1416,1417],{"class":1052,"line":1148},[1050,1418,1070],{"emptyLinePlaceholder":1069},[1050,1420,1421],{"class":1052,"line":1154},[1050,1422,1423],{"class":1056},"# Malicious input examples:\n",[1050,1425,1426],{"class":1052,"line":1163},[1050,1427,1428],{"class":1056},"# ?q=\u003Cscript>alert('XSS')\u003C/script>\n",[1050,1430,1431],{"class":1052,"line":1172},[1050,1432,1433],{"class":1056},"# ?q=\u003Cimg src=x onerror=alert('XSS')>\n",[1050,1435,1436],{"class":1052,"line":1177},[1050,1437,1438],{"class":1056},"# ?q=javascript:alert('XSS')\n",[1050,1440,1441],{"class":1052,"line":1183},[1050,1442,1443],{"class":1056},"# ?q=\u003Csvg onload=alert('XSS')>\n",[1050,1445,1446],{"class":1052,"line":1193},[1050,1447,1070],{"emptyLinePlaceholder":1069},[1050,1449,1450,1452,1455,1457,1459],{"class":1052,"line":1199},[1050,1451,1294],{"class":1202},[1050,1453,1454],{"class":1236}," comment_view",[1050,1456,1241],{"class":1082},[1050,1458,1303],{"class":1302},[1050,1460,1306],{"class":1082},[1050,1462,1463,1465,1468],{"class":1052,"line":1227},[1050,1464,1312],{"class":1311},[1050,1466,1467],{"class":1315},"VULNERABLE: Stores unescaped user input",[1050,1469,1319],{"class":1311},[1050,1471,1472,1475,1477,1479,1483,1487,1490,1493,1495],{"class":1052,"line":1267},[1050,1473,1474],{"class":1404},"    if",[1050,1476,1329],{"class":1092},[1050,1478,1233],{"class":1082},[1050,1480,1482],{"class":1481},"sBPpx","method",[1050,1484,1486],{"class":1485},"sVsLi"," ==",[1050,1488,1489],{"class":1136}," '",[1050,1491,1492],{"class":1140},"POST",[1050,1494,1244],{"class":1136},[1050,1496,1497],{"class":1082},":\n",[1050,1499,1501,1504,1506,1508,1510,1512,1514,1516,1518,1520,1523,1525],{"class":1052,"line":1500},20,[1050,1502,1503],{"class":1092},"        content ",[1050,1505,1133],{"class":1082},[1050,1507,1329],{"class":1092},[1050,1509,1233],{"class":1082},[1050,1511,1492],{"class":1334},[1050,1513,1233],{"class":1082},[1050,1515,1341],{"class":1340},[1050,1517,1241],{"class":1082},[1050,1519,1244],{"class":1136},[1050,1521,1522],{"class":1140},"content",[1050,1524,1244],{"class":1136},[1050,1526,1359],{"class":1082},[1050,1528,1530],{"class":1052,"line":1529},21,[1050,1531,1532],{"class":1092},"        \n",[1050,1534,1536],{"class":1052,"line":1535},22,[1050,1537,1538],{"class":1056},"        # Storing raw HTML is dangerous\n",[1050,1540,1542,1545,1547,1550,1552,1555],{"class":1052,"line":1541},23,[1050,1543,1544],{"class":1092},"        Comment",[1050,1546,1233],{"class":1082},[1050,1548,1549],{"class":1481},"objects",[1050,1551,1233],{"class":1082},[1050,1553,1554],{"class":1340},"create",[1050,1556,1557],{"class":1082},"(\n",[1050,1559,1561,1565,1567,1569,1571,1574],{"class":1052,"line":1560},24,[1050,1562,1564],{"class":1563},"sqOPj","            user",[1050,1566,1133],{"class":1082},[1050,1568,1303],{"class":1340},[1050,1570,1233],{"class":1082},[1050,1572,1573],{"class":1481},"user",[1050,1575,1576],{"class":1082},",\n",[1050,1578,1580,1583,1585,1588],{"class":1052,"line":1579},25,[1050,1581,1582],{"class":1563},"            content",[1050,1584,1133],{"class":1082},[1050,1586,1587],{"class":1340},"content  ",[1050,1589,1590],{"class":1056},"# Could contain malicious scripts\n",[1050,1592,1594],{"class":1052,"line":1593},26,[1050,1595,1596],{"class":1082},"        )\n",[1050,1598,1600],{"class":1052,"line":1599},27,[1050,1601,1364],{"class":1092},[1050,1603,1605,1608,1610,1613,1615,1617,1619,1622],{"class":1052,"line":1604},28,[1050,1606,1607],{"class":1092},"    comments ",[1050,1609,1133],{"class":1082},[1050,1611,1612],{"class":1092}," Comment",[1050,1614,1233],{"class":1082},[1050,1616,1549],{"class":1481},[1050,1618,1233],{"class":1082},[1050,1620,1621],{"class":1340},"all",[1050,1623,1624],{"class":1082},"()\n",[1050,1626,1628,1630,1633,1635,1637,1639,1641,1644,1646,1648,1651,1653,1656,1658,1661,1664],{"class":1052,"line":1627},29,[1050,1629,1405],{"class":1404},[1050,1631,1632],{"class":1340}," render",[1050,1634,1241],{"class":1082},[1050,1636,1303],{"class":1340},[1050,1638,1353],{"class":1082},[1050,1640,1489],{"class":1136},[1050,1642,1643],{"class":1140},"comments.html",[1050,1645,1244],{"class":1136},[1050,1647,1353],{"class":1082},[1050,1649,1650],{"class":1082}," {",[1050,1652,1244],{"class":1136},[1050,1654,1655],{"class":1140},"comments",[1050,1657,1244],{"class":1136},[1050,1659,1660],{"class":1082},":",[1050,1662,1663],{"class":1340}," comments",[1050,1665,1666],{"class":1082},"})\n",[1030,1668,1670],{"id":1669},"djangos-xss-protection","Django's XSS Protection",[1035,1672,1674],{"id":1673},"automatic-template-escaping","Automatic Template Escaping",[1026,1676,1677],{},"Django automatically escapes variables in templates:",[1040,1679,1681],{"className":1042,"code":1680,"language":1044,"meta":1045,"style":1045},"\u003C!-- Django templates automatically escape by default -->\n\u003Cdiv class=\"user-content\">\n    \u003C!-- This is automatically escaped - SAFE -->\n    \u003Ch2>{{ article.title }}\u003C/h2>\n    \u003Cp>{{ article.content }}\u003C/p>\n    \n    \u003C!-- User input is automatically escaped -->\n    \u003Cdiv class=\"comment\">\n        Author: {{ comment.author.username }}\n        Content: {{ comment.content }}\n    \u003C/div>\n\u003C/div>\n\n\u003C!-- What Django does automatically: -->\n\u003C!-- Input: \u003Cscript>alert('XSS')\u003C/script> -->\n\u003C!-- Output: <script>alert('XSS')</script> -->\n",[1047,1682,1683,1688,1707,1712,1730,1747,1751,1756,1774,1779,1784,1793,1801,1805,1810,1815],{"__ignoreMap":1045},[1050,1684,1685],{"class":1052,"line":1053},[1050,1686,1687],{"class":1056},"\u003C!-- Django templates automatically escape by default -->\n",[1050,1689,1690,1692,1694,1696,1698,1700,1703,1705],{"class":1052,"line":1060},[1050,1691,1083],{"class":1082},[1050,1693,1126],{"class":1086},[1050,1695,1130],{"class":1129},[1050,1697,1133],{"class":1082},[1050,1699,1137],{"class":1136},[1050,1701,1702],{"class":1140},"user-content",[1050,1704,1137],{"class":1136},[1050,1706,1101],{"class":1082},[1050,1708,1709],{"class":1052,"line":1066},[1050,1710,1711],{"class":1056},"    \u003C!-- This is automatically escaped - SAFE -->\n",[1050,1713,1714,1717,1719,1721,1724,1726,1728],{"class":1052,"line":1073},[1050,1715,1716],{"class":1082},"    \u003C",[1050,1718,1030],{"class":1086},[1050,1720,1089],{"class":1082},[1050,1722,1723],{"class":1092},"{{ article.title }}",[1050,1725,1096],{"class":1082},[1050,1727,1030],{"class":1086},[1050,1729,1101],{"class":1082},[1050,1731,1732,1734,1736,1738,1741,1743,1745],{"class":1052,"line":1079},[1050,1733,1716],{"class":1082},[1050,1735,1026],{"class":1086},[1050,1737,1089],{"class":1082},[1050,1739,1740],{"class":1092},"{{ article.content }}",[1050,1742,1096],{"class":1082},[1050,1744,1026],{"class":1086},[1050,1746,1101],{"class":1082},[1050,1748,1749],{"class":1052,"line":1104},[1050,1750,1364],{"class":1092},[1050,1752,1753],{"class":1052,"line":1109},[1050,1754,1755],{"class":1056},"    \u003C!-- User input is automatically escaped -->\n",[1050,1757,1758,1760,1762,1764,1766,1768,1770,1772],{"class":1052,"line":1115},[1050,1759,1716],{"class":1082},[1050,1761,1126],{"class":1086},[1050,1763,1130],{"class":1129},[1050,1765,1133],{"class":1082},[1050,1767,1137],{"class":1136},[1050,1769,1141],{"class":1140},[1050,1771,1137],{"class":1136},[1050,1773,1101],{"class":1082},[1050,1775,1776],{"class":1052,"line":1121},[1050,1777,1778],{"class":1092},"        Author: {{ comment.author.username }}\n",[1050,1780,1781],{"class":1052,"line":1148},[1050,1782,1783],{"class":1092},"        Content: {{ comment.content }}\n",[1050,1785,1786,1789,1791],{"class":1052,"line":1154},[1050,1787,1788],{"class":1082},"    \u003C/",[1050,1790,1126],{"class":1086},[1050,1792,1101],{"class":1082},[1050,1794,1795,1797,1799],{"class":1052,"line":1163},[1050,1796,1096],{"class":1082},[1050,1798,1126],{"class":1086},[1050,1800,1101],{"class":1082},[1050,1802,1803],{"class":1052,"line":1172},[1050,1804,1070],{"emptyLinePlaceholder":1069},[1050,1806,1807],{"class":1052,"line":1177},[1050,1808,1809],{"class":1056},"\u003C!-- What Django does automatically: -->\n",[1050,1811,1812],{"class":1052,"line":1183},[1050,1813,1814],{"class":1056},"\u003C!-- Input: \u003Cscript>alert('XSS')\u003C/script> -->\n",[1050,1816,1817],{"class":1052,"line":1193},[1050,1818,1819],{"class":1056},"\u003C!-- Output: <script>alert('XSS')</script> -->\n",[1035,1821,1823],{"id":1822},"safe-vs-unsafe-template-usage","Safe vs Unsafe Template Usage",[1040,1825,1827],{"className":1042,"code":1826,"language":1044,"meta":1045,"style":1045},"\u003C!-- SAFE: Default escaping -->\n\u003Cdiv class=\"title\">{{ article.title }}\u003C/div>\n\u003C!-- Input: \u003Cscript>alert('XSS')\u003C/script> -->\n\u003C!-- Output: <script>alert('XSS')</script> -->\n\n\u003C!-- UNSAFE: Using |safe filter (only use with trusted content) -->\n\u003Cdiv class=\"content\">{{ article.content|safe }}\u003C/div>\n\u003C!-- This bypasses escaping - only use with sanitized content! -->\n\n\u003C!-- SAFE: Using escape filter explicitly -->\n\u003Cdiv class=\"user-input\">{{ user_comment|escape }}\u003C/div>\n\n\u003C!-- SAFE: Using linebreaks filter (escapes then converts newlines) -->\n\u003Cdiv class=\"formatted-text\">{{ user_text|linebreaks }}\u003C/div>\n\n\u003C!-- UNSAFE: Using |safe with user input -->\n\u003Cdiv class=\"dangerous\">{{ request.GET.search|safe }}\u003C/div>  \u003C!-- DON'T DO THIS! -->\n",[1047,1828,1829,1834,1861,1865,1869,1873,1878,1905,1910,1914,1919,1947,1951,1956,1984,1988,1993],{"__ignoreMap":1045},[1050,1830,1831],{"class":1052,"line":1053},[1050,1832,1833],{"class":1056},"\u003C!-- SAFE: Default escaping -->\n",[1050,1835,1836,1838,1840,1842,1844,1846,1849,1851,1853,1855,1857,1859],{"class":1052,"line":1060},[1050,1837,1083],{"class":1082},[1050,1839,1126],{"class":1086},[1050,1841,1130],{"class":1129},[1050,1843,1133],{"class":1082},[1050,1845,1137],{"class":1136},[1050,1847,1848],{"class":1140},"title",[1050,1850,1137],{"class":1136},[1050,1852,1089],{"class":1082},[1050,1854,1723],{"class":1092},[1050,1856,1096],{"class":1082},[1050,1858,1126],{"class":1086},[1050,1860,1101],{"class":1082},[1050,1862,1863],{"class":1052,"line":1066},[1050,1864,1814],{"class":1056},[1050,1866,1867],{"class":1052,"line":1073},[1050,1868,1819],{"class":1056},[1050,1870,1871],{"class":1052,"line":1079},[1050,1872,1070],{"emptyLinePlaceholder":1069},[1050,1874,1875],{"class":1052,"line":1104},[1050,1876,1877],{"class":1056},"\u003C!-- UNSAFE: Using |safe filter (only use with trusted content) -->\n",[1050,1879,1880,1882,1884,1886,1888,1890,1892,1894,1896,1899,1901,1903],{"class":1052,"line":1109},[1050,1881,1083],{"class":1082},[1050,1883,1126],{"class":1086},[1050,1885,1130],{"class":1129},[1050,1887,1133],{"class":1082},[1050,1889,1137],{"class":1136},[1050,1891,1522],{"class":1140},[1050,1893,1137],{"class":1136},[1050,1895,1089],{"class":1082},[1050,1897,1898],{"class":1092},"{{ article.content|safe }}",[1050,1900,1096],{"class":1082},[1050,1902,1126],{"class":1086},[1050,1904,1101],{"class":1082},[1050,1906,1907],{"class":1052,"line":1115},[1050,1908,1909],{"class":1056},"\u003C!-- This bypasses escaping - only use with sanitized content! -->\n",[1050,1911,1912],{"class":1052,"line":1121},[1050,1913,1070],{"emptyLinePlaceholder":1069},[1050,1915,1916],{"class":1052,"line":1148},[1050,1917,1918],{"class":1056},"\u003C!-- SAFE: Using escape filter explicitly -->\n",[1050,1920,1921,1923,1925,1927,1929,1931,1934,1936,1938,1941,1943,1945],{"class":1052,"line":1154},[1050,1922,1083],{"class":1082},[1050,1924,1126],{"class":1086},[1050,1926,1130],{"class":1129},[1050,1928,1133],{"class":1082},[1050,1930,1137],{"class":1136},[1050,1932,1933],{"class":1140},"user-input",[1050,1935,1137],{"class":1136},[1050,1937,1089],{"class":1082},[1050,1939,1940],{"class":1092},"{{ user_comment|escape }}",[1050,1942,1096],{"class":1082},[1050,1944,1126],{"class":1086},[1050,1946,1101],{"class":1082},[1050,1948,1949],{"class":1052,"line":1163},[1050,1950,1070],{"emptyLinePlaceholder":1069},[1050,1952,1953],{"class":1052,"line":1172},[1050,1954,1955],{"class":1056},"\u003C!-- SAFE: Using linebreaks filter (escapes then converts newlines) -->\n",[1050,1957,1958,1960,1962,1964,1966,1968,1971,1973,1975,1978,1980,1982],{"class":1052,"line":1177},[1050,1959,1083],{"class":1082},[1050,1961,1126],{"class":1086},[1050,1963,1130],{"class":1129},[1050,1965,1133],{"class":1082},[1050,1967,1137],{"class":1136},[1050,1969,1970],{"class":1140},"formatted-text",[1050,1972,1137],{"class":1136},[1050,1974,1089],{"class":1082},[1050,1976,1977],{"class":1092},"{{ user_text|linebreaks }}",[1050,1979,1096],{"class":1082},[1050,1981,1126],{"class":1086},[1050,1983,1101],{"class":1082},[1050,1985,1986],{"class":1052,"line":1183},[1050,1987,1070],{"emptyLinePlaceholder":1069},[1050,1989,1990],{"class":1052,"line":1193},[1050,1991,1992],{"class":1056},"\u003C!-- UNSAFE: Using |safe with user input -->\n",[1050,1994,1995,1997,1999,2001,2003,2005,2008,2010,2012,2015,2017,2019,2021],{"class":1052,"line":1199},[1050,1996,1083],{"class":1082},[1050,1998,1126],{"class":1086},[1050,2000,1130],{"class":1129},[1050,2002,1133],{"class":1082},[1050,2004,1137],{"class":1136},[1050,2006,2007],{"class":1140},"dangerous",[1050,2009,1137],{"class":1136},[1050,2011,1089],{"class":1082},[1050,2013,2014],{"class":1092},"{{ request.GET.search|safe }}",[1050,2016,1096],{"class":1082},[1050,2018,1126],{"class":1086},[1050,2020,1089],{"class":1082},[1050,2022,2023],{"class":1056},"  \u003C!-- DON'T DO THIS! -->\n",[1035,2025,2027],{"id":2026},"escaping-in-different-contexts","Escaping in Different Contexts",[1040,2029,2031],{"className":1042,"code":2030,"language":1044,"meta":1045,"style":1045},"\u003C!-- HTML Content Context -->\n\u003Cdiv>{{ user_input }}\u003C/div>  \u003C!-- Automatically escaped -->\n\n\u003C!-- HTML Attribute Context -->\n\u003Cinput type=\"text\" value=\"{{ user_input }}\">  \u003C!-- Automatically escaped -->\n\u003Cimg src=\"{{ image_url }}\" alt=\"{{ image_description }}\">\n\n\u003C!-- JavaScript Context - REQUIRES SPECIAL HANDLING -->\n\u003Cscript>\n    // WRONG: This is not safe even with escaping\n    var userInput = \"{{ user_input }}\";  // Still vulnerable!\n    \n    // CORRECT: Use JSON escaping\n    var userInput = {{ user_input|escapejs }};\n    \n    // BETTER: Use json_script filter\n    {{ user_data|json_script:\"user-data\" }}\n    const userData = JSON.parse(document.getElementById('user-data').textContent);\n\u003C/script>\n\n\u003C!-- CSS Context - Avoid user input in CSS -->\n\u003Cstyle>\n    /* DANGEROUS: Never put user input in CSS */\n    .user-style { color: {{ user_color }}; }  /* DON'T DO THIS! */\n\u003C/style>\n\n\u003C!-- URL Context -->\n\u003Ca href=\"{{ user_url|urlencode }}\">Link\u003C/a>  \u003C!-- Use urlencode filter -->\n",[1047,2032,2033,2038,2058,2062,2067,2101,2134,2138,2143,2151,2156,2175,2179,2184,2207,2211,2216,2242,2288,2296,2300,2305,2314,2319,2347,2355,2359,2364],{"__ignoreMap":1045},[1050,2034,2035],{"class":1052,"line":1053},[1050,2036,2037],{"class":1056},"\u003C!-- HTML Content Context -->\n",[1050,2039,2040,2042,2044,2046,2049,2051,2053,2055],{"class":1052,"line":1060},[1050,2041,1083],{"class":1082},[1050,2043,1126],{"class":1086},[1050,2045,1089],{"class":1082},[1050,2047,2048],{"class":1092},"{{ user_input }}",[1050,2050,1096],{"class":1082},[1050,2052,1126],{"class":1086},[1050,2054,1089],{"class":1082},[1050,2056,2057],{"class":1056},"  \u003C!-- Automatically escaped -->\n",[1050,2059,2060],{"class":1052,"line":1066},[1050,2061,1070],{"emptyLinePlaceholder":1069},[1050,2063,2064],{"class":1052,"line":1073},[1050,2065,2066],{"class":1056},"\u003C!-- HTML Attribute Context -->\n",[1050,2068,2069,2071,2074,2077,2079,2081,2084,2086,2089,2091,2093,2095,2097,2099],{"class":1052,"line":1079},[1050,2070,1083],{"class":1082},[1050,2072,2073],{"class":1086},"input",[1050,2075,2076],{"class":1129}," type",[1050,2078,1133],{"class":1082},[1050,2080,1137],{"class":1136},[1050,2082,2083],{"class":1140},"text",[1050,2085,1137],{"class":1136},[1050,2087,2088],{"class":1129}," value",[1050,2090,1133],{"class":1082},[1050,2092,1137],{"class":1136},[1050,2094,2048],{"class":1140},[1050,2096,1137],{"class":1136},[1050,2098,1089],{"class":1082},[1050,2100,2057],{"class":1056},[1050,2102,2103,2105,2108,2111,2113,2115,2118,2120,2123,2125,2127,2130,2132],{"class":1052,"line":1104},[1050,2104,1083],{"class":1082},[1050,2106,2107],{"class":1086},"img",[1050,2109,2110],{"class":1129}," src",[1050,2112,1133],{"class":1082},[1050,2114,1137],{"class":1136},[1050,2116,2117],{"class":1140},"{{ image_url }}",[1050,2119,1137],{"class":1136},[1050,2121,2122],{"class":1129}," alt",[1050,2124,1133],{"class":1082},[1050,2126,1137],{"class":1136},[1050,2128,2129],{"class":1140},"{{ image_description }}",[1050,2131,1137],{"class":1136},[1050,2133,1101],{"class":1082},[1050,2135,2136],{"class":1052,"line":1109},[1050,2137,1070],{"emptyLinePlaceholder":1069},[1050,2139,2140],{"class":1052,"line":1115},[1050,2141,2142],{"class":1056},"\u003C!-- JavaScript Context - REQUIRES SPECIAL HANDLING -->\n",[1050,2144,2145,2147,2149],{"class":1052,"line":1121},[1050,2146,1083],{"class":1082},[1050,2148,1188],{"class":1086},[1050,2150,1101],{"class":1082},[1050,2152,2153],{"class":1052,"line":1148},[1050,2154,2155],{"class":1056},"    // WRONG: This is not safe even with escaping\n",[1050,2157,2158,2160,2162,2164,2166,2168,2170,2172],{"class":1052,"line":1154},[1050,2159,1203],{"class":1202},[1050,2161,1207],{"class":1206},[1050,2163,1210],{"class":1082},[1050,2165,1213],{"class":1136},[1050,2167,2048],{"class":1140},[1050,2169,1137],{"class":1136},[1050,2171,1221],{"class":1082},[1050,2173,2174],{"class":1056},"  // Still vulnerable!\n",[1050,2176,2177],{"class":1052,"line":1163},[1050,2178,1364],{"class":1092},[1050,2180,2181],{"class":1052,"line":1172},[1050,2182,2183],{"class":1056},"    // CORRECT: Use JSON escaping\n",[1050,2185,2186,2188,2190,2192,2195,2198,2201,2204],{"class":1052,"line":1177},[1050,2187,1203],{"class":1202},[1050,2189,1207],{"class":1206},[1050,2191,1210],{"class":1082},[1050,2193,2194],{"class":1082}," {{",[1050,2196,2197],{"class":1206}," user_input",[1050,2199,2200],{"class":1485},"|",[1050,2202,2203],{"class":1206},"escapejs",[1050,2205,2206],{"class":1082}," }};\n",[1050,2208,2209],{"class":1052,"line":1183},[1050,2210,1364],{"class":1092},[1050,2212,2213],{"class":1052,"line":1193},[1050,2214,2215],{"class":1056},"    // BETTER: Use json_script filter\n",[1050,2217,2218,2221,2224,2226,2230,2232,2234,2237,2239],{"class":1052,"line":1199},[1050,2219,2220],{"class":1082},"    {{",[1050,2222,2223],{"class":1206}," user_data",[1050,2225,2200],{"class":1485},[1050,2227,2229],{"class":2228},"sYn-s","json_script",[1050,2231,1660],{"class":1082},[1050,2233,1137],{"class":1136},[1050,2235,2236],{"class":1140},"user-data",[1050,2238,1137],{"class":1136},[1050,2240,2241],{"class":1082}," }}\n",[1050,2243,2244,2247,2250,2252,2255,2257,2260,2262,2265,2267,2269,2271,2273,2275,2277,2279,2281,2284,2286],{"class":1052,"line":1227},[1050,2245,2246],{"class":1202},"    const",[1050,2248,2249],{"class":1206}," userData",[1050,2251,1210],{"class":1082},[1050,2253,2254],{"class":1206}," JSON",[1050,2256,1233],{"class":1082},[1050,2258,2259],{"class":1236},"parse",[1050,2261,1241],{"class":1240},[1050,2263,2264],{"class":1206},"document",[1050,2266,1233],{"class":1082},[1050,2268,1237],{"class":1236},[1050,2270,1241],{"class":1240},[1050,2272,1244],{"class":1136},[1050,2274,2236],{"class":1140},[1050,2276,1244],{"class":1136},[1050,2278,1252],{"class":1240},[1050,2280,1233],{"class":1082},[1050,2282,2283],{"class":1206},"textContent",[1050,2285,1252],{"class":1240},[1050,2287,1264],{"class":1082},[1050,2289,2290,2292,2294],{"class":1052,"line":1267},[1050,2291,1096],{"class":1082},[1050,2293,1188],{"class":1086},[1050,2295,1101],{"class":1082},[1050,2297,2298],{"class":1052,"line":1500},[1050,2299,1070],{"emptyLinePlaceholder":1069},[1050,2301,2302],{"class":1052,"line":1529},[1050,2303,2304],{"class":1056},"\u003C!-- CSS Context - Avoid user input in CSS -->\n",[1050,2306,2307,2309,2312],{"class":1052,"line":1535},[1050,2308,1083],{"class":1082},[1050,2310,2311],{"class":1086},"style",[1050,2313,1101],{"class":1082},[1050,2315,2316],{"class":1052,"line":1541},[1050,2317,2318],{"class":1056},"    /* DANGEROUS: Never put user input in CSS */\n",[1050,2320,2321,2324,2328,2330,2334,2336,2339,2341,2344],{"class":1052,"line":1560},[1050,2322,2323],{"class":1082},"    .",[1050,2325,2327],{"class":2326},"sKL33","user-style",[1050,2329,1650],{"class":1082},[1050,2331,2333],{"class":2332},"s5HLA"," color",[1050,2335,1660],{"class":1082},[1050,2337,2338],{"class":1092}," {{ user_color ",[1050,2340,1392],{"class":1082},[1050,2342,2343],{"class":1092},"}; }  ",[1050,2345,2346],{"class":1056},"/* DON'T DO THIS! */\n",[1050,2348,2349,2351,2353],{"class":1052,"line":1579},[1050,2350,1096],{"class":1082},[1050,2352,2311],{"class":1086},[1050,2354,1101],{"class":1082},[1050,2356,2357],{"class":1052,"line":1593},[1050,2358,1070],{"emptyLinePlaceholder":1069},[1050,2360,2361],{"class":1052,"line":1599},[1050,2362,2363],{"class":1056},"\u003C!-- URL Context -->\n",[1050,2365,2366,2368,2371,2374,2376,2378,2381,2383,2385,2388,2390,2392,2394],{"class":1052,"line":1604},[1050,2367,1083],{"class":1082},[1050,2369,2370],{"class":1086},"a",[1050,2372,2373],{"class":1129}," href",[1050,2375,1133],{"class":1082},[1050,2377,1137],{"class":1136},[1050,2379,2380],{"class":1140},"{{ user_url|urlencode }}",[1050,2382,1137],{"class":1136},[1050,2384,1089],{"class":1082},[1050,2386,2387],{"class":1092},"Link",[1050,2389,1096],{"class":1082},[1050,2391,2370],{"class":1086},[1050,2393,1089],{"class":1082},[1050,2395,2396],{"class":1056},"  \u003C!-- Use urlencode filter -->\n",[1030,2398,2400],{"id":2399},"secure-template-practices","Secure Template Practices",[1035,2402,2404],{"id":2403},"using-json_script-for-javascript-data","Using json_script for JavaScript Data",[1040,2406,2408],{"className":1042,"code":2407,"language":1044,"meta":1045,"style":1045},"\u003C!-- Secure way to pass data to JavaScript -->\n{{ user_data|json_script:\"user-data\" }}\n\u003Cscript>\n    const userData = JSON.parse(document.getElementById('user-data').textContent);\n    \n    // Now you can safely use userData in JavaScript\n    console.log('User name:', userData.name);\n    console.log('User email:', userData.email);\n\u003C/script>\n",[1047,2409,2410,2415,2420,2428,2468,2472,2477,2509,2539],{"__ignoreMap":1045},[1050,2411,2412],{"class":1052,"line":1053},[1050,2413,2414],{"class":1056},"\u003C!-- Secure way to pass data to JavaScript -->\n",[1050,2416,2417],{"class":1052,"line":1060},[1050,2418,2419],{"class":1092},"{{ user_data|json_script:\"user-data\" }}\n",[1050,2421,2422,2424,2426],{"class":1052,"line":1066},[1050,2423,1083],{"class":1082},[1050,2425,1188],{"class":1086},[1050,2427,1101],{"class":1082},[1050,2429,2430,2432,2434,2436,2438,2440,2442,2444,2446,2448,2450,2452,2454,2456,2458,2460,2462,2464,2466],{"class":1052,"line":1073},[1050,2431,2246],{"class":1202},[1050,2433,2249],{"class":1206},[1050,2435,1210],{"class":1082},[1050,2437,2254],{"class":1206},[1050,2439,1233],{"class":1082},[1050,2441,2259],{"class":1236},[1050,2443,1241],{"class":1240},[1050,2445,2264],{"class":1206},[1050,2447,1233],{"class":1082},[1050,2449,1237],{"class":1236},[1050,2451,1241],{"class":1240},[1050,2453,1244],{"class":1136},[1050,2455,2236],{"class":1140},[1050,2457,1244],{"class":1136},[1050,2459,1252],{"class":1240},[1050,2461,1233],{"class":1082},[1050,2463,2283],{"class":1206},[1050,2465,1252],{"class":1240},[1050,2467,1264],{"class":1082},[1050,2469,2470],{"class":1052,"line":1079},[1050,2471,1364],{"class":1092},[1050,2473,2474],{"class":1052,"line":1104},[1050,2475,2476],{"class":1056},"    // Now you can safely use userData in JavaScript\n",[1050,2478,2479,2482,2484,2487,2489,2491,2494,2496,2498,2500,2502,2505,2507],{"class":1052,"line":1109},[1050,2480,2481],{"class":1206},"    console",[1050,2483,1233],{"class":1082},[1050,2485,2486],{"class":1236},"log",[1050,2488,1241],{"class":1240},[1050,2490,1244],{"class":1136},[1050,2492,2493],{"class":1140},"User name:",[1050,2495,1244],{"class":1136},[1050,2497,1353],{"class":1082},[1050,2499,2249],{"class":1206},[1050,2501,1233],{"class":1082},[1050,2503,2504],{"class":1206},"name",[1050,2506,1252],{"class":1240},[1050,2508,1264],{"class":1082},[1050,2510,2511,2513,2515,2517,2519,2521,2524,2526,2528,2530,2532,2535,2537],{"class":1052,"line":1115},[1050,2512,2481],{"class":1206},[1050,2514,1233],{"class":1082},[1050,2516,2486],{"class":1236},[1050,2518,1241],{"class":1240},[1050,2520,1244],{"class":1136},[1050,2522,2523],{"class":1140},"User email:",[1050,2525,1244],{"class":1136},[1050,2527,1353],{"class":1082},[1050,2529,2249],{"class":1206},[1050,2531,1233],{"class":1082},[1050,2533,2534],{"class":1206},"email",[1050,2536,1252],{"class":1240},[1050,2538,1264],{"class":1082},[1050,2540,2541,2543,2545],{"class":1052,"line":1121},[1050,2542,1096],{"class":1082},[1050,2544,1188],{"class":1086},[1050,2546,1101],{"class":1082},[1040,2548,2550],{"className":1280,"code":2549,"language":1282,"meta":1045,"style":1045},"# views.py - Preparing data for json_script\ndef profile_view(request):\n    \"\"\"Secure way to pass data to JavaScript\"\"\"\n    \n    user_data = {\n        'id': request.user.id,\n        'name': request.user.get_full_name(),\n        'email': request.user.email,\n        'preferences': {\n            'theme': request.user.profile.theme,\n            'notifications': request.user.profile.notifications_enabled\n        }\n    }\n    \n    return render(request, 'profile.html', {\n        'user_data': user_data\n    })\n",[1047,2551,2552,2557,2570,2579,2583,2593,2617,2641,2663,2676,2705,2731,2736,2741,2745,2768,2782],{"__ignoreMap":1045},[1050,2553,2554],{"class":1052,"line":1053},[1050,2555,2556],{"class":1056},"# views.py - Preparing data for json_script\n",[1050,2558,2559,2561,2564,2566,2568],{"class":1052,"line":1060},[1050,2560,1294],{"class":1202},[1050,2562,2563],{"class":1236}," profile_view",[1050,2565,1241],{"class":1082},[1050,2567,1303],{"class":1302},[1050,2569,1306],{"class":1082},[1050,2571,2572,2574,2577],{"class":1052,"line":1066},[1050,2573,1312],{"class":1311},[1050,2575,2576],{"class":1315},"Secure way to pass data to JavaScript",[1050,2578,1319],{"class":1311},[1050,2580,2581],{"class":1052,"line":1073},[1050,2582,1364],{"class":1092},[1050,2584,2585,2588,2590],{"class":1052,"line":1079},[1050,2586,2587],{"class":1092},"    user_data ",[1050,2589,1133],{"class":1082},[1050,2591,2592],{"class":1082}," {\n",[1050,2594,2595,2598,2601,2603,2605,2607,2609,2611,2613,2615],{"class":1052,"line":1104},[1050,2596,2597],{"class":1136},"        '",[1050,2599,2600],{"class":1140},"id",[1050,2602,1244],{"class":1136},[1050,2604,1660],{"class":1082},[1050,2606,1329],{"class":1092},[1050,2608,1233],{"class":1082},[1050,2610,1573],{"class":1481},[1050,2612,1233],{"class":1082},[1050,2614,2600],{"class":1481},[1050,2616,1576],{"class":1082},[1050,2618,2619,2621,2623,2625,2627,2629,2631,2633,2635,2638],{"class":1052,"line":1109},[1050,2620,2597],{"class":1136},[1050,2622,2504],{"class":1140},[1050,2624,1244],{"class":1136},[1050,2626,1660],{"class":1082},[1050,2628,1329],{"class":1092},[1050,2630,1233],{"class":1082},[1050,2632,1573],{"class":1481},[1050,2634,1233],{"class":1082},[1050,2636,2637],{"class":1340},"get_full_name",[1050,2639,2640],{"class":1082},"(),\n",[1050,2642,2643,2645,2647,2649,2651,2653,2655,2657,2659,2661],{"class":1052,"line":1115},[1050,2644,2597],{"class":1136},[1050,2646,2534],{"class":1140},[1050,2648,1244],{"class":1136},[1050,2650,1660],{"class":1082},[1050,2652,1329],{"class":1092},[1050,2654,1233],{"class":1082},[1050,2656,1573],{"class":1481},[1050,2658,1233],{"class":1082},[1050,2660,2534],{"class":1481},[1050,2662,1576],{"class":1082},[1050,2664,2665,2667,2670,2672,2674],{"class":1052,"line":1121},[1050,2666,2597],{"class":1136},[1050,2668,2669],{"class":1140},"preferences",[1050,2671,1244],{"class":1136},[1050,2673,1660],{"class":1082},[1050,2675,2592],{"class":1082},[1050,2677,2678,2681,2684,2686,2688,2690,2692,2694,2696,2699,2701,2703],{"class":1052,"line":1148},[1050,2679,2680],{"class":1136},"            '",[1050,2682,2683],{"class":1140},"theme",[1050,2685,1244],{"class":1136},[1050,2687,1660],{"class":1082},[1050,2689,1329],{"class":1092},[1050,2691,1233],{"class":1082},[1050,2693,1573],{"class":1481},[1050,2695,1233],{"class":1082},[1050,2697,2698],{"class":1481},"profile",[1050,2700,1233],{"class":1082},[1050,2702,2683],{"class":1481},[1050,2704,1576],{"class":1082},[1050,2706,2707,2709,2712,2714,2716,2718,2720,2722,2724,2726,2728],{"class":1052,"line":1154},[1050,2708,2680],{"class":1136},[1050,2710,2711],{"class":1140},"notifications",[1050,2713,1244],{"class":1136},[1050,2715,1660],{"class":1082},[1050,2717,1329],{"class":1092},[1050,2719,1233],{"class":1082},[1050,2721,1573],{"class":1481},[1050,2723,1233],{"class":1082},[1050,2725,2698],{"class":1481},[1050,2727,1233],{"class":1082},[1050,2729,2730],{"class":1481},"notifications_enabled\n",[1050,2732,2733],{"class":1052,"line":1163},[1050,2734,2735],{"class":1082},"        }\n",[1050,2737,2738],{"class":1052,"line":1172},[1050,2739,2740],{"class":1082},"    }\n",[1050,2742,2743],{"class":1052,"line":1177},[1050,2744,1364],{"class":1092},[1050,2746,2747,2749,2751,2753,2755,2757,2759,2762,2764,2766],{"class":1052,"line":1183},[1050,2748,1405],{"class":1404},[1050,2750,1632],{"class":1340},[1050,2752,1241],{"class":1082},[1050,2754,1303],{"class":1340},[1050,2756,1353],{"class":1082},[1050,2758,1489],{"class":1136},[1050,2760,2761],{"class":1140},"profile.html",[1050,2763,1244],{"class":1136},[1050,2765,1353],{"class":1082},[1050,2767,2592],{"class":1082},[1050,2769,2770,2772,2775,2777,2779],{"class":1052,"line":1193},[1050,2771,2597],{"class":1136},[1050,2773,2774],{"class":1140},"user_data",[1050,2776,1244],{"class":1136},[1050,2778,1660],{"class":1082},[1050,2780,2781],{"class":1340}," user_data\n",[1050,2783,2784],{"class":1052,"line":1199},[1050,2785,2786],{"class":1082},"    })\n",[1035,2788,2790],{"id":2789},"custom-template-filters-for-security","Custom Template Filters for Security",[1040,2792,2794],{"className":1280,"code":2793,"language":1282,"meta":1045,"style":1045},"# templatetags/security_filters.py\nfrom django import template\nfrom django.utils.safestring import mark_safe\nfrom django.utils.html import escape\nimport bleach\nimport re\n\nregister = template.Library()\n\n@register.filter\ndef sanitize_html(value):\n    \"\"\"Sanitize HTML content to prevent XSS\"\"\"\n    if not value:\n        return ''\n    \n    # Define allowed tags and attributes\n    allowed_tags = [\n        'p', 'br', 'strong', 'em', 'u', 'ol', 'ul', 'li',\n        'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote',\n        'a', 'img'\n    ]\n    \n    allowed_attributes = {\n        'a': ['href', 'title'],\n        'img': ['src', 'alt', 'width', 'height'],\n    }\n    \n    # Additional protocols for links\n    allowed_protocols = ['http', 'https', 'mailto']\n    \n    # Clean the HTML\n    cleaned = bleach.clean(\n        value,\n        tags=allowed_tags,\n        attributes=allowed_attributes,\n        protocols=allowed_protocols,\n        strip=True\n    )\n    \n    return mark_safe(cleaned)\n\n@register.filter\ndef strip_scripts(value):\n    \"\"\"Remove all script tags and javascript: URLs\"\"\"\n    if not value:\n        return ''\n    \n    # Remove script tags\n    value = re.sub(r'\u003Cscript[^>]*>.*?\u003C/script>', '', value, flags=re.IGNORECASE | re.DOTALL)\n    \n    # Remove javascript: URLs\n    value = re.sub(r'javascript:', '', value, flags=re.IGNORECASE)\n    \n    # Remove on* event handlers\n    value = re.sub(r'\\son\\w+\\s*=\\s*[\"\\'][^\"\\']*[\"\\']', '', value, flags=re.IGNORECASE)\n    \n    return value\n\n@register.filter\ndef safe_markdown(value):\n    \"\"\"Convert markdown to safe HTML\"\"\"\n    if not value:\n        return ''\n    \n    import markdown\n    from markdown.extensions import codehilite, fenced_code\n    \n    # Convert markdown to HTML\n    md = markdown.Markdown(\n        extensions=['codehilite', 'fenced_code', 'tables'],\n        extension_configs={\n            'codehilite': {\n                'css_class': 'highlight',\n                'use_pygments': True,\n            }\n        }\n    )\n    \n    html = md.convert(value)\n    \n    # Sanitize the resulting HTML\n    return sanitize_html(html)\n",[1047,2795,2796,2801,2815,2837,2857,2864,2871,2875,2892,2896,2909,2923,2932,2943,2951,2955,2960,2970,3043,3105,3122,3127,3131,3140,3171,3219,3223,3227,3232,3269,3274,3280,3298,3306,3319,3332,3345,3357,3363,3368,3383,3388,3399,3413,3423,3434,3441,3446,3452,3544,3549,3555,3601,3606,3612,3706,3711,3719,3724,3735,3749,3759,3770,3777,3782,3791,3815,3820,3826,3843,3879,3888,3901,3923,3940,3946,3951,3956,3961,3982,3987,3993],{"__ignoreMap":1045},[1050,2797,2798],{"class":1052,"line":1053},[1050,2799,2800],{"class":1056},"# templatetags/security_filters.py\n",[1050,2802,2803,2806,2809,2812],{"class":1052,"line":1060},[1050,2804,2805],{"class":1404},"from",[1050,2807,2808],{"class":1092}," django ",[1050,2810,2811],{"class":1404},"import",[1050,2813,2814],{"class":1092}," template\n",[1050,2816,2817,2819,2822,2824,2827,2829,2832,2834],{"class":1052,"line":1066},[1050,2818,2805],{"class":1404},[1050,2820,2821],{"class":1092}," django",[1050,2823,1233],{"class":1082},[1050,2825,2826],{"class":1092},"utils",[1050,2828,1233],{"class":1082},[1050,2830,2831],{"class":1092},"safestring ",[1050,2833,2811],{"class":1404},[1050,2835,2836],{"class":1092}," mark_safe\n",[1050,2838,2839,2841,2843,2845,2847,2849,2852,2854],{"class":1052,"line":1073},[1050,2840,2805],{"class":1404},[1050,2842,2821],{"class":1092},[1050,2844,1233],{"class":1082},[1050,2846,2826],{"class":1092},[1050,2848,1233],{"class":1082},[1050,2850,2851],{"class":1092},"html ",[1050,2853,2811],{"class":1404},[1050,2855,2856],{"class":1092}," escape\n",[1050,2858,2859,2861],{"class":1052,"line":1079},[1050,2860,2811],{"class":1404},[1050,2862,2863],{"class":1092}," bleach\n",[1050,2865,2866,2868],{"class":1052,"line":1104},[1050,2867,2811],{"class":1404},[1050,2869,2870],{"class":1092}," re\n",[1050,2872,2873],{"class":1052,"line":1109},[1050,2874,1070],{"emptyLinePlaceholder":1069},[1050,2876,2877,2880,2882,2885,2887,2890],{"class":1052,"line":1115},[1050,2878,2879],{"class":1092},"register ",[1050,2881,1133],{"class":1082},[1050,2883,2884],{"class":1092}," template",[1050,2886,1233],{"class":1082},[1050,2888,2889],{"class":1340},"Library",[1050,2891,1624],{"class":1082},[1050,2893,2894],{"class":1052,"line":1121},[1050,2895,1070],{"emptyLinePlaceholder":1069},[1050,2897,2898,2901,2904,2906],{"class":1052,"line":1148},[1050,2899,2900],{"class":1082},"@",[1050,2902,2903],{"class":1236},"register",[1050,2905,1233],{"class":1082},[1050,2907,2908],{"class":1236},"filter\n",[1050,2910,2911,2913,2916,2918,2921],{"class":1052,"line":1154},[1050,2912,1294],{"class":1202},[1050,2914,2915],{"class":1236}," sanitize_html",[1050,2917,1241],{"class":1082},[1050,2919,2920],{"class":1302},"value",[1050,2922,1306],{"class":1082},[1050,2924,2925,2927,2930],{"class":1052,"line":1163},[1050,2926,1312],{"class":1311},[1050,2928,2929],{"class":1315},"Sanitize HTML content to prevent XSS",[1050,2931,1319],{"class":1311},[1050,2933,2934,2936,2939,2941],{"class":1052,"line":1172},[1050,2935,1474],{"class":1404},[1050,2937,2938],{"class":1485}," not",[1050,2940,2088],{"class":1092},[1050,2942,1497],{"class":1082},[1050,2944,2945,2948],{"class":1052,"line":1177},[1050,2946,2947],{"class":1404},"        return",[1050,2949,2950],{"class":1136}," ''\n",[1050,2952,2953],{"class":1052,"line":1183},[1050,2954,1364],{"class":1092},[1050,2956,2957],{"class":1052,"line":1193},[1050,2958,2959],{"class":1056},"    # Define allowed tags and attributes\n",[1050,2961,2962,2965,2967],{"class":1052,"line":1199},[1050,2963,2964],{"class":1092},"    allowed_tags ",[1050,2966,1133],{"class":1082},[1050,2968,2969],{"class":1082}," [\n",[1050,2971,2972,2974,2976,2978,2980,2982,2985,2987,2989,2991,2994,2996,2998,3000,3003,3005,3007,3009,3012,3014,3016,3018,3021,3023,3025,3027,3030,3032,3034,3036,3039,3041],{"class":1052,"line":1227},[1050,2973,2597],{"class":1136},[1050,2975,1026],{"class":1140},[1050,2977,1244],{"class":1136},[1050,2979,1353],{"class":1082},[1050,2981,1489],{"class":1136},[1050,2983,2984],{"class":1140},"br",[1050,2986,1244],{"class":1136},[1050,2988,1353],{"class":1082},[1050,2990,1489],{"class":1136},[1050,2992,2993],{"class":1140},"strong",[1050,2995,1244],{"class":1136},[1050,2997,1353],{"class":1082},[1050,2999,1489],{"class":1136},[1050,3001,3002],{"class":1140},"em",[1050,3004,1244],{"class":1136},[1050,3006,1353],{"class":1082},[1050,3008,1489],{"class":1136},[1050,3010,3011],{"class":1140},"u",[1050,3013,1244],{"class":1136},[1050,3015,1353],{"class":1082},[1050,3017,1489],{"class":1136},[1050,3019,3020],{"class":1140},"ol",[1050,3022,1244],{"class":1136},[1050,3024,1353],{"class":1082},[1050,3026,1489],{"class":1136},[1050,3028,3029],{"class":1140},"ul",[1050,3031,1244],{"class":1136},[1050,3033,1353],{"class":1082},[1050,3035,1489],{"class":1136},[1050,3037,3038],{"class":1140},"li",[1050,3040,1244],{"class":1136},[1050,3042,1576],{"class":1082},[1050,3044,3045,3047,3049,3051,3053,3055,3057,3059,3061,3063,3065,3067,3069,3071,3074,3076,3078,3080,3083,3085,3087,3089,3092,3094,3096,3098,3101,3103],{"class":1052,"line":1267},[1050,3046,2597],{"class":1136},[1050,3048,1022],{"class":1140},[1050,3050,1244],{"class":1136},[1050,3052,1353],{"class":1082},[1050,3054,1489],{"class":1136},[1050,3056,1030],{"class":1140},[1050,3058,1244],{"class":1136},[1050,3060,1353],{"class":1082},[1050,3062,1489],{"class":1136},[1050,3064,1035],{"class":1140},[1050,3066,1244],{"class":1136},[1050,3068,1353],{"class":1082},[1050,3070,1489],{"class":1136},[1050,3072,3073],{"class":1140},"h4",[1050,3075,1244],{"class":1136},[1050,3077,1353],{"class":1082},[1050,3079,1489],{"class":1136},[1050,3081,3082],{"class":1140},"h5",[1050,3084,1244],{"class":1136},[1050,3086,1353],{"class":1082},[1050,3088,1489],{"class":1136},[1050,3090,3091],{"class":1140},"h6",[1050,3093,1244],{"class":1136},[1050,3095,1353],{"class":1082},[1050,3097,1489],{"class":1136},[1050,3099,3100],{"class":1140},"blockquote",[1050,3102,1244],{"class":1136},[1050,3104,1576],{"class":1082},[1050,3106,3107,3109,3111,3113,3115,3117,3119],{"class":1052,"line":1500},[1050,3108,2597],{"class":1136},[1050,3110,2370],{"class":1140},[1050,3112,1244],{"class":1136},[1050,3114,1353],{"class":1082},[1050,3116,1489],{"class":1136},[1050,3118,2107],{"class":1140},[1050,3120,3121],{"class":1136},"'\n",[1050,3123,3124],{"class":1052,"line":1529},[1050,3125,3126],{"class":1082},"    ]\n",[1050,3128,3129],{"class":1052,"line":1535},[1050,3130,1364],{"class":1092},[1050,3132,3133,3136,3138],{"class":1052,"line":1541},[1050,3134,3135],{"class":1092},"    allowed_attributes ",[1050,3137,1133],{"class":1082},[1050,3139,2592],{"class":1082},[1050,3141,3142,3144,3146,3148,3150,3153,3155,3158,3160,3162,3164,3166,3168],{"class":1052,"line":1560},[1050,3143,2597],{"class":1136},[1050,3145,2370],{"class":1140},[1050,3147,1244],{"class":1136},[1050,3149,1660],{"class":1082},[1050,3151,3152],{"class":1082}," [",[1050,3154,1244],{"class":1136},[1050,3156,3157],{"class":1140},"href",[1050,3159,1244],{"class":1136},[1050,3161,1353],{"class":1082},[1050,3163,1489],{"class":1136},[1050,3165,1848],{"class":1140},[1050,3167,1244],{"class":1136},[1050,3169,3170],{"class":1082},"],\n",[1050,3172,3173,3175,3177,3179,3181,3183,3185,3188,3190,3192,3194,3197,3199,3201,3203,3206,3208,3210,3212,3215,3217],{"class":1052,"line":1579},[1050,3174,2597],{"class":1136},[1050,3176,2107],{"class":1140},[1050,3178,1244],{"class":1136},[1050,3180,1660],{"class":1082},[1050,3182,3152],{"class":1082},[1050,3184,1244],{"class":1136},[1050,3186,3187],{"class":1140},"src",[1050,3189,1244],{"class":1136},[1050,3191,1353],{"class":1082},[1050,3193,1489],{"class":1136},[1050,3195,3196],{"class":1140},"alt",[1050,3198,1244],{"class":1136},[1050,3200,1353],{"class":1082},[1050,3202,1489],{"class":1136},[1050,3204,3205],{"class":1140},"width",[1050,3207,1244],{"class":1136},[1050,3209,1353],{"class":1082},[1050,3211,1489],{"class":1136},[1050,3213,3214],{"class":1140},"height",[1050,3216,1244],{"class":1136},[1050,3218,3170],{"class":1082},[1050,3220,3221],{"class":1052,"line":1593},[1050,3222,2740],{"class":1082},[1050,3224,3225],{"class":1052,"line":1599},[1050,3226,1364],{"class":1092},[1050,3228,3229],{"class":1052,"line":1604},[1050,3230,3231],{"class":1056},"    # Additional protocols for links\n",[1050,3233,3234,3237,3239,3241,3243,3246,3248,3250,3252,3255,3257,3259,3261,3264,3266],{"class":1052,"line":1627},[1050,3235,3236],{"class":1092},"    allowed_protocols ",[1050,3238,1133],{"class":1082},[1050,3240,3152],{"class":1082},[1050,3242,1244],{"class":1136},[1050,3244,3245],{"class":1140},"http",[1050,3247,1244],{"class":1136},[1050,3249,1353],{"class":1082},[1050,3251,1489],{"class":1136},[1050,3253,3254],{"class":1140},"https",[1050,3256,1244],{"class":1136},[1050,3258,1353],{"class":1082},[1050,3260,1489],{"class":1136},[1050,3262,3263],{"class":1140},"mailto",[1050,3265,1244],{"class":1136},[1050,3267,3268],{"class":1082},"]\n",[1050,3270,3272],{"class":1052,"line":3271},30,[1050,3273,1364],{"class":1092},[1050,3275,3277],{"class":1052,"line":3276},31,[1050,3278,3279],{"class":1056},"    # Clean the HTML\n",[1050,3281,3283,3286,3288,3291,3293,3296],{"class":1052,"line":3282},32,[1050,3284,3285],{"class":1092},"    cleaned ",[1050,3287,1133],{"class":1082},[1050,3289,3290],{"class":1092}," bleach",[1050,3292,1233],{"class":1082},[1050,3294,3295],{"class":1340},"clean",[1050,3297,1557],{"class":1082},[1050,3299,3301,3304],{"class":1052,"line":3300},33,[1050,3302,3303],{"class":1340},"        value",[1050,3305,1576],{"class":1082},[1050,3307,3309,3312,3314,3317],{"class":1052,"line":3308},34,[1050,3310,3311],{"class":1563},"        tags",[1050,3313,1133],{"class":1082},[1050,3315,3316],{"class":1340},"allowed_tags",[1050,3318,1576],{"class":1082},[1050,3320,3322,3325,3327,3330],{"class":1052,"line":3321},35,[1050,3323,3324],{"class":1563},"        attributes",[1050,3326,1133],{"class":1082},[1050,3328,3329],{"class":1340},"allowed_attributes",[1050,3331,1576],{"class":1082},[1050,3333,3335,3338,3340,3343],{"class":1052,"line":3334},36,[1050,3336,3337],{"class":1563},"        protocols",[1050,3339,1133],{"class":1082},[1050,3341,3342],{"class":1340},"allowed_protocols",[1050,3344,1576],{"class":1082},[1050,3346,3348,3351,3353],{"class":1052,"line":3347},37,[1050,3349,3350],{"class":1563},"        strip",[1050,3352,1133],{"class":1082},[1050,3354,3356],{"class":3355},"s8XtY","True\n",[1050,3358,3360],{"class":1052,"line":3359},38,[1050,3361,3362],{"class":1082},"    )\n",[1050,3364,3366],{"class":1052,"line":3365},39,[1050,3367,1364],{"class":1092},[1050,3369,3371,3373,3376,3378,3381],{"class":1052,"line":3370},40,[1050,3372,1405],{"class":1404},[1050,3374,3375],{"class":1340}," mark_safe",[1050,3377,1241],{"class":1082},[1050,3379,3380],{"class":1340},"cleaned",[1050,3382,1359],{"class":1082},[1050,3384,3386],{"class":1052,"line":3385},41,[1050,3387,1070],{"emptyLinePlaceholder":1069},[1050,3389,3391,3393,3395,3397],{"class":1052,"line":3390},42,[1050,3392,2900],{"class":1082},[1050,3394,2903],{"class":1236},[1050,3396,1233],{"class":1082},[1050,3398,2908],{"class":1236},[1050,3400,3402,3404,3407,3409,3411],{"class":1052,"line":3401},43,[1050,3403,1294],{"class":1202},[1050,3405,3406],{"class":1236}," strip_scripts",[1050,3408,1241],{"class":1082},[1050,3410,2920],{"class":1302},[1050,3412,1306],{"class":1082},[1050,3414,3416,3418,3421],{"class":1052,"line":3415},44,[1050,3417,1312],{"class":1311},[1050,3419,3420],{"class":1315},"Remove all script tags and javascript: URLs",[1050,3422,1319],{"class":1311},[1050,3424,3426,3428,3430,3432],{"class":1052,"line":3425},45,[1050,3427,1474],{"class":1404},[1050,3429,2938],{"class":1485},[1050,3431,2088],{"class":1092},[1050,3433,1497],{"class":1082},[1050,3435,3437,3439],{"class":1052,"line":3436},46,[1050,3438,2947],{"class":1404},[1050,3440,2950],{"class":1136},[1050,3442,3444],{"class":1052,"line":3443},47,[1050,3445,1364],{"class":1092},[1050,3447,3449],{"class":1052,"line":3448},48,[1050,3450,3451],{"class":1056},"    # Remove script tags\n",[1050,3453,3455,3458,3460,3463,3465,3468,3470,3473,3475,3479,3483,3486,3489,3492,3496,3498,3501,3504,3507,3509,3511,3513,3515,3517,3519,3522,3524,3527,3529,3532,3535,3537,3539,3542],{"class":1052,"line":3454},49,[1050,3456,3457],{"class":1092},"    value ",[1050,3459,1133],{"class":1082},[1050,3461,3462],{"class":1092}," re",[1050,3464,1233],{"class":1082},[1050,3466,3467],{"class":1340},"sub",[1050,3469,1241],{"class":1082},[1050,3471,3472],{"class":1202},"r",[1050,3474,1244],{"class":1136},[1050,3476,3478],{"class":3477},"s27EL","\u003Cscript",[1050,3480,3482],{"class":3481},"sETVe","[",[1050,3484,3485],{"class":1485},"^",[1050,3487,1089],{"class":3488},"sz9Cv",[1050,3490,3491],{"class":3481},"]",[1050,3493,3495],{"class":3494},"sGuSu","*",[1050,3497,1089],{"class":3477},[1050,3499,1233],{"class":3500},"sRJPX",[1050,3502,3503],{"class":3494},"*?",[1050,3505,3506],{"class":3477},"\u003C/script>",[1050,3508,1244],{"class":1136},[1050,3510,1353],{"class":1082},[1050,3512,1356],{"class":1136},[1050,3514,1353],{"class":1082},[1050,3516,2088],{"class":1340},[1050,3518,1353],{"class":1082},[1050,3520,3521],{"class":1563}," flags",[1050,3523,1133],{"class":1082},[1050,3525,3526],{"class":1340},"re",[1050,3528,1233],{"class":1082},[1050,3530,3531],{"class":1334},"IGNORECASE",[1050,3533,3534],{"class":1485}," |",[1050,3536,3462],{"class":1340},[1050,3538,1233],{"class":1082},[1050,3540,3541],{"class":1334},"DOTALL",[1050,3543,1359],{"class":1082},[1050,3545,3547],{"class":1052,"line":3546},50,[1050,3548,1364],{"class":1092},[1050,3550,3552],{"class":1052,"line":3551},51,[1050,3553,3554],{"class":1056},"    # Remove javascript: URLs\n",[1050,3556,3558,3560,3562,3564,3566,3568,3570,3572,3574,3577,3579,3581,3583,3585,3587,3589,3591,3593,3595,3597,3599],{"class":1052,"line":3557},52,[1050,3559,3457],{"class":1092},[1050,3561,1133],{"class":1082},[1050,3563,3462],{"class":1092},[1050,3565,1233],{"class":1082},[1050,3567,3467],{"class":1340},[1050,3569,1241],{"class":1082},[1050,3571,3472],{"class":1202},[1050,3573,1244],{"class":1136},[1050,3575,3576],{"class":3477},"javascript:",[1050,3578,1244],{"class":1136},[1050,3580,1353],{"class":1082},[1050,3582,1356],{"class":1136},[1050,3584,1353],{"class":1082},[1050,3586,2088],{"class":1340},[1050,3588,1353],{"class":1082},[1050,3590,3521],{"class":1563},[1050,3592,1133],{"class":1082},[1050,3594,3526],{"class":1340},[1050,3596,1233],{"class":1082},[1050,3598,3531],{"class":1334},[1050,3600,1359],{"class":1082},[1050,3602,3604],{"class":1052,"line":3603},53,[1050,3605,1364],{"class":1092},[1050,3607,3609],{"class":1052,"line":3608},54,[1050,3610,3611],{"class":1056},"    # Remove on* event handlers\n",[1050,3613,3615,3617,3619,3621,3623,3625,3627,3629,3631,3634,3637,3640,3643,3645,3647,3649,3651,3653,3655,3657,3661,3664,3666,3668,3670,3672,3674,3676,3678,3680,3682,3684,3686,3688,3690,3692,3694,3696,3698,3700,3702,3704],{"class":1052,"line":3614},55,[1050,3616,3457],{"class":1092},[1050,3618,1133],{"class":1082},[1050,3620,3462],{"class":1092},[1050,3622,1233],{"class":1082},[1050,3624,3467],{"class":1340},[1050,3626,1241],{"class":1082},[1050,3628,3472],{"class":1202},[1050,3630,1244],{"class":1136},[1050,3632,3633],{"class":3500},"\\s",[1050,3635,3636],{"class":3477},"on",[1050,3638,3639],{"class":3500},"\\w",[1050,3641,3642],{"class":3494},"+",[1050,3644,3633],{"class":3500},[1050,3646,3495],{"class":3494},[1050,3648,1133],{"class":3477},[1050,3650,3633],{"class":3500},[1050,3652,3495],{"class":3494},[1050,3654,3482],{"class":3481},[1050,3656,1137],{"class":3488},[1050,3658,3660],{"class":3659},"sk0MF","\\'",[1050,3662,3663],{"class":3481},"][",[1050,3665,3485],{"class":1485},[1050,3667,1137],{"class":3488},[1050,3669,3660],{"class":3659},[1050,3671,3491],{"class":3481},[1050,3673,3495],{"class":3494},[1050,3675,3482],{"class":3481},[1050,3677,1137],{"class":3488},[1050,3679,3660],{"class":3659},[1050,3681,3491],{"class":3481},[1050,3683,1244],{"class":1136},[1050,3685,1353],{"class":1082},[1050,3687,1356],{"class":1136},[1050,3689,1353],{"class":1082},[1050,3691,2088],{"class":1340},[1050,3693,1353],{"class":1082},[1050,3695,3521],{"class":1563},[1050,3697,1133],{"class":1082},[1050,3699,3526],{"class":1340},[1050,3701,1233],{"class":1082},[1050,3703,3531],{"class":1334},[1050,3705,1359],{"class":1082},[1050,3707,3709],{"class":1052,"line":3708},56,[1050,3710,1364],{"class":1092},[1050,3712,3714,3716],{"class":1052,"line":3713},57,[1050,3715,1405],{"class":1404},[1050,3717,3718],{"class":1092}," value\n",[1050,3720,3722],{"class":1052,"line":3721},58,[1050,3723,1070],{"emptyLinePlaceholder":1069},[1050,3725,3727,3729,3731,3733],{"class":1052,"line":3726},59,[1050,3728,2900],{"class":1082},[1050,3730,2903],{"class":1236},[1050,3732,1233],{"class":1082},[1050,3734,2908],{"class":1236},[1050,3736,3738,3740,3743,3745,3747],{"class":1052,"line":3737},60,[1050,3739,1294],{"class":1202},[1050,3741,3742],{"class":1236}," safe_markdown",[1050,3744,1241],{"class":1082},[1050,3746,2920],{"class":1302},[1050,3748,1306],{"class":1082},[1050,3750,3752,3754,3757],{"class":1052,"line":3751},61,[1050,3753,1312],{"class":1311},[1050,3755,3756],{"class":1315},"Convert markdown to safe HTML",[1050,3758,1319],{"class":1311},[1050,3760,3762,3764,3766,3768],{"class":1052,"line":3761},62,[1050,3763,1474],{"class":1404},[1050,3765,2938],{"class":1485},[1050,3767,2088],{"class":1092},[1050,3769,1497],{"class":1082},[1050,3771,3773,3775],{"class":1052,"line":3772},63,[1050,3774,2947],{"class":1404},[1050,3776,2950],{"class":1136},[1050,3778,3780],{"class":1052,"line":3779},64,[1050,3781,1364],{"class":1092},[1050,3783,3785,3788],{"class":1052,"line":3784},65,[1050,3786,3787],{"class":1404},"    import",[1050,3789,3790],{"class":1092}," markdown\n",[1050,3792,3794,3797,3800,3802,3805,3807,3810,3812],{"class":1052,"line":3793},66,[1050,3795,3796],{"class":1404},"    from",[1050,3798,3799],{"class":1092}," markdown",[1050,3801,1233],{"class":1082},[1050,3803,3804],{"class":1092},"extensions ",[1050,3806,2811],{"class":1404},[1050,3808,3809],{"class":1092}," codehilite",[1050,3811,1353],{"class":1082},[1050,3813,3814],{"class":1092}," fenced_code\n",[1050,3816,3818],{"class":1052,"line":3817},67,[1050,3819,1364],{"class":1092},[1050,3821,3823],{"class":1052,"line":3822},68,[1050,3824,3825],{"class":1056},"    # Convert markdown to HTML\n",[1050,3827,3829,3832,3834,3836,3838,3841],{"class":1052,"line":3828},69,[1050,3830,3831],{"class":1092},"    md ",[1050,3833,1133],{"class":1082},[1050,3835,3799],{"class":1092},[1050,3837,1233],{"class":1082},[1050,3839,3840],{"class":1340},"Markdown",[1050,3842,1557],{"class":1082},[1050,3844,3846,3849,3852,3854,3857,3859,3861,3863,3866,3868,3870,3872,3875,3877],{"class":1052,"line":3845},70,[1050,3847,3848],{"class":1563},"        extensions",[1050,3850,3851],{"class":1082},"=[",[1050,3853,1244],{"class":1136},[1050,3855,3856],{"class":1140},"codehilite",[1050,3858,1244],{"class":1136},[1050,3860,1353],{"class":1082},[1050,3862,1489],{"class":1136},[1050,3864,3865],{"class":1140},"fenced_code",[1050,3867,1244],{"class":1136},[1050,3869,1353],{"class":1082},[1050,3871,1489],{"class":1136},[1050,3873,3874],{"class":1140},"tables",[1050,3876,1244],{"class":1136},[1050,3878,3170],{"class":1082},[1050,3880,3882,3885],{"class":1052,"line":3881},71,[1050,3883,3884],{"class":1563},"        extension_configs",[1050,3886,3887],{"class":1082},"={\n",[1050,3889,3891,3893,3895,3897,3899],{"class":1052,"line":3890},72,[1050,3892,2680],{"class":1136},[1050,3894,3856],{"class":1140},[1050,3896,1244],{"class":1136},[1050,3898,1660],{"class":1082},[1050,3900,2592],{"class":1082},[1050,3902,3904,3907,3910,3912,3914,3916,3919,3921],{"class":1052,"line":3903},73,[1050,3905,3906],{"class":1136},"                '",[1050,3908,3909],{"class":1140},"css_class",[1050,3911,1244],{"class":1136},[1050,3913,1660],{"class":1082},[1050,3915,1489],{"class":1136},[1050,3917,3918],{"class":1140},"highlight",[1050,3920,1244],{"class":1136},[1050,3922,1576],{"class":1082},[1050,3924,3926,3928,3931,3933,3935,3938],{"class":1052,"line":3925},74,[1050,3927,3906],{"class":1136},[1050,3929,3930],{"class":1140},"use_pygments",[1050,3932,1244],{"class":1136},[1050,3934,1660],{"class":1082},[1050,3936,3937],{"class":3355}," True",[1050,3939,1576],{"class":1082},[1050,3941,3943],{"class":1052,"line":3942},75,[1050,3944,3945],{"class":1082},"            }\n",[1050,3947,3949],{"class":1052,"line":3948},76,[1050,3950,2735],{"class":1082},[1050,3952,3954],{"class":1052,"line":3953},77,[1050,3955,3362],{"class":1082},[1050,3957,3959],{"class":1052,"line":3958},78,[1050,3960,1364],{"class":1092},[1050,3962,3964,3966,3968,3971,3973,3976,3978,3980],{"class":1052,"line":3963},79,[1050,3965,1374],{"class":1092},[1050,3967,1133],{"class":1082},[1050,3969,3970],{"class":1092}," md",[1050,3972,1233],{"class":1082},[1050,3974,3975],{"class":1340},"convert",[1050,3977,1241],{"class":1082},[1050,3979,2920],{"class":1340},[1050,3981,1359],{"class":1082},[1050,3983,3985],{"class":1052,"line":3984},80,[1050,3986,1364],{"class":1092},[1050,3988,3990],{"class":1052,"line":3989},81,[1050,3991,3992],{"class":1056},"    # Sanitize the resulting HTML\n",[1050,3994,3996,3998,4000,4002,4004],{"class":1052,"line":3995},82,[1050,3997,1405],{"class":1404},[1050,3999,2915],{"class":1340},[1050,4001,1241],{"class":1082},[1050,4003,1044],{"class":1340},[1050,4005,1359],{"class":1082},[1035,4007,4009],{"id":4008},"using-security-filters-in-templates","Using Security Filters in Templates",[1040,4011,4013],{"className":1042,"code":4012,"language":1044,"meta":1045,"style":1045},"\u003C!-- Load custom security filters -->\n{% load security_filters %}\n\n\u003Cdiv class=\"article-content\">\n    \u003C!-- Sanitize user-generated HTML content -->\n    {{ article.content|sanitize_html }}\n\u003C/div>\n\n\u003Cdiv class=\"user-comment\">\n    \u003C!-- Convert markdown to safe HTML -->\n    {{ comment.content|safe_markdown }}\n\u003C/div>\n\n\u003Cdiv class=\"user-bio\">\n    \u003C!-- Strip potentially dangerous scripts -->\n    {{ user.bio|strip_scripts|linebreaks }}\n\u003C/div>\n",[1047,4014,4015,4020,4025,4029,4048,4053,4058,4066,4070,4089,4094,4099,4107,4111,4130,4135,4140],{"__ignoreMap":1045},[1050,4016,4017],{"class":1052,"line":1053},[1050,4018,4019],{"class":1056},"\u003C!-- Load custom security filters -->\n",[1050,4021,4022],{"class":1052,"line":1060},[1050,4023,4024],{"class":1092},"{% load security_filters %}\n",[1050,4026,4027],{"class":1052,"line":1066},[1050,4028,1070],{"emptyLinePlaceholder":1069},[1050,4030,4031,4033,4035,4037,4039,4041,4044,4046],{"class":1052,"line":1073},[1050,4032,1083],{"class":1082},[1050,4034,1126],{"class":1086},[1050,4036,1130],{"class":1129},[1050,4038,1133],{"class":1082},[1050,4040,1137],{"class":1136},[1050,4042,4043],{"class":1140},"article-content",[1050,4045,1137],{"class":1136},[1050,4047,1101],{"class":1082},[1050,4049,4050],{"class":1052,"line":1079},[1050,4051,4052],{"class":1056},"    \u003C!-- Sanitize user-generated HTML content -->\n",[1050,4054,4055],{"class":1052,"line":1104},[1050,4056,4057],{"class":1092},"    {{ article.content|sanitize_html }}\n",[1050,4059,4060,4062,4064],{"class":1052,"line":1109},[1050,4061,1096],{"class":1082},[1050,4063,1126],{"class":1086},[1050,4065,1101],{"class":1082},[1050,4067,4068],{"class":1052,"line":1115},[1050,4069,1070],{"emptyLinePlaceholder":1069},[1050,4071,4072,4074,4076,4078,4080,4082,4085,4087],{"class":1052,"line":1121},[1050,4073,1083],{"class":1082},[1050,4075,1126],{"class":1086},[1050,4077,1130],{"class":1129},[1050,4079,1133],{"class":1082},[1050,4081,1137],{"class":1136},[1050,4083,4084],{"class":1140},"user-comment",[1050,4086,1137],{"class":1136},[1050,4088,1101],{"class":1082},[1050,4090,4091],{"class":1052,"line":1148},[1050,4092,4093],{"class":1056},"    \u003C!-- Convert markdown to safe HTML -->\n",[1050,4095,4096],{"class":1052,"line":1154},[1050,4097,4098],{"class":1092},"    {{ comment.content|safe_markdown }}\n",[1050,4100,4101,4103,4105],{"class":1052,"line":1163},[1050,4102,1096],{"class":1082},[1050,4104,1126],{"class":1086},[1050,4106,1101],{"class":1082},[1050,4108,4109],{"class":1052,"line":1172},[1050,4110,1070],{"emptyLinePlaceholder":1069},[1050,4112,4113,4115,4117,4119,4121,4123,4126,4128],{"class":1052,"line":1177},[1050,4114,1083],{"class":1082},[1050,4116,1126],{"class":1086},[1050,4118,1130],{"class":1129},[1050,4120,1133],{"class":1082},[1050,4122,1137],{"class":1136},[1050,4124,4125],{"class":1140},"user-bio",[1050,4127,1137],{"class":1136},[1050,4129,1101],{"class":1082},[1050,4131,4132],{"class":1052,"line":1183},[1050,4133,4134],{"class":1056},"    \u003C!-- Strip potentially dangerous scripts -->\n",[1050,4136,4137],{"class":1052,"line":1193},[1050,4138,4139],{"class":1092},"    {{ user.bio|strip_scripts|linebreaks }}\n",[1050,4141,4142,4144,4146],{"class":1052,"line":1199},[1050,4143,1096],{"class":1082},[1050,4145,1126],{"class":1086},[1050,4147,1101],{"class":1082},[1030,4149,4151],{"id":4150},"input-validation-and-sanitization","Input Validation and Sanitization",[1035,4153,4155],{"id":4154},"form-level-validation","Form-Level Validation",[1040,4157,4159],{"className":1280,"code":4158,"language":1282,"meta":1045,"style":1045},"# forms.py - Secure form validation\nfrom django import forms\nfrom django.core.exceptions import ValidationError\nimport bleach\nimport re\n\nclass ArticleForm(forms.ModelForm):\n    \"\"\"Secure article form with XSS prevention\"\"\"\n    \n    class Meta:\n        model = Article\n        fields = ['title', 'content', 'tags']\n    \n    def clean_title(self):\n        \"\"\"Validate and sanitize title\"\"\"\n        title = self.cleaned_data['title']\n        \n        # Remove any HTML tags from title\n        title = bleach.clean(title, tags=[], strip=True)\n        \n        # Check for suspicious patterns\n        if re.search(r'\u003Cscript|javascript:|on\\w+\\s*=', title, re.IGNORECASE):\n            raise ValidationError(\"Title contains potentially dangerous content\")\n        \n        return title\n    \n    def clean_content(self):\n        \"\"\"Validate and sanitize content\"\"\"\n        content = self.cleaned_data['content']\n        \n        # Allow only safe HTML tags\n        allowed_tags = [\n            'p', 'br', 'strong', 'em', 'u', 'ol', 'ul', 'li',\n            'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote',\n            'a', 'img', 'code', 'pre'\n        ]\n        \n        allowed_attributes = {\n            'a': ['href', 'title'],\n            'img': ['src', 'alt', 'width', 'height'],\n        }\n        \n        # Sanitize HTML content\n        content = bleach.clean(\n            content,\n            tags=allowed_tags,\n            attributes=allowed_attributes,\n            protocols=['http', 'https'],\n            strip=True\n        )\n        \n        return content\n\nclass CommentForm(forms.ModelForm):\n    \"\"\"Secure comment form\"\"\"\n    \n    class Meta:\n        model = Comment\n        fields = ['content']\n        widgets = {\n            'content': forms.Textarea(attrs={\n                'placeholder': 'Write your comment... (HTML not allowed)',\n                'rows': 4\n            })\n        }\n    \n    def clean_content(self):\n        \"\"\"Strip all HTML from comments\"\"\"\n        content = self.cleaned_data['content']\n        \n        # Remove all HTML tags\n        content = bleach.clean(content, tags=[], strip=True)\n        \n        # Additional validation\n        if len(content.strip()) \u003C 3:\n            raise ValidationError(\"Comment must be at least 3 characters long\")\n        \n        if len(content) > 1000:\n            raise ValidationError(\"Comment cannot exceed 1000 characters\")\n        \n        return content\n",[1047,4160,4161,4166,4177,4198,4204,4210,4214,4235,4244,4248,4258,4268,4302,4306,4322,4332,4358,4362,4367,4401,4405,4410,4465,4484,4488,4495,4499,4512,4521,4543,4547,4552,4561,4627,4685,4717,4722,4726,4735,4763,4807,4811,4815,4820,4834,4840,4851,4862,4885,4894,4898,4902,4909,4913,4930,4939,4943,4951,4960,4976,4985,5010,5030,5045,5050,5054,5058,5070,5079,5101,5105,5110,5140,5144,5149,5177,5194,5198,5218,5235,5239],{"__ignoreMap":1045},[1050,4162,4163],{"class":1052,"line":1053},[1050,4164,4165],{"class":1056},"# forms.py - Secure form validation\n",[1050,4167,4168,4170,4172,4174],{"class":1052,"line":1060},[1050,4169,2805],{"class":1404},[1050,4171,2808],{"class":1092},[1050,4173,2811],{"class":1404},[1050,4175,4176],{"class":1092}," forms\n",[1050,4178,4179,4181,4183,4185,4188,4190,4193,4195],{"class":1052,"line":1066},[1050,4180,2805],{"class":1404},[1050,4182,2821],{"class":1092},[1050,4184,1233],{"class":1082},[1050,4186,4187],{"class":1092},"core",[1050,4189,1233],{"class":1082},[1050,4191,4192],{"class":1092},"exceptions ",[1050,4194,2811],{"class":1404},[1050,4196,4197],{"class":1092}," ValidationError\n",[1050,4199,4200,4202],{"class":1052,"line":1073},[1050,4201,2811],{"class":1404},[1050,4203,2863],{"class":1092},[1050,4205,4206,4208],{"class":1052,"line":1079},[1050,4207,2811],{"class":1404},[1050,4209,2870],{"class":1092},[1050,4211,4212],{"class":1052,"line":1104},[1050,4213,1070],{"emptyLinePlaceholder":1069},[1050,4215,4216,4219,4223,4225,4228,4230,4233],{"class":1052,"line":1109},[1050,4217,4218],{"class":1202},"class",[1050,4220,4222],{"class":4221},"sD-vU"," ArticleForm",[1050,4224,1241],{"class":1082},[1050,4226,4227],{"class":2228},"forms",[1050,4229,1233],{"class":1082},[1050,4231,4232],{"class":2228},"ModelForm",[1050,4234,1306],{"class":1082},[1050,4236,4237,4239,4242],{"class":1052,"line":1115},[1050,4238,1312],{"class":1311},[1050,4240,4241],{"class":1315},"Secure article form with XSS prevention",[1050,4243,1319],{"class":1311},[1050,4245,4246],{"class":1052,"line":1121},[1050,4247,1364],{"class":1092},[1050,4249,4250,4253,4256],{"class":1052,"line":1148},[1050,4251,4252],{"class":1202},"    class",[1050,4254,4255],{"class":4221}," Meta",[1050,4257,1497],{"class":1082},[1050,4259,4260,4263,4265],{"class":1052,"line":1154},[1050,4261,4262],{"class":1092},"        model ",[1050,4264,1133],{"class":1082},[1050,4266,4267],{"class":1092}," Article\n",[1050,4269,4270,4273,4275,4277,4279,4281,4283,4285,4287,4289,4291,4293,4295,4298,4300],{"class":1052,"line":1163},[1050,4271,4272],{"class":1092},"        fields ",[1050,4274,1133],{"class":1082},[1050,4276,3152],{"class":1082},[1050,4278,1244],{"class":1136},[1050,4280,1848],{"class":1140},[1050,4282,1244],{"class":1136},[1050,4284,1353],{"class":1082},[1050,4286,1489],{"class":1136},[1050,4288,1522],{"class":1140},[1050,4290,1244],{"class":1136},[1050,4292,1353],{"class":1082},[1050,4294,1489],{"class":1136},[1050,4296,4297],{"class":1140},"tags",[1050,4299,1244],{"class":1136},[1050,4301,3268],{"class":1082},[1050,4303,4304],{"class":1052,"line":1172},[1050,4305,1364],{"class":1092},[1050,4307,4308,4311,4314,4316,4320],{"class":1052,"line":1177},[1050,4309,4310],{"class":1202},"    def",[1050,4312,4313],{"class":1236}," clean_title",[1050,4315,1241],{"class":1082},[1050,4317,4319],{"class":4318},"sRjD_","self",[1050,4321,1306],{"class":1082},[1050,4323,4324,4327,4330],{"class":1052,"line":1183},[1050,4325,4326],{"class":1311},"        \"\"\"",[1050,4328,4329],{"class":1315},"Validate and sanitize title",[1050,4331,1319],{"class":1311},[1050,4333,4334,4337,4339,4343,4345,4348,4350,4352,4354,4356],{"class":1052,"line":1193},[1050,4335,4336],{"class":1092},"        title ",[1050,4338,1133],{"class":1082},[1050,4340,4342],{"class":4341},"se3Ec"," self",[1050,4344,1233],{"class":1082},[1050,4346,4347],{"class":1481},"cleaned_data",[1050,4349,3482],{"class":1082},[1050,4351,1244],{"class":1136},[1050,4353,1848],{"class":1140},[1050,4355,1244],{"class":1136},[1050,4357,3268],{"class":1082},[1050,4359,4360],{"class":1052,"line":1199},[1050,4361,1532],{"class":1092},[1050,4363,4364],{"class":1052,"line":1227},[1050,4365,4366],{"class":1056},"        # Remove any HTML tags from title\n",[1050,4368,4369,4371,4373,4375,4377,4379,4381,4383,4385,4388,4391,4394,4396,4399],{"class":1052,"line":1267},[1050,4370,4336],{"class":1092},[1050,4372,1133],{"class":1082},[1050,4374,3290],{"class":1092},[1050,4376,1233],{"class":1082},[1050,4378,3295],{"class":1340},[1050,4380,1241],{"class":1082},[1050,4382,1848],{"class":1340},[1050,4384,1353],{"class":1082},[1050,4386,4387],{"class":1563}," tags",[1050,4389,4390],{"class":1082},"=[],",[1050,4392,4393],{"class":1563}," strip",[1050,4395,1133],{"class":1082},[1050,4397,4398],{"class":3355},"True",[1050,4400,1359],{"class":1082},[1050,4402,4403],{"class":1052,"line":1500},[1050,4404,1532],{"class":1092},[1050,4406,4407],{"class":1052,"line":1529},[1050,4408,4409],{"class":1056},"        # Check for suspicious patterns\n",[1050,4411,4412,4415,4417,4419,4422,4424,4426,4428,4430,4432,4434,4436,4438,4440,4442,4444,4446,4448,4450,4452,4455,4457,4459,4461,4463],{"class":1052,"line":1535},[1050,4413,4414],{"class":1404},"        if",[1050,4416,3462],{"class":1092},[1050,4418,1233],{"class":1082},[1050,4420,4421],{"class":1340},"search",[1050,4423,1241],{"class":1082},[1050,4425,3472],{"class":1202},[1050,4427,1244],{"class":1136},[1050,4429,3478],{"class":3477},[1050,4431,2200],{"class":1485},[1050,4433,3576],{"class":3477},[1050,4435,2200],{"class":1485},[1050,4437,3636],{"class":3477},[1050,4439,3639],{"class":3500},[1050,4441,3642],{"class":3494},[1050,4443,3633],{"class":3500},[1050,4445,3495],{"class":3494},[1050,4447,1133],{"class":3477},[1050,4449,1244],{"class":1136},[1050,4451,1353],{"class":1082},[1050,4453,4454],{"class":1340}," title",[1050,4456,1353],{"class":1082},[1050,4458,3462],{"class":1340},[1050,4460,1233],{"class":1082},[1050,4462,3531],{"class":1334},[1050,4464,1306],{"class":1082},[1050,4466,4467,4470,4473,4475,4477,4480,4482],{"class":1052,"line":1541},[1050,4468,4469],{"class":1404},"            raise",[1050,4471,4472],{"class":1340}," ValidationError",[1050,4474,1241],{"class":1082},[1050,4476,1137],{"class":1136},[1050,4478,4479],{"class":1140},"Title contains potentially dangerous content",[1050,4481,1137],{"class":1136},[1050,4483,1359],{"class":1082},[1050,4485,4486],{"class":1052,"line":1560},[1050,4487,1532],{"class":1092},[1050,4489,4490,4492],{"class":1052,"line":1579},[1050,4491,2947],{"class":1404},[1050,4493,4494],{"class":1092}," title\n",[1050,4496,4497],{"class":1052,"line":1593},[1050,4498,1364],{"class":1092},[1050,4500,4501,4503,4506,4508,4510],{"class":1052,"line":1599},[1050,4502,4310],{"class":1202},[1050,4504,4505],{"class":1236}," clean_content",[1050,4507,1241],{"class":1082},[1050,4509,4319],{"class":4318},[1050,4511,1306],{"class":1082},[1050,4513,4514,4516,4519],{"class":1052,"line":1604},[1050,4515,4326],{"class":1311},[1050,4517,4518],{"class":1315},"Validate and sanitize content",[1050,4520,1319],{"class":1311},[1050,4522,4523,4525,4527,4529,4531,4533,4535,4537,4539,4541],{"class":1052,"line":1627},[1050,4524,1503],{"class":1092},[1050,4526,1133],{"class":1082},[1050,4528,4342],{"class":4341},[1050,4530,1233],{"class":1082},[1050,4532,4347],{"class":1481},[1050,4534,3482],{"class":1082},[1050,4536,1244],{"class":1136},[1050,4538,1522],{"class":1140},[1050,4540,1244],{"class":1136},[1050,4542,3268],{"class":1082},[1050,4544,4545],{"class":1052,"line":3271},[1050,4546,1532],{"class":1092},[1050,4548,4549],{"class":1052,"line":3276},[1050,4550,4551],{"class":1056},"        # Allow only safe HTML tags\n",[1050,4553,4554,4557,4559],{"class":1052,"line":3282},[1050,4555,4556],{"class":1092},"        allowed_tags ",[1050,4558,1133],{"class":1082},[1050,4560,2969],{"class":1082},[1050,4562,4563,4565,4567,4569,4571,4573,4575,4577,4579,4581,4583,4585,4587,4589,4591,4593,4595,4597,4599,4601,4603,4605,4607,4609,4611,4613,4615,4617,4619,4621,4623,4625],{"class":1052,"line":3300},[1050,4564,2680],{"class":1136},[1050,4566,1026],{"class":1140},[1050,4568,1244],{"class":1136},[1050,4570,1353],{"class":1082},[1050,4572,1489],{"class":1136},[1050,4574,2984],{"class":1140},[1050,4576,1244],{"class":1136},[1050,4578,1353],{"class":1082},[1050,4580,1489],{"class":1136},[1050,4582,2993],{"class":1140},[1050,4584,1244],{"class":1136},[1050,4586,1353],{"class":1082},[1050,4588,1489],{"class":1136},[1050,4590,3002],{"class":1140},[1050,4592,1244],{"class":1136},[1050,4594,1353],{"class":1082},[1050,4596,1489],{"class":1136},[1050,4598,3011],{"class":1140},[1050,4600,1244],{"class":1136},[1050,4602,1353],{"class":1082},[1050,4604,1489],{"class":1136},[1050,4606,3020],{"class":1140},[1050,4608,1244],{"class":1136},[1050,4610,1353],{"class":1082},[1050,4612,1489],{"class":1136},[1050,4614,3029],{"class":1140},[1050,4616,1244],{"class":1136},[1050,4618,1353],{"class":1082},[1050,4620,1489],{"class":1136},[1050,4622,3038],{"class":1140},[1050,4624,1244],{"class":1136},[1050,4626,1576],{"class":1082},[1050,4628,4629,4631,4633,4635,4637,4639,4641,4643,4645,4647,4649,4651,4653,4655,4657,4659,4661,4663,4665,4667,4669,4671,4673,4675,4677,4679,4681,4683],{"class":1052,"line":3308},[1050,4630,2680],{"class":1136},[1050,4632,1022],{"class":1140},[1050,4634,1244],{"class":1136},[1050,4636,1353],{"class":1082},[1050,4638,1489],{"class":1136},[1050,4640,1030],{"class":1140},[1050,4642,1244],{"class":1136},[1050,4644,1353],{"class":1082},[1050,4646,1489],{"class":1136},[1050,4648,1035],{"class":1140},[1050,4650,1244],{"class":1136},[1050,4652,1353],{"class":1082},[1050,4654,1489],{"class":1136},[1050,4656,3073],{"class":1140},[1050,4658,1244],{"class":1136},[1050,4660,1353],{"class":1082},[1050,4662,1489],{"class":1136},[1050,4664,3082],{"class":1140},[1050,4666,1244],{"class":1136},[1050,4668,1353],{"class":1082},[1050,4670,1489],{"class":1136},[1050,4672,3091],{"class":1140},[1050,4674,1244],{"class":1136},[1050,4676,1353],{"class":1082},[1050,4678,1489],{"class":1136},[1050,4680,3100],{"class":1140},[1050,4682,1244],{"class":1136},[1050,4684,1576],{"class":1082},[1050,4686,4687,4689,4691,4693,4695,4697,4699,4701,4703,4705,4707,4709,4711,4713,4715],{"class":1052,"line":3321},[1050,4688,2680],{"class":1136},[1050,4690,2370],{"class":1140},[1050,4692,1244],{"class":1136},[1050,4694,1353],{"class":1082},[1050,4696,1489],{"class":1136},[1050,4698,2107],{"class":1140},[1050,4700,1244],{"class":1136},[1050,4702,1353],{"class":1082},[1050,4704,1489],{"class":1136},[1050,4706,1047],{"class":1140},[1050,4708,1244],{"class":1136},[1050,4710,1353],{"class":1082},[1050,4712,1489],{"class":1136},[1050,4714,1040],{"class":1140},[1050,4716,3121],{"class":1136},[1050,4718,4719],{"class":1052,"line":3334},[1050,4720,4721],{"class":1082},"        ]\n",[1050,4723,4724],{"class":1052,"line":3347},[1050,4725,1532],{"class":1092},[1050,4727,4728,4731,4733],{"class":1052,"line":3359},[1050,4729,4730],{"class":1092},"        allowed_attributes ",[1050,4732,1133],{"class":1082},[1050,4734,2592],{"class":1082},[1050,4736,4737,4739,4741,4743,4745,4747,4749,4751,4753,4755,4757,4759,4761],{"class":1052,"line":3365},[1050,4738,2680],{"class":1136},[1050,4740,2370],{"class":1140},[1050,4742,1244],{"class":1136},[1050,4744,1660],{"class":1082},[1050,4746,3152],{"class":1082},[1050,4748,1244],{"class":1136},[1050,4750,3157],{"class":1140},[1050,4752,1244],{"class":1136},[1050,4754,1353],{"class":1082},[1050,4756,1489],{"class":1136},[1050,4758,1848],{"class":1140},[1050,4760,1244],{"class":1136},[1050,4762,3170],{"class":1082},[1050,4764,4765,4767,4769,4771,4773,4775,4777,4779,4781,4783,4785,4787,4789,4791,4793,4795,4797,4799,4801,4803,4805],{"class":1052,"line":3370},[1050,4766,2680],{"class":1136},[1050,4768,2107],{"class":1140},[1050,4770,1244],{"class":1136},[1050,4772,1660],{"class":1082},[1050,4774,3152],{"class":1082},[1050,4776,1244],{"class":1136},[1050,4778,3187],{"class":1140},[1050,4780,1244],{"class":1136},[1050,4782,1353],{"class":1082},[1050,4784,1489],{"class":1136},[1050,4786,3196],{"class":1140},[1050,4788,1244],{"class":1136},[1050,4790,1353],{"class":1082},[1050,4792,1489],{"class":1136},[1050,4794,3205],{"class":1140},[1050,4796,1244],{"class":1136},[1050,4798,1353],{"class":1082},[1050,4800,1489],{"class":1136},[1050,4802,3214],{"class":1140},[1050,4804,1244],{"class":1136},[1050,4806,3170],{"class":1082},[1050,4808,4809],{"class":1052,"line":3385},[1050,4810,2735],{"class":1082},[1050,4812,4813],{"class":1052,"line":3390},[1050,4814,1532],{"class":1092},[1050,4816,4817],{"class":1052,"line":3401},[1050,4818,4819],{"class":1056},"        # Sanitize HTML content\n",[1050,4821,4822,4824,4826,4828,4830,4832],{"class":1052,"line":3415},[1050,4823,1503],{"class":1092},[1050,4825,1133],{"class":1082},[1050,4827,3290],{"class":1092},[1050,4829,1233],{"class":1082},[1050,4831,3295],{"class":1340},[1050,4833,1557],{"class":1082},[1050,4835,4836,4838],{"class":1052,"line":3425},[1050,4837,1582],{"class":1340},[1050,4839,1576],{"class":1082},[1050,4841,4842,4845,4847,4849],{"class":1052,"line":3436},[1050,4843,4844],{"class":1563},"            tags",[1050,4846,1133],{"class":1082},[1050,4848,3316],{"class":1340},[1050,4850,1576],{"class":1082},[1050,4852,4853,4856,4858,4860],{"class":1052,"line":3443},[1050,4854,4855],{"class":1563},"            attributes",[1050,4857,1133],{"class":1082},[1050,4859,3329],{"class":1340},[1050,4861,1576],{"class":1082},[1050,4863,4864,4867,4869,4871,4873,4875,4877,4879,4881,4883],{"class":1052,"line":3448},[1050,4865,4866],{"class":1563},"            protocols",[1050,4868,3851],{"class":1082},[1050,4870,1244],{"class":1136},[1050,4872,3245],{"class":1140},[1050,4874,1244],{"class":1136},[1050,4876,1353],{"class":1082},[1050,4878,1489],{"class":1136},[1050,4880,3254],{"class":1140},[1050,4882,1244],{"class":1136},[1050,4884,3170],{"class":1082},[1050,4886,4887,4890,4892],{"class":1052,"line":3454},[1050,4888,4889],{"class":1563},"            strip",[1050,4891,1133],{"class":1082},[1050,4893,3356],{"class":3355},[1050,4895,4896],{"class":1052,"line":3546},[1050,4897,1596],{"class":1082},[1050,4899,4900],{"class":1052,"line":3551},[1050,4901,1532],{"class":1092},[1050,4903,4904,4906],{"class":1052,"line":3557},[1050,4905,2947],{"class":1404},[1050,4907,4908],{"class":1092}," content\n",[1050,4910,4911],{"class":1052,"line":3603},[1050,4912,1070],{"emptyLinePlaceholder":1069},[1050,4914,4915,4917,4920,4922,4924,4926,4928],{"class":1052,"line":3608},[1050,4916,4218],{"class":1202},[1050,4918,4919],{"class":4221}," CommentForm",[1050,4921,1241],{"class":1082},[1050,4923,4227],{"class":2228},[1050,4925,1233],{"class":1082},[1050,4927,4232],{"class":2228},[1050,4929,1306],{"class":1082},[1050,4931,4932,4934,4937],{"class":1052,"line":3614},[1050,4933,1312],{"class":1311},[1050,4935,4936],{"class":1315},"Secure comment form",[1050,4938,1319],{"class":1311},[1050,4940,4941],{"class":1052,"line":3708},[1050,4942,1364],{"class":1092},[1050,4944,4945,4947,4949],{"class":1052,"line":3713},[1050,4946,4252],{"class":1202},[1050,4948,4255],{"class":4221},[1050,4950,1497],{"class":1082},[1050,4952,4953,4955,4957],{"class":1052,"line":3721},[1050,4954,4262],{"class":1092},[1050,4956,1133],{"class":1082},[1050,4958,4959],{"class":1092}," Comment\n",[1050,4961,4962,4964,4966,4968,4970,4972,4974],{"class":1052,"line":3726},[1050,4963,4272],{"class":1092},[1050,4965,1133],{"class":1082},[1050,4967,3152],{"class":1082},[1050,4969,1244],{"class":1136},[1050,4971,1522],{"class":1140},[1050,4973,1244],{"class":1136},[1050,4975,3268],{"class":1082},[1050,4977,4978,4981,4983],{"class":1052,"line":3737},[1050,4979,4980],{"class":1092},"        widgets ",[1050,4982,1133],{"class":1082},[1050,4984,2592],{"class":1082},[1050,4986,4987,4989,4991,4993,4995,4998,5000,5003,5005,5008],{"class":1052,"line":3751},[1050,4988,2680],{"class":1136},[1050,4990,1522],{"class":1140},[1050,4992,1244],{"class":1136},[1050,4994,1660],{"class":1082},[1050,4996,4997],{"class":1092}," forms",[1050,4999,1233],{"class":1082},[1050,5001,5002],{"class":1340},"Textarea",[1050,5004,1241],{"class":1082},[1050,5006,5007],{"class":1563},"attrs",[1050,5009,3887],{"class":1082},[1050,5011,5012,5014,5017,5019,5021,5023,5026,5028],{"class":1052,"line":3761},[1050,5013,3906],{"class":1136},[1050,5015,5016],{"class":1140},"placeholder",[1050,5018,1244],{"class":1136},[1050,5020,1660],{"class":1082},[1050,5022,1489],{"class":1136},[1050,5024,5025],{"class":1140},"Write your comment... (HTML not allowed)",[1050,5027,1244],{"class":1136},[1050,5029,1576],{"class":1082},[1050,5031,5032,5034,5037,5039,5041],{"class":1052,"line":3772},[1050,5033,3906],{"class":1136},[1050,5035,5036],{"class":1140},"rows",[1050,5038,1244],{"class":1136},[1050,5040,1660],{"class":1082},[1050,5042,5044],{"class":5043},"s7CZa"," 4\n",[1050,5046,5047],{"class":1052,"line":3779},[1050,5048,5049],{"class":1082},"            })\n",[1050,5051,5052],{"class":1052,"line":3784},[1050,5053,2735],{"class":1082},[1050,5055,5056],{"class":1052,"line":3793},[1050,5057,1364],{"class":1092},[1050,5059,5060,5062,5064,5066,5068],{"class":1052,"line":3817},[1050,5061,4310],{"class":1202},[1050,5063,4505],{"class":1236},[1050,5065,1241],{"class":1082},[1050,5067,4319],{"class":4318},[1050,5069,1306],{"class":1082},[1050,5071,5072,5074,5077],{"class":1052,"line":3822},[1050,5073,4326],{"class":1311},[1050,5075,5076],{"class":1315},"Strip all HTML from comments",[1050,5078,1319],{"class":1311},[1050,5080,5081,5083,5085,5087,5089,5091,5093,5095,5097,5099],{"class":1052,"line":3828},[1050,5082,1503],{"class":1092},[1050,5084,1133],{"class":1082},[1050,5086,4342],{"class":4341},[1050,5088,1233],{"class":1082},[1050,5090,4347],{"class":1481},[1050,5092,3482],{"class":1082},[1050,5094,1244],{"class":1136},[1050,5096,1522],{"class":1140},[1050,5098,1244],{"class":1136},[1050,5100,3268],{"class":1082},[1050,5102,5103],{"class":1052,"line":3845},[1050,5104,1532],{"class":1092},[1050,5106,5107],{"class":1052,"line":3881},[1050,5108,5109],{"class":1056},"        # Remove all HTML tags\n",[1050,5111,5112,5114,5116,5118,5120,5122,5124,5126,5128,5130,5132,5134,5136,5138],{"class":1052,"line":3890},[1050,5113,1503],{"class":1092},[1050,5115,1133],{"class":1082},[1050,5117,3290],{"class":1092},[1050,5119,1233],{"class":1082},[1050,5121,3295],{"class":1340},[1050,5123,1241],{"class":1082},[1050,5125,1522],{"class":1340},[1050,5127,1353],{"class":1082},[1050,5129,4387],{"class":1563},[1050,5131,4390],{"class":1082},[1050,5133,4393],{"class":1563},[1050,5135,1133],{"class":1082},[1050,5137,4398],{"class":3355},[1050,5139,1359],{"class":1082},[1050,5141,5142],{"class":1052,"line":3903},[1050,5143,1532],{"class":1092},[1050,5145,5146],{"class":1052,"line":3925},[1050,5147,5148],{"class":1056},"        # Additional validation\n",[1050,5150,5151,5153,5157,5159,5161,5163,5166,5169,5172,5175],{"class":1052,"line":3942},[1050,5152,4414],{"class":1404},[1050,5154,5156],{"class":5155},"sJdAF"," len",[1050,5158,1241],{"class":1082},[1050,5160,1522],{"class":1340},[1050,5162,1233],{"class":1082},[1050,5164,5165],{"class":1340},"strip",[1050,5167,5168],{"class":1082},"())",[1050,5170,5171],{"class":1485}," \u003C",[1050,5173,5174],{"class":5043}," 3",[1050,5176,1497],{"class":1082},[1050,5178,5179,5181,5183,5185,5187,5190,5192],{"class":1052,"line":3948},[1050,5180,4469],{"class":1404},[1050,5182,4472],{"class":1340},[1050,5184,1241],{"class":1082},[1050,5186,1137],{"class":1136},[1050,5188,5189],{"class":1140},"Comment must be at least 3 characters long",[1050,5191,1137],{"class":1136},[1050,5193,1359],{"class":1082},[1050,5195,5196],{"class":1052,"line":3953},[1050,5197,1532],{"class":1092},[1050,5199,5200,5202,5204,5206,5208,5210,5213,5216],{"class":1052,"line":3958},[1050,5201,4414],{"class":1404},[1050,5203,5156],{"class":5155},[1050,5205,1241],{"class":1082},[1050,5207,1522],{"class":1340},[1050,5209,1252],{"class":1082},[1050,5211,5212],{"class":1485}," >",[1050,5214,5215],{"class":5043}," 1000",[1050,5217,1497],{"class":1082},[1050,5219,5220,5222,5224,5226,5228,5231,5233],{"class":1052,"line":3963},[1050,5221,4469],{"class":1404},[1050,5223,4472],{"class":1340},[1050,5225,1241],{"class":1082},[1050,5227,1137],{"class":1136},[1050,5229,5230],{"class":1140},"Comment cannot exceed 1000 characters",[1050,5232,1137],{"class":1136},[1050,5234,1359],{"class":1082},[1050,5236,5237],{"class":1052,"line":3984},[1050,5238,1532],{"class":1092},[1050,5240,5241,5243],{"class":1052,"line":3989},[1050,5242,2947],{"class":1404},[1050,5244,4908],{"class":1092},[1035,5246,5248],{"id":5247},"model-level-validation","Model-Level Validation",[1040,5250,5252],{"className":1280,"code":5251,"language":1282,"meta":1045,"style":1045},"# models.py - Model validation for XSS prevention\nfrom django.db import models\nfrom django.core.exceptions import ValidationError\nimport bleach\n\ndef validate_no_scripts(value):\n    \"\"\"Validator to ensure no script tags in content\"\"\"\n    if '\u003Cscript' in value.lower() or 'javascript:' in value.lower():\n        raise ValidationError(\"Script content is not allowed\")\n\ndef validate_safe_html(value):\n    \"\"\"Validator for safe HTML content\"\"\"\n    # Check if content contains only allowed tags\n    allowed_tags = ['p', 'br', 'strong', 'em', 'u', 'a']\n    cleaned = bleach.clean(value, tags=allowed_tags, strip=True)\n    \n    if cleaned != value:\n        raise ValidationError(\"Content contains disallowed HTML tags\")\n\nclass Article(models.Model):\n    title = models.CharField(\n        max_length=200,\n        validators=[validate_no_scripts]\n    )\n    content = models.TextField(\n        validators=[validate_safe_html]\n    )\n    author = models.ForeignKey(User, on_delete=models.CASCADE)\n    \n    def clean(self):\n        \"\"\"Additional model-level validation\"\"\"\n        super().clean()\n        \n        # Sanitize content before saving\n        if self.content:\n            self.content = bleach.clean(\n                self.content,\n                tags=['p', 'br', 'strong', 'em', 'u', 'a'],\n                attributes={'a': ['href']},\n                strip=True\n            )\n\nclass UserProfile(models.Model):\n    user = models.OneToOneField(User, on_delete=models.CASCADE)\n    bio = models.TextField(\n        max_length=500,\n        blank=True,\n        help_text=\"Plain text only - HTML tags will be removed\"\n    )\n    website = models.URLField(blank=True)\n    \n    def save(self, *args, **kwargs):\n        \"\"\"Override save to sanitize bio\"\"\"\n        if self.bio:\n            # Remove all HTML tags from bio\n            self.bio = bleach.clean(self.bio, tags=[], strip=True)\n        \n        super().save(*args, **kwargs)\n",[1047,5253,5254,5259,5275,5293,5299,5303,5316,5325,5368,5386,5390,5403,5412,5417,5473,5507,5511,5525,5542,5546,5565,5582,5594,5606,5610,5626,5637,5641,5676,5680,5693,5702,5715,5719,5724,5736,5755,5766,5821,5848,5857,5862,5866,5883,5915,5930,5941,5952,5967,5971,5996,6000,6029,6038,6051,6056,6094,6098],{"__ignoreMap":1045},[1050,5255,5256],{"class":1052,"line":1053},[1050,5257,5258],{"class":1056},"# models.py - Model validation for XSS prevention\n",[1050,5260,5261,5263,5265,5267,5270,5272],{"class":1052,"line":1060},[1050,5262,2805],{"class":1404},[1050,5264,2821],{"class":1092},[1050,5266,1233],{"class":1082},[1050,5268,5269],{"class":1092},"db ",[1050,5271,2811],{"class":1404},[1050,5273,5274],{"class":1092}," models\n",[1050,5276,5277,5279,5281,5283,5285,5287,5289,5291],{"class":1052,"line":1066},[1050,5278,2805],{"class":1404},[1050,5280,2821],{"class":1092},[1050,5282,1233],{"class":1082},[1050,5284,4187],{"class":1092},[1050,5286,1233],{"class":1082},[1050,5288,4192],{"class":1092},[1050,5290,2811],{"class":1404},[1050,5292,4197],{"class":1092},[1050,5294,5295,5297],{"class":1052,"line":1073},[1050,5296,2811],{"class":1404},[1050,5298,2863],{"class":1092},[1050,5300,5301],{"class":1052,"line":1079},[1050,5302,1070],{"emptyLinePlaceholder":1069},[1050,5304,5305,5307,5310,5312,5314],{"class":1052,"line":1104},[1050,5306,1294],{"class":1202},[1050,5308,5309],{"class":1236}," validate_no_scripts",[1050,5311,1241],{"class":1082},[1050,5313,2920],{"class":1302},[1050,5315,1306],{"class":1082},[1050,5317,5318,5320,5323],{"class":1052,"line":1109},[1050,5319,1312],{"class":1311},[1050,5321,5322],{"class":1315},"Validator to ensure no script tags in content",[1050,5324,1319],{"class":1311},[1050,5326,5327,5329,5331,5333,5335,5338,5340,5342,5345,5348,5351,5353,5355,5357,5359,5361,5363,5365],{"class":1052,"line":1115},[1050,5328,1474],{"class":1404},[1050,5330,1489],{"class":1136},[1050,5332,3478],{"class":1140},[1050,5334,1244],{"class":1136},[1050,5336,5337],{"class":1485}," in",[1050,5339,2088],{"class":1092},[1050,5341,1233],{"class":1082},[1050,5343,5344],{"class":1340},"lower",[1050,5346,5347],{"class":1082},"()",[1050,5349,5350],{"class":1485}," or",[1050,5352,1489],{"class":1136},[1050,5354,3576],{"class":1140},[1050,5356,1244],{"class":1136},[1050,5358,5337],{"class":1485},[1050,5360,2088],{"class":1092},[1050,5362,1233],{"class":1082},[1050,5364,5344],{"class":1340},[1050,5366,5367],{"class":1082},"():\n",[1050,5369,5370,5373,5375,5377,5379,5382,5384],{"class":1052,"line":1121},[1050,5371,5372],{"class":1404},"        raise",[1050,5374,4472],{"class":1340},[1050,5376,1241],{"class":1082},[1050,5378,1137],{"class":1136},[1050,5380,5381],{"class":1140},"Script content is not allowed",[1050,5383,1137],{"class":1136},[1050,5385,1359],{"class":1082},[1050,5387,5388],{"class":1052,"line":1148},[1050,5389,1070],{"emptyLinePlaceholder":1069},[1050,5391,5392,5394,5397,5399,5401],{"class":1052,"line":1154},[1050,5393,1294],{"class":1202},[1050,5395,5396],{"class":1236}," validate_safe_html",[1050,5398,1241],{"class":1082},[1050,5400,2920],{"class":1302},[1050,5402,1306],{"class":1082},[1050,5404,5405,5407,5410],{"class":1052,"line":1163},[1050,5406,1312],{"class":1311},[1050,5408,5409],{"class":1315},"Validator for safe HTML content",[1050,5411,1319],{"class":1311},[1050,5413,5414],{"class":1052,"line":1172},[1050,5415,5416],{"class":1056},"    # Check if content contains only allowed tags\n",[1050,5418,5419,5421,5423,5425,5427,5429,5431,5433,5435,5437,5439,5441,5443,5445,5447,5449,5451,5453,5455,5457,5459,5461,5463,5465,5467,5469,5471],{"class":1052,"line":1177},[1050,5420,2964],{"class":1092},[1050,5422,1133],{"class":1082},[1050,5424,3152],{"class":1082},[1050,5426,1244],{"class":1136},[1050,5428,1026],{"class":1140},[1050,5430,1244],{"class":1136},[1050,5432,1353],{"class":1082},[1050,5434,1489],{"class":1136},[1050,5436,2984],{"class":1140},[1050,5438,1244],{"class":1136},[1050,5440,1353],{"class":1082},[1050,5442,1489],{"class":1136},[1050,5444,2993],{"class":1140},[1050,5446,1244],{"class":1136},[1050,5448,1353],{"class":1082},[1050,5450,1489],{"class":1136},[1050,5452,3002],{"class":1140},[1050,5454,1244],{"class":1136},[1050,5456,1353],{"class":1082},[1050,5458,1489],{"class":1136},[1050,5460,3011],{"class":1140},[1050,5462,1244],{"class":1136},[1050,5464,1353],{"class":1082},[1050,5466,1489],{"class":1136},[1050,5468,2370],{"class":1140},[1050,5470,1244],{"class":1136},[1050,5472,3268],{"class":1082},[1050,5474,5475,5477,5479,5481,5483,5485,5487,5489,5491,5493,5495,5497,5499,5501,5503,5505],{"class":1052,"line":1183},[1050,5476,3285],{"class":1092},[1050,5478,1133],{"class":1082},[1050,5480,3290],{"class":1092},[1050,5482,1233],{"class":1082},[1050,5484,3295],{"class":1340},[1050,5486,1241],{"class":1082},[1050,5488,2920],{"class":1340},[1050,5490,1353],{"class":1082},[1050,5492,4387],{"class":1563},[1050,5494,1133],{"class":1082},[1050,5496,3316],{"class":1340},[1050,5498,1353],{"class":1082},[1050,5500,4393],{"class":1563},[1050,5502,1133],{"class":1082},[1050,5504,4398],{"class":3355},[1050,5506,1359],{"class":1082},[1050,5508,5509],{"class":1052,"line":1193},[1050,5510,1364],{"class":1092},[1050,5512,5513,5515,5518,5521,5523],{"class":1052,"line":1199},[1050,5514,1474],{"class":1404},[1050,5516,5517],{"class":1092}," cleaned ",[1050,5519,5520],{"class":1485},"!=",[1050,5522,2088],{"class":1092},[1050,5524,1497],{"class":1082},[1050,5526,5527,5529,5531,5533,5535,5538,5540],{"class":1052,"line":1227},[1050,5528,5372],{"class":1404},[1050,5530,4472],{"class":1340},[1050,5532,1241],{"class":1082},[1050,5534,1137],{"class":1136},[1050,5536,5537],{"class":1140},"Content contains disallowed HTML tags",[1050,5539,1137],{"class":1136},[1050,5541,1359],{"class":1082},[1050,5543,5544],{"class":1052,"line":1267},[1050,5545,1070],{"emptyLinePlaceholder":1069},[1050,5547,5548,5550,5553,5555,5558,5560,5563],{"class":1052,"line":1500},[1050,5549,4218],{"class":1202},[1050,5551,5552],{"class":4221}," Article",[1050,5554,1241],{"class":1082},[1050,5556,5557],{"class":2228},"models",[1050,5559,1233],{"class":1082},[1050,5561,5562],{"class":2228},"Model",[1050,5564,1306],{"class":1082},[1050,5566,5567,5570,5572,5575,5577,5580],{"class":1052,"line":1529},[1050,5568,5569],{"class":1092},"    title ",[1050,5571,1133],{"class":1082},[1050,5573,5574],{"class":1092}," models",[1050,5576,1233],{"class":1082},[1050,5578,5579],{"class":1340},"CharField",[1050,5581,1557],{"class":1082},[1050,5583,5584,5587,5589,5592],{"class":1052,"line":1535},[1050,5585,5586],{"class":1563},"        max_length",[1050,5588,1133],{"class":1082},[1050,5590,5591],{"class":5043},"200",[1050,5593,1576],{"class":1082},[1050,5595,5596,5599,5601,5604],{"class":1052,"line":1541},[1050,5597,5598],{"class":1563},"        validators",[1050,5600,3851],{"class":1082},[1050,5602,5603],{"class":1340},"validate_no_scripts",[1050,5605,3268],{"class":1082},[1050,5607,5608],{"class":1052,"line":1560},[1050,5609,3362],{"class":1082},[1050,5611,5612,5615,5617,5619,5621,5624],{"class":1052,"line":1579},[1050,5613,5614],{"class":1092},"    content ",[1050,5616,1133],{"class":1082},[1050,5618,5574],{"class":1092},[1050,5620,1233],{"class":1082},[1050,5622,5623],{"class":1340},"TextField",[1050,5625,1557],{"class":1082},[1050,5627,5628,5630,5632,5635],{"class":1052,"line":1593},[1050,5629,5598],{"class":1563},[1050,5631,3851],{"class":1082},[1050,5633,5634],{"class":1340},"validate_safe_html",[1050,5636,3268],{"class":1082},[1050,5638,5639],{"class":1052,"line":1599},[1050,5640,3362],{"class":1082},[1050,5642,5643,5646,5648,5650,5652,5655,5657,5660,5662,5665,5667,5669,5671,5674],{"class":1052,"line":1604},[1050,5644,5645],{"class":1092},"    author ",[1050,5647,1133],{"class":1082},[1050,5649,5574],{"class":1092},[1050,5651,1233],{"class":1082},[1050,5653,5654],{"class":1340},"ForeignKey",[1050,5656,1241],{"class":1082},[1050,5658,5659],{"class":1340},"User",[1050,5661,1353],{"class":1082},[1050,5663,5664],{"class":1563}," on_delete",[1050,5666,1133],{"class":1082},[1050,5668,5557],{"class":1340},[1050,5670,1233],{"class":1082},[1050,5672,5673],{"class":1334},"CASCADE",[1050,5675,1359],{"class":1082},[1050,5677,5678],{"class":1052,"line":1627},[1050,5679,1364],{"class":1092},[1050,5681,5682,5684,5687,5689,5691],{"class":1052,"line":3271},[1050,5683,4310],{"class":1202},[1050,5685,5686],{"class":1236}," clean",[1050,5688,1241],{"class":1082},[1050,5690,4319],{"class":4318},[1050,5692,1306],{"class":1082},[1050,5694,5695,5697,5700],{"class":1052,"line":3276},[1050,5696,4326],{"class":1311},[1050,5698,5699],{"class":1315},"Additional model-level validation",[1050,5701,1319],{"class":1311},[1050,5703,5704,5708,5711,5713],{"class":1052,"line":3282},[1050,5705,5707],{"class":5706},"sa2tF","        super",[1050,5709,5710],{"class":1082},"().",[1050,5712,3295],{"class":1340},[1050,5714,1624],{"class":1082},[1050,5716,5717],{"class":1052,"line":3300},[1050,5718,1532],{"class":1092},[1050,5720,5721],{"class":1052,"line":3308},[1050,5722,5723],{"class":1056},"        # Sanitize content before saving\n",[1050,5725,5726,5728,5730,5732,5734],{"class":1052,"line":3321},[1050,5727,4414],{"class":1404},[1050,5729,4342],{"class":4341},[1050,5731,1233],{"class":1082},[1050,5733,1522],{"class":1481},[1050,5735,1497],{"class":1082},[1050,5737,5738,5741,5743,5745,5747,5749,5751,5753],{"class":1052,"line":3334},[1050,5739,5740],{"class":4341},"            self",[1050,5742,1233],{"class":1082},[1050,5744,1522],{"class":1481},[1050,5746,1210],{"class":1082},[1050,5748,3290],{"class":1092},[1050,5750,1233],{"class":1082},[1050,5752,3295],{"class":1340},[1050,5754,1557],{"class":1082},[1050,5756,5757,5760,5762,5764],{"class":1052,"line":3347},[1050,5758,5759],{"class":4341},"                self",[1050,5761,1233],{"class":1082},[1050,5763,1522],{"class":1481},[1050,5765,1576],{"class":1082},[1050,5767,5768,5771,5773,5775,5777,5779,5781,5783,5785,5787,5789,5791,5793,5795,5797,5799,5801,5803,5805,5807,5809,5811,5813,5815,5817,5819],{"class":1052,"line":3359},[1050,5769,5770],{"class":1563},"                tags",[1050,5772,3851],{"class":1082},[1050,5774,1244],{"class":1136},[1050,5776,1026],{"class":1140},[1050,5778,1244],{"class":1136},[1050,5780,1353],{"class":1082},[1050,5782,1489],{"class":1136},[1050,5784,2984],{"class":1140},[1050,5786,1244],{"class":1136},[1050,5788,1353],{"class":1082},[1050,5790,1489],{"class":1136},[1050,5792,2993],{"class":1140},[1050,5794,1244],{"class":1136},[1050,5796,1353],{"class":1082},[1050,5798,1489],{"class":1136},[1050,5800,3002],{"class":1140},[1050,5802,1244],{"class":1136},[1050,5804,1353],{"class":1082},[1050,5806,1489],{"class":1136},[1050,5808,3011],{"class":1140},[1050,5810,1244],{"class":1136},[1050,5812,1353],{"class":1082},[1050,5814,1489],{"class":1136},[1050,5816,2370],{"class":1140},[1050,5818,1244],{"class":1136},[1050,5820,3170],{"class":1082},[1050,5822,5823,5826,5829,5831,5833,5835,5837,5839,5841,5843,5845],{"class":1052,"line":3365},[1050,5824,5825],{"class":1563},"                attributes",[1050,5827,5828],{"class":1082},"={",[1050,5830,1244],{"class":1136},[1050,5832,2370],{"class":1140},[1050,5834,1244],{"class":1136},[1050,5836,1660],{"class":1082},[1050,5838,3152],{"class":1082},[1050,5840,1244],{"class":1136},[1050,5842,3157],{"class":1140},[1050,5844,1244],{"class":1136},[1050,5846,5847],{"class":1082},"]},\n",[1050,5849,5850,5853,5855],{"class":1052,"line":3370},[1050,5851,5852],{"class":1563},"                strip",[1050,5854,1133],{"class":1082},[1050,5856,3356],{"class":3355},[1050,5858,5859],{"class":1052,"line":3385},[1050,5860,5861],{"class":1082},"            )\n",[1050,5863,5864],{"class":1052,"line":3390},[1050,5865,1070],{"emptyLinePlaceholder":1069},[1050,5867,5868,5870,5873,5875,5877,5879,5881],{"class":1052,"line":3401},[1050,5869,4218],{"class":1202},[1050,5871,5872],{"class":4221}," UserProfile",[1050,5874,1241],{"class":1082},[1050,5876,5557],{"class":2228},[1050,5878,1233],{"class":1082},[1050,5880,5562],{"class":2228},[1050,5882,1306],{"class":1082},[1050,5884,5885,5888,5890,5892,5894,5897,5899,5901,5903,5905,5907,5909,5911,5913],{"class":1052,"line":3415},[1050,5886,5887],{"class":1092},"    user ",[1050,5889,1133],{"class":1082},[1050,5891,5574],{"class":1092},[1050,5893,1233],{"class":1082},[1050,5895,5896],{"class":1340},"OneToOneField",[1050,5898,1241],{"class":1082},[1050,5900,5659],{"class":1340},[1050,5902,1353],{"class":1082},[1050,5904,5664],{"class":1563},[1050,5906,1133],{"class":1082},[1050,5908,5557],{"class":1340},[1050,5910,1233],{"class":1082},[1050,5912,5673],{"class":1334},[1050,5914,1359],{"class":1082},[1050,5916,5917,5920,5922,5924,5926,5928],{"class":1052,"line":3425},[1050,5918,5919],{"class":1092},"    bio ",[1050,5921,1133],{"class":1082},[1050,5923,5574],{"class":1092},[1050,5925,1233],{"class":1082},[1050,5927,5623],{"class":1340},[1050,5929,1557],{"class":1082},[1050,5931,5932,5934,5936,5939],{"class":1052,"line":3436},[1050,5933,5586],{"class":1563},[1050,5935,1133],{"class":1082},[1050,5937,5938],{"class":5043},"500",[1050,5940,1576],{"class":1082},[1050,5942,5943,5946,5948,5950],{"class":1052,"line":3443},[1050,5944,5945],{"class":1563},"        blank",[1050,5947,1133],{"class":1082},[1050,5949,4398],{"class":3355},[1050,5951,1576],{"class":1082},[1050,5953,5954,5957,5959,5961,5964],{"class":1052,"line":3448},[1050,5955,5956],{"class":1563},"        help_text",[1050,5958,1133],{"class":1082},[1050,5960,1137],{"class":1136},[1050,5962,5963],{"class":1140},"Plain text only - HTML tags will be removed",[1050,5965,5966],{"class":1136},"\"\n",[1050,5968,5969],{"class":1052,"line":3454},[1050,5970,3362],{"class":1082},[1050,5972,5973,5976,5978,5980,5982,5985,5987,5990,5992,5994],{"class":1052,"line":3546},[1050,5974,5975],{"class":1092},"    website ",[1050,5977,1133],{"class":1082},[1050,5979,5574],{"class":1092},[1050,5981,1233],{"class":1082},[1050,5983,5984],{"class":1340},"URLField",[1050,5986,1241],{"class":1082},[1050,5988,5989],{"class":1563},"blank",[1050,5991,1133],{"class":1082},[1050,5993,4398],{"class":3355},[1050,5995,1359],{"class":1082},[1050,5997,5998],{"class":1052,"line":3551},[1050,5999,1364],{"class":1092},[1050,6001,6002,6004,6007,6009,6011,6013,6016,6019,6021,6024,6027],{"class":1052,"line":3557},[1050,6003,4310],{"class":1202},[1050,6005,6006],{"class":1236}," save",[1050,6008,1241],{"class":1082},[1050,6010,4319],{"class":4318},[1050,6012,1353],{"class":1082},[1050,6014,6015],{"class":1485}," *",[1050,6017,6018],{"class":1302},"args",[1050,6020,1353],{"class":1082},[1050,6022,6023],{"class":1485}," **",[1050,6025,6026],{"class":1302},"kwargs",[1050,6028,1306],{"class":1082},[1050,6030,6031,6033,6036],{"class":1052,"line":3603},[1050,6032,4326],{"class":1311},[1050,6034,6035],{"class":1315},"Override save to sanitize bio",[1050,6037,1319],{"class":1311},[1050,6039,6040,6042,6044,6046,6049],{"class":1052,"line":3608},[1050,6041,4414],{"class":1404},[1050,6043,4342],{"class":4341},[1050,6045,1233],{"class":1082},[1050,6047,6048],{"class":1481},"bio",[1050,6050,1497],{"class":1082},[1050,6052,6053],{"class":1052,"line":3614},[1050,6054,6055],{"class":1056},"            # Remove all HTML tags from bio\n",[1050,6057,6058,6060,6062,6064,6066,6068,6070,6072,6074,6076,6078,6080,6082,6084,6086,6088,6090,6092],{"class":1052,"line":3708},[1050,6059,5740],{"class":4341},[1050,6061,1233],{"class":1082},[1050,6063,6048],{"class":1481},[1050,6065,1210],{"class":1082},[1050,6067,3290],{"class":1092},[1050,6069,1233],{"class":1082},[1050,6071,3295],{"class":1340},[1050,6073,1241],{"class":1082},[1050,6075,4319],{"class":4341},[1050,6077,1233],{"class":1082},[1050,6079,6048],{"class":1481},[1050,6081,1353],{"class":1082},[1050,6083,4387],{"class":1563},[1050,6085,4390],{"class":1082},[1050,6087,4393],{"class":1563},[1050,6089,1133],{"class":1082},[1050,6091,4398],{"class":3355},[1050,6093,1359],{"class":1082},[1050,6095,6096],{"class":1052,"line":3713},[1050,6097,1532],{"class":1092},[1050,6099,6100,6102,6104,6107,6109,6111,6113,6115,6117,6119],{"class":1052,"line":3721},[1050,6101,5707],{"class":5706},[1050,6103,5710],{"class":1082},[1050,6105,6106],{"class":1340},"save",[1050,6108,1241],{"class":1082},[1050,6110,3495],{"class":1485},[1050,6112,6018],{"class":1340},[1050,6114,1353],{"class":1082},[1050,6116,6023],{"class":1485},[1050,6118,6026],{"class":1340},[1050,6120,1359],{"class":1082},[1030,6122,6124],{"id":6123},"content-security-policy-csp","Content Security Policy (CSP)",[1035,6126,6128],{"id":6127},"implementing-csp-headers","Implementing CSP Headers",[1040,6130,6132],{"className":1280,"code":6131,"language":1282,"meta":1045,"style":1045},"# middleware.py - CSP middleware\nclass ContentSecurityPolicyMiddleware:\n    \"\"\"Add Content Security Policy headers\"\"\"\n    \n    def __init__(self, get_response):\n        self.get_response = get_response\n    \n    def __call__(self, request):\n        response = self.get_response(request)\n        \n        # Build CSP policy\n        csp_policy = self.build_csp_policy(request)\n        response['Content-Security-Policy'] = csp_policy\n        \n        return response\n    \n    def build_csp_policy(self, request):\n        \"\"\"Build CSP policy based on request\"\"\"\n        \n        # Base policy\n        directives = [\n            \"default-src 'self'\",\n            \"script-src 'self' 'unsafe-inline'\",  # Allow inline scripts (be careful!)\n            \"style-src 'self' 'unsafe-inline'\",   # Allow inline styles\n            \"img-src 'self' data: https:\",        # Allow images from self, data URLs, and HTTPS\n            \"font-src 'self'\",\n            \"connect-src 'self'\",\n            \"frame-ancestors 'none'\",             # Prevent clickjacking\n            \"base-uri 'self'\",\n            \"form-action 'self'\"\n        ]\n        \n        # Adjust policy for admin pages\n        if request.path.startswith('/admin/'):\n            # Admin needs more permissive policy\n            directives = [\n                \"default-src 'self'\",\n                \"script-src 'self' 'unsafe-inline' 'unsafe-eval'\",\n                \"style-src 'self' 'unsafe-inline'\",\n                \"img-src 'self' data:\",\n                \"font-src 'self'\",\n            ]\n        \n        # Development vs production policies\n        if settings.DEBUG:\n            # More permissive for development\n            directives.append(\"script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:*\")\n        \n        return '; '.join(directives)\n\n# Alternative: Using django-csp package\n# pip install django-csp\n\n# settings.py\nMIDDLEWARE = [\n    'csp.middleware.CSPMiddleware',\n    # ... other middleware\n]\n\n# CSP settings\nCSP_DEFAULT_SRC = (\"'self'\",)\nCSP_SCRIPT_SRC = (\"'self'\", \"'unsafe-inline'\")\nCSP_STYLE_SRC = (\"'self'\", \"'unsafe-inline'\")\nCSP_IMG_SRC = (\"'self'\", \"data:\", \"https:\")\nCSP_FONT_SRC = (\"'self'\",)\nCSP_CONNECT_SRC = (\"'self'\",)\nCSP_FRAME_ANCESTORS = (\"'none'\",)\nCSP_BASE_URI = (\"'self'\",)\nCSP_FORM_ACTION = (\"'self'\",)\n\n# Report violations (optional)\nCSP_REPORT_URI = '/csp-report/'\n",[1047,6133,6134,6139,6148,6157,6161,6179,6194,6198,6215,6234,6238,6243,6263,6284,6288,6295,6299,6316,6325,6329,6334,6343,6355,6369,6383,6397,6408,6419,6433,6444,6453,6457,6461,6466,6493,6498,6507,6518,6529,6539,6550,6560,6565,6569,6574,6588,6593,6614,6618,6641,6645,6650,6655,6659,6664,6673,6685,6690,6694,6698,6703,6723,6749,6774,6809,6826,6843,6861,6878,6895,6899,6904],{"__ignoreMap":1045},[1050,6135,6136],{"class":1052,"line":1053},[1050,6137,6138],{"class":1056},"# middleware.py - CSP middleware\n",[1050,6140,6141,6143,6146],{"class":1052,"line":1060},[1050,6142,4218],{"class":1202},[1050,6144,6145],{"class":4221}," ContentSecurityPolicyMiddleware",[1050,6147,1497],{"class":1082},[1050,6149,6150,6152,6155],{"class":1052,"line":1066},[1050,6151,1312],{"class":1311},[1050,6153,6154],{"class":1315},"Add Content Security Policy headers",[1050,6156,1319],{"class":1311},[1050,6158,6159],{"class":1052,"line":1073},[1050,6160,1364],{"class":1092},[1050,6162,6163,6165,6168,6170,6172,6174,6177],{"class":1052,"line":1079},[1050,6164,4310],{"class":1202},[1050,6166,6167],{"class":5155}," __init__",[1050,6169,1241],{"class":1082},[1050,6171,4319],{"class":4318},[1050,6173,1353],{"class":1082},[1050,6175,6176],{"class":1302}," get_response",[1050,6178,1306],{"class":1082},[1050,6180,6181,6184,6186,6189,6191],{"class":1052,"line":1104},[1050,6182,6183],{"class":4341},"        self",[1050,6185,1233],{"class":1082},[1050,6187,6188],{"class":1481},"get_response",[1050,6190,1210],{"class":1082},[1050,6192,6193],{"class":1092}," get_response\n",[1050,6195,6196],{"class":1052,"line":1109},[1050,6197,1364],{"class":1092},[1050,6199,6200,6202,6205,6207,6209,6211,6213],{"class":1052,"line":1115},[1050,6201,4310],{"class":1202},[1050,6203,6204],{"class":5155}," __call__",[1050,6206,1241],{"class":1082},[1050,6208,4319],{"class":4318},[1050,6210,1353],{"class":1082},[1050,6212,1329],{"class":1302},[1050,6214,1306],{"class":1082},[1050,6216,6217,6220,6222,6224,6226,6228,6230,6232],{"class":1052,"line":1121},[1050,6218,6219],{"class":1092},"        response ",[1050,6221,1133],{"class":1082},[1050,6223,4342],{"class":4341},[1050,6225,1233],{"class":1082},[1050,6227,6188],{"class":1340},[1050,6229,1241],{"class":1082},[1050,6231,1303],{"class":1340},[1050,6233,1359],{"class":1082},[1050,6235,6236],{"class":1052,"line":1148},[1050,6237,1532],{"class":1092},[1050,6239,6240],{"class":1052,"line":1154},[1050,6241,6242],{"class":1056},"        # Build CSP policy\n",[1050,6244,6245,6248,6250,6252,6254,6257,6259,6261],{"class":1052,"line":1163},[1050,6246,6247],{"class":1092},"        csp_policy ",[1050,6249,1133],{"class":1082},[1050,6251,4342],{"class":4341},[1050,6253,1233],{"class":1082},[1050,6255,6256],{"class":1340},"build_csp_policy",[1050,6258,1241],{"class":1082},[1050,6260,1303],{"class":1340},[1050,6262,1359],{"class":1082},[1050,6264,6265,6268,6270,6272,6275,6277,6279,6281],{"class":1052,"line":1172},[1050,6266,6267],{"class":1092},"        response",[1050,6269,3482],{"class":1082},[1050,6271,1244],{"class":1136},[1050,6273,6274],{"class":1140},"Content-Security-Policy",[1050,6276,1244],{"class":1136},[1050,6278,3491],{"class":1082},[1050,6280,1210],{"class":1082},[1050,6282,6283],{"class":1092}," csp_policy\n",[1050,6285,6286],{"class":1052,"line":1177},[1050,6287,1532],{"class":1092},[1050,6289,6290,6292],{"class":1052,"line":1183},[1050,6291,2947],{"class":1404},[1050,6293,6294],{"class":1092}," response\n",[1050,6296,6297],{"class":1052,"line":1193},[1050,6298,1364],{"class":1092},[1050,6300,6301,6303,6306,6308,6310,6312,6314],{"class":1052,"line":1199},[1050,6302,4310],{"class":1202},[1050,6304,6305],{"class":1236}," build_csp_policy",[1050,6307,1241],{"class":1082},[1050,6309,4319],{"class":4318},[1050,6311,1353],{"class":1082},[1050,6313,1329],{"class":1302},[1050,6315,1306],{"class":1082},[1050,6317,6318,6320,6323],{"class":1052,"line":1227},[1050,6319,4326],{"class":1311},[1050,6321,6322],{"class":1315},"Build CSP policy based on request",[1050,6324,1319],{"class":1311},[1050,6326,6327],{"class":1052,"line":1267},[1050,6328,1532],{"class":1092},[1050,6330,6331],{"class":1052,"line":1500},[1050,6332,6333],{"class":1056},"        # Base policy\n",[1050,6335,6336,6339,6341],{"class":1052,"line":1529},[1050,6337,6338],{"class":1092},"        directives ",[1050,6340,1133],{"class":1082},[1050,6342,2969],{"class":1082},[1050,6344,6345,6348,6351,6353],{"class":1052,"line":1535},[1050,6346,6347],{"class":1136},"            \"",[1050,6349,6350],{"class":1140},"default-src 'self'",[1050,6352,1137],{"class":1136},[1050,6354,1576],{"class":1082},[1050,6356,6357,6359,6362,6364,6366],{"class":1052,"line":1541},[1050,6358,6347],{"class":1136},[1050,6360,6361],{"class":1140},"script-src 'self' 'unsafe-inline'",[1050,6363,1137],{"class":1136},[1050,6365,1353],{"class":1082},[1050,6367,6368],{"class":1056},"  # Allow inline scripts (be careful!)\n",[1050,6370,6371,6373,6376,6378,6380],{"class":1052,"line":1560},[1050,6372,6347],{"class":1136},[1050,6374,6375],{"class":1140},"style-src 'self' 'unsafe-inline'",[1050,6377,1137],{"class":1136},[1050,6379,1353],{"class":1082},[1050,6381,6382],{"class":1056},"   # Allow inline styles\n",[1050,6384,6385,6387,6390,6392,6394],{"class":1052,"line":1579},[1050,6386,6347],{"class":1136},[1050,6388,6389],{"class":1140},"img-src 'self' data: https:",[1050,6391,1137],{"class":1136},[1050,6393,1353],{"class":1082},[1050,6395,6396],{"class":1056},"        # Allow images from self, data URLs, and HTTPS\n",[1050,6398,6399,6401,6404,6406],{"class":1052,"line":1593},[1050,6400,6347],{"class":1136},[1050,6402,6403],{"class":1140},"font-src 'self'",[1050,6405,1137],{"class":1136},[1050,6407,1576],{"class":1082},[1050,6409,6410,6412,6415,6417],{"class":1052,"line":1599},[1050,6411,6347],{"class":1136},[1050,6413,6414],{"class":1140},"connect-src 'self'",[1050,6416,1137],{"class":1136},[1050,6418,1576],{"class":1082},[1050,6420,6421,6423,6426,6428,6430],{"class":1052,"line":1604},[1050,6422,6347],{"class":1136},[1050,6424,6425],{"class":1140},"frame-ancestors 'none'",[1050,6427,1137],{"class":1136},[1050,6429,1353],{"class":1082},[1050,6431,6432],{"class":1056},"             # Prevent clickjacking\n",[1050,6434,6435,6437,6440,6442],{"class":1052,"line":1627},[1050,6436,6347],{"class":1136},[1050,6438,6439],{"class":1140},"base-uri 'self'",[1050,6441,1137],{"class":1136},[1050,6443,1576],{"class":1082},[1050,6445,6446,6448,6451],{"class":1052,"line":3271},[1050,6447,6347],{"class":1136},[1050,6449,6450],{"class":1140},"form-action 'self'",[1050,6452,5966],{"class":1136},[1050,6454,6455],{"class":1052,"line":3276},[1050,6456,4721],{"class":1082},[1050,6458,6459],{"class":1052,"line":3282},[1050,6460,1532],{"class":1092},[1050,6462,6463],{"class":1052,"line":3300},[1050,6464,6465],{"class":1056},"        # Adjust policy for admin pages\n",[1050,6467,6468,6470,6472,6474,6477,6479,6482,6484,6486,6489,6491],{"class":1052,"line":3308},[1050,6469,4414],{"class":1404},[1050,6471,1329],{"class":1092},[1050,6473,1233],{"class":1082},[1050,6475,6476],{"class":1481},"path",[1050,6478,1233],{"class":1082},[1050,6480,6481],{"class":1340},"startswith",[1050,6483,1241],{"class":1082},[1050,6485,1244],{"class":1136},[1050,6487,6488],{"class":1140},"/admin/",[1050,6490,1244],{"class":1136},[1050,6492,1306],{"class":1082},[1050,6494,6495],{"class":1052,"line":3321},[1050,6496,6497],{"class":1056},"            # Admin needs more permissive policy\n",[1050,6499,6500,6503,6505],{"class":1052,"line":3334},[1050,6501,6502],{"class":1092},"            directives ",[1050,6504,1133],{"class":1082},[1050,6506,2969],{"class":1082},[1050,6508,6509,6512,6514,6516],{"class":1052,"line":3347},[1050,6510,6511],{"class":1136},"                \"",[1050,6513,6350],{"class":1140},[1050,6515,1137],{"class":1136},[1050,6517,1576],{"class":1082},[1050,6519,6520,6522,6525,6527],{"class":1052,"line":3359},[1050,6521,6511],{"class":1136},[1050,6523,6524],{"class":1140},"script-src 'self' 'unsafe-inline' 'unsafe-eval'",[1050,6526,1137],{"class":1136},[1050,6528,1576],{"class":1082},[1050,6530,6531,6533,6535,6537],{"class":1052,"line":3365},[1050,6532,6511],{"class":1136},[1050,6534,6375],{"class":1140},[1050,6536,1137],{"class":1136},[1050,6538,1576],{"class":1082},[1050,6540,6541,6543,6546,6548],{"class":1052,"line":3370},[1050,6542,6511],{"class":1136},[1050,6544,6545],{"class":1140},"img-src 'self' data:",[1050,6547,1137],{"class":1136},[1050,6549,1576],{"class":1082},[1050,6551,6552,6554,6556,6558],{"class":1052,"line":3385},[1050,6553,6511],{"class":1136},[1050,6555,6403],{"class":1140},[1050,6557,1137],{"class":1136},[1050,6559,1576],{"class":1082},[1050,6561,6562],{"class":1052,"line":3390},[1050,6563,6564],{"class":1082},"            ]\n",[1050,6566,6567],{"class":1052,"line":3401},[1050,6568,1532],{"class":1092},[1050,6570,6571],{"class":1052,"line":3415},[1050,6572,6573],{"class":1056},"        # Development vs production policies\n",[1050,6575,6576,6578,6581,6583,6586],{"class":1052,"line":3425},[1050,6577,4414],{"class":1404},[1050,6579,6580],{"class":1092}," settings",[1050,6582,1233],{"class":1082},[1050,6584,6585],{"class":1334},"DEBUG",[1050,6587,1497],{"class":1082},[1050,6589,6590],{"class":1052,"line":3436},[1050,6591,6592],{"class":1056},"            # More permissive for development\n",[1050,6594,6595,6598,6600,6603,6605,6607,6610,6612],{"class":1052,"line":3443},[1050,6596,6597],{"class":1092},"            directives",[1050,6599,1233],{"class":1082},[1050,6601,6602],{"class":1340},"append",[1050,6604,1241],{"class":1082},[1050,6606,1137],{"class":1136},[1050,6608,6609],{"class":1140},"script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:*",[1050,6611,1137],{"class":1136},[1050,6613,1359],{"class":1082},[1050,6615,6616],{"class":1052,"line":3448},[1050,6617,1532],{"class":1092},[1050,6619,6620,6622,6624,6627,6629,6631,6634,6636,6639],{"class":1052,"line":3454},[1050,6621,2947],{"class":1404},[1050,6623,1489],{"class":1136},[1050,6625,6626],{"class":1140},"; ",[1050,6628,1244],{"class":1136},[1050,6630,1233],{"class":1082},[1050,6632,6633],{"class":1340},"join",[1050,6635,1241],{"class":1082},[1050,6637,6638],{"class":1340},"directives",[1050,6640,1359],{"class":1082},[1050,6642,6643],{"class":1052,"line":3546},[1050,6644,1070],{"emptyLinePlaceholder":1069},[1050,6646,6647],{"class":1052,"line":3551},[1050,6648,6649],{"class":1056},"# Alternative: Using django-csp package\n",[1050,6651,6652],{"class":1052,"line":3557},[1050,6653,6654],{"class":1056},"# pip install django-csp\n",[1050,6656,6657],{"class":1052,"line":3603},[1050,6658,1070],{"emptyLinePlaceholder":1069},[1050,6660,6661],{"class":1052,"line":3608},[1050,6662,6663],{"class":1056},"# settings.py\n",[1050,6665,6666,6669,6671],{"class":1052,"line":3614},[1050,6667,6668],{"class":4341},"MIDDLEWARE",[1050,6670,1210],{"class":1082},[1050,6672,2969],{"class":1082},[1050,6674,6675,6678,6681,6683],{"class":1052,"line":3708},[1050,6676,6677],{"class":1136},"    '",[1050,6679,6680],{"class":1140},"csp.middleware.CSPMiddleware",[1050,6682,1244],{"class":1136},[1050,6684,1576],{"class":1082},[1050,6686,6687],{"class":1052,"line":3713},[1050,6688,6689],{"class":1056},"    # ... other middleware\n",[1050,6691,6692],{"class":1052,"line":3721},[1050,6693,3268],{"class":1082},[1050,6695,6696],{"class":1052,"line":3726},[1050,6697,1070],{"emptyLinePlaceholder":1069},[1050,6699,6700],{"class":1052,"line":3737},[1050,6701,6702],{"class":1056},"# CSP settings\n",[1050,6704,6705,6708,6710,6713,6715,6718,6720],{"class":1052,"line":3751},[1050,6706,6707],{"class":4341},"CSP_DEFAULT_SRC",[1050,6709,1210],{"class":1082},[1050,6711,6712],{"class":1082}," (",[1050,6714,1137],{"class":1136},[1050,6716,6717],{"class":1140},"'self'",[1050,6719,1137],{"class":1136},[1050,6721,6722],{"class":1082},",)\n",[1050,6724,6725,6728,6730,6732,6734,6736,6738,6740,6742,6745,6747],{"class":1052,"line":3761},[1050,6726,6727],{"class":4341},"CSP_SCRIPT_SRC",[1050,6729,1210],{"class":1082},[1050,6731,6712],{"class":1082},[1050,6733,1137],{"class":1136},[1050,6735,6717],{"class":1140},[1050,6737,1137],{"class":1136},[1050,6739,1353],{"class":1082},[1050,6741,1213],{"class":1136},[1050,6743,6744],{"class":1140},"'unsafe-inline'",[1050,6746,1137],{"class":1136},[1050,6748,1359],{"class":1082},[1050,6750,6751,6754,6756,6758,6760,6762,6764,6766,6768,6770,6772],{"class":1052,"line":3772},[1050,6752,6753],{"class":4341},"CSP_STYLE_SRC",[1050,6755,1210],{"class":1082},[1050,6757,6712],{"class":1082},[1050,6759,1137],{"class":1136},[1050,6761,6717],{"class":1140},[1050,6763,1137],{"class":1136},[1050,6765,1353],{"class":1082},[1050,6767,1213],{"class":1136},[1050,6769,6744],{"class":1140},[1050,6771,1137],{"class":1136},[1050,6773,1359],{"class":1082},[1050,6775,6776,6779,6781,6783,6785,6787,6789,6791,6793,6796,6798,6800,6802,6805,6807],{"class":1052,"line":3779},[1050,6777,6778],{"class":4341},"CSP_IMG_SRC",[1050,6780,1210],{"class":1082},[1050,6782,6712],{"class":1082},[1050,6784,1137],{"class":1136},[1050,6786,6717],{"class":1140},[1050,6788,1137],{"class":1136},[1050,6790,1353],{"class":1082},[1050,6792,1213],{"class":1136},[1050,6794,6795],{"class":1140},"data:",[1050,6797,1137],{"class":1136},[1050,6799,1353],{"class":1082},[1050,6801,1213],{"class":1136},[1050,6803,6804],{"class":1140},"https:",[1050,6806,1137],{"class":1136},[1050,6808,1359],{"class":1082},[1050,6810,6811,6814,6816,6818,6820,6822,6824],{"class":1052,"line":3784},[1050,6812,6813],{"class":4341},"CSP_FONT_SRC",[1050,6815,1210],{"class":1082},[1050,6817,6712],{"class":1082},[1050,6819,1137],{"class":1136},[1050,6821,6717],{"class":1140},[1050,6823,1137],{"class":1136},[1050,6825,6722],{"class":1082},[1050,6827,6828,6831,6833,6835,6837,6839,6841],{"class":1052,"line":3793},[1050,6829,6830],{"class":4341},"CSP_CONNECT_SRC",[1050,6832,1210],{"class":1082},[1050,6834,6712],{"class":1082},[1050,6836,1137],{"class":1136},[1050,6838,6717],{"class":1140},[1050,6840,1137],{"class":1136},[1050,6842,6722],{"class":1082},[1050,6844,6845,6848,6850,6852,6854,6857,6859],{"class":1052,"line":3817},[1050,6846,6847],{"class":4341},"CSP_FRAME_ANCESTORS",[1050,6849,1210],{"class":1082},[1050,6851,6712],{"class":1082},[1050,6853,1137],{"class":1136},[1050,6855,6856],{"class":1140},"'none'",[1050,6858,1137],{"class":1136},[1050,6860,6722],{"class":1082},[1050,6862,6863,6866,6868,6870,6872,6874,6876],{"class":1052,"line":3822},[1050,6864,6865],{"class":4341},"CSP_BASE_URI",[1050,6867,1210],{"class":1082},[1050,6869,6712],{"class":1082},[1050,6871,1137],{"class":1136},[1050,6873,6717],{"class":1140},[1050,6875,1137],{"class":1136},[1050,6877,6722],{"class":1082},[1050,6879,6880,6883,6885,6887,6889,6891,6893],{"class":1052,"line":3828},[1050,6881,6882],{"class":4341},"CSP_FORM_ACTION",[1050,6884,1210],{"class":1082},[1050,6886,6712],{"class":1082},[1050,6888,1137],{"class":1136},[1050,6890,6717],{"class":1140},[1050,6892,1137],{"class":1136},[1050,6894,6722],{"class":1082},[1050,6896,6897],{"class":1052,"line":3845},[1050,6898,1070],{"emptyLinePlaceholder":1069},[1050,6900,6901],{"class":1052,"line":3881},[1050,6902,6903],{"class":1056},"# Report violations (optional)\n",[1050,6905,6906,6909,6911,6913,6916],{"class":1052,"line":3890},[1050,6907,6908],{"class":4341},"CSP_REPORT_URI",[1050,6910,1210],{"class":1082},[1050,6912,1489],{"class":1136},[1050,6914,6915],{"class":1140},"/csp-report/",[1050,6917,3121],{"class":1136},[1035,6919,6921],{"id":6920},"csp-compatible-javascript","CSP-Compatible JavaScript",[1040,6923,6925],{"className":1042,"code":6924,"language":1044,"meta":1045,"style":1045},"\u003C!-- Instead of inline scripts, use external files or nonces -->\n\n\u003C!-- BAD: Inline script (blocked by strict CSP) -->\n\u003Cscript>\n    function handleClick() {\n        alert('Clicked!');\n    }\n\u003C/script>\n\n\u003C!-- GOOD: External script file -->\n\u003Cscript src=\"{% static 'js/handlers.js' %}\">\u003C/script>\n\n\u003C!-- GOOD: Using nonce for inline scripts -->\n\u003Cscript nonce=\"{{ csp_nonce }}\">\n    function handleClick() {\n        alert('Clicked!');\n    }\n\u003C/script>\n\n\u003C!-- GOOD: Event handlers in JavaScript, not HTML -->\n\u003C!-- Instead of: \u003Cbutton onclick=\"handleClick()\"> -->\n\u003Cbutton id=\"my-button\">Click me\u003C/button>\n\u003Cscript>\n    document.getElementById('my-button').addEventListener('click', handleClick);\n\u003C/script>\n",[1047,6926,6927,6932,6936,6941,6949,6961,6980,6984,6992,6996,7001,7025,7029,7034,7054,7064,7080,7084,7092,7096,7101,7106,7136,7144,7184],{"__ignoreMap":1045},[1050,6928,6929],{"class":1052,"line":1053},[1050,6930,6931],{"class":1056},"\u003C!-- Instead of inline scripts, use external files or nonces -->\n",[1050,6933,6934],{"class":1052,"line":1060},[1050,6935,1070],{"emptyLinePlaceholder":1069},[1050,6937,6938],{"class":1052,"line":1066},[1050,6939,6940],{"class":1056},"\u003C!-- BAD: Inline script (blocked by strict CSP) -->\n",[1050,6942,6943,6945,6947],{"class":1052,"line":1073},[1050,6944,1083],{"class":1082},[1050,6946,1188],{"class":1086},[1050,6948,1101],{"class":1082},[1050,6950,6951,6954,6957,6959],{"class":1052,"line":1079},[1050,6952,6953],{"class":1202},"    function",[1050,6955,6956],{"class":1236}," handleClick",[1050,6958,5347],{"class":1082},[1050,6960,2592],{"class":1082},[1050,6962,6963,6966,6969,6971,6974,6976,6978],{"class":1052,"line":1104},[1050,6964,6965],{"class":1236},"        alert",[1050,6967,1241],{"class":6968},"sLdnO",[1050,6970,1244],{"class":1136},[1050,6972,6973],{"class":1140},"Clicked!",[1050,6975,1244],{"class":1136},[1050,6977,1252],{"class":6968},[1050,6979,1264],{"class":1082},[1050,6981,6982],{"class":1052,"line":1109},[1050,6983,2740],{"class":1082},[1050,6985,6986,6988,6990],{"class":1052,"line":1115},[1050,6987,1096],{"class":1082},[1050,6989,1188],{"class":1086},[1050,6991,1101],{"class":1082},[1050,6993,6994],{"class":1052,"line":1121},[1050,6995,1070],{"emptyLinePlaceholder":1069},[1050,6997,6998],{"class":1052,"line":1148},[1050,6999,7000],{"class":1056},"\u003C!-- GOOD: External script file -->\n",[1050,7002,7003,7005,7007,7009,7011,7013,7016,7018,7021,7023],{"class":1052,"line":1154},[1050,7004,1083],{"class":1082},[1050,7006,1188],{"class":1086},[1050,7008,2110],{"class":1129},[1050,7010,1133],{"class":1082},[1050,7012,1137],{"class":1136},[1050,7014,7015],{"class":1140},"{% static 'js/handlers.js' %}",[1050,7017,1137],{"class":1136},[1050,7019,7020],{"class":1082},">\u003C/",[1050,7022,1188],{"class":1086},[1050,7024,1101],{"class":1082},[1050,7026,7027],{"class":1052,"line":1163},[1050,7028,1070],{"emptyLinePlaceholder":1069},[1050,7030,7031],{"class":1052,"line":1172},[1050,7032,7033],{"class":1056},"\u003C!-- GOOD: Using nonce for inline scripts -->\n",[1050,7035,7036,7038,7040,7043,7045,7047,7050,7052],{"class":1052,"line":1177},[1050,7037,1083],{"class":1082},[1050,7039,1188],{"class":1086},[1050,7041,7042],{"class":1129}," nonce",[1050,7044,1133],{"class":1082},[1050,7046,1137],{"class":1136},[1050,7048,7049],{"class":1140},"{{ csp_nonce }}",[1050,7051,1137],{"class":1136},[1050,7053,1101],{"class":1082},[1050,7055,7056,7058,7060,7062],{"class":1052,"line":1183},[1050,7057,6953],{"class":1202},[1050,7059,6956],{"class":1236},[1050,7061,5347],{"class":1082},[1050,7063,2592],{"class":1082},[1050,7065,7066,7068,7070,7072,7074,7076,7078],{"class":1052,"line":1193},[1050,7067,6965],{"class":1236},[1050,7069,1241],{"class":6968},[1050,7071,1244],{"class":1136},[1050,7073,6973],{"class":1140},[1050,7075,1244],{"class":1136},[1050,7077,1252],{"class":6968},[1050,7079,1264],{"class":1082},[1050,7081,7082],{"class":1052,"line":1199},[1050,7083,2740],{"class":1082},[1050,7085,7086,7088,7090],{"class":1052,"line":1227},[1050,7087,1096],{"class":1082},[1050,7089,1188],{"class":1086},[1050,7091,1101],{"class":1082},[1050,7093,7094],{"class":1052,"line":1267},[1050,7095,1070],{"emptyLinePlaceholder":1069},[1050,7097,7098],{"class":1052,"line":1500},[1050,7099,7100],{"class":1056},"\u003C!-- GOOD: Event handlers in JavaScript, not HTML -->\n",[1050,7102,7103],{"class":1052,"line":1529},[1050,7104,7105],{"class":1056},"\u003C!-- Instead of: \u003Cbutton onclick=\"handleClick()\"> -->\n",[1050,7107,7108,7110,7113,7116,7118,7120,7123,7125,7127,7130,7132,7134],{"class":1052,"line":1535},[1050,7109,1083],{"class":1082},[1050,7111,7112],{"class":1086},"button",[1050,7114,7115],{"class":1129}," id",[1050,7117,1133],{"class":1082},[1050,7119,1137],{"class":1136},[1050,7121,7122],{"class":1140},"my-button",[1050,7124,1137],{"class":1136},[1050,7126,1089],{"class":1082},[1050,7128,7129],{"class":1092},"Click me",[1050,7131,1096],{"class":1082},[1050,7133,7112],{"class":1086},[1050,7135,1101],{"class":1082},[1050,7137,7138,7140,7142],{"class":1052,"line":1541},[1050,7139,1083],{"class":1082},[1050,7141,1188],{"class":1086},[1050,7143,1101],{"class":1082},[1050,7145,7146,7148,7150,7152,7154,7156,7158,7160,7162,7164,7167,7169,7171,7174,7176,7178,7180,7182],{"class":1052,"line":1560},[1050,7147,1230],{"class":1206},[1050,7149,1233],{"class":1082},[1050,7151,1237],{"class":1236},[1050,7153,1241],{"class":1240},[1050,7155,1244],{"class":1136},[1050,7157,7122],{"class":1140},[1050,7159,1244],{"class":1136},[1050,7161,1252],{"class":1240},[1050,7163,1233],{"class":1082},[1050,7165,7166],{"class":1236},"addEventListener",[1050,7168,1241],{"class":1240},[1050,7170,1244],{"class":1136},[1050,7172,7173],{"class":1140},"click",[1050,7175,1244],{"class":1136},[1050,7177,1353],{"class":1082},[1050,7179,6956],{"class":1206},[1050,7181,1252],{"class":1240},[1050,7183,1264],{"class":1082},[1050,7185,7186,7188,7190],{"class":1052,"line":1579},[1050,7187,1096],{"class":1082},[1050,7189,1188],{"class":1086},[1050,7191,1101],{"class":1082},[1030,7193,7195],{"id":7194},"advanced-xss-prevention","Advanced XSS Prevention",[1035,7197,7199],{"id":7198},"rich-text-editor-security","Rich Text Editor Security",[1040,7201,7203],{"className":1280,"code":7202,"language":1282,"meta":1045,"style":1045},"# views.py - Secure rich text handling\nfrom django.utils.html import strip_tags\nimport bleach\n\nclass SecureRichTextMixin:\n    \"\"\"Mixin for secure rich text handling\"\"\"\n    \n    allowed_tags = [\n        'p', 'br', 'strong', 'em', 'u', 'ol', 'ul', 'li',\n        'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote',\n        'a', 'img', 'table', 'thead', 'tbody', 'tr', 'td', 'th'\n    ]\n    \n    allowed_attributes = {\n        'a': ['href', 'title'],\n        'img': ['src', 'alt', 'width', 'height'],\n        'table': ['class'],\n        'td': ['colspan', 'rowspan'],\n        'th': ['colspan', 'rowspan'],\n    }\n    \n    def sanitize_rich_text(self, content):\n        \"\"\"Sanitize rich text content\"\"\"\n        if not content:\n            return ''\n        \n        # Clean HTML with bleach\n        cleaned = bleach.clean(\n            content,\n            tags=self.allowed_tags,\n            attributes=self.allowed_attributes,\n            protocols=['http', 'https', 'mailto'],\n            strip=True\n        )\n        \n        # Additional custom sanitization\n        cleaned = self.remove_dangerous_attributes(cleaned)\n        \n        return cleaned\n    \n    def remove_dangerous_attributes(self, html):\n        \"\"\"Remove potentially dangerous attributes\"\"\"\n        import re\n        \n        # Remove style attributes (can contain JavaScript)\n        html = re.sub(r'\\sstyle\\s*=\\s*[\"\\'][^\"\\']*[\"\\']', '', html, flags=re.IGNORECASE)\n        \n        # Remove data attributes (can be used for attacks)\n        html = re.sub(r'\\sdata-\\w+\\s*=\\s*[\"\\'][^\"\\']*[\"\\']', '', html, flags=re.IGNORECASE)\n        \n        return html\n\nclass ArticleCreateView(SecureRichTextMixin, CreateView):\n    \"\"\"Secure article creation with rich text\"\"\"\n    model = Article\n    form_class = ArticleForm\n    \n    def form_valid(self, form):\n        \"\"\"Sanitize content before saving\"\"\"\n        form.instance.content = self.sanitize_rich_text(form.instance.content)\n        return super().form_valid(form)\n",[1047,7204,7205,7210,7229,7235,7239,7248,7257,7261,7269,7335,7393,7463,7467,7471,7479,7507,7551,7571,7601,7629,7633,7637,7655,7664,7674,7681,7685,7690,7705,7711,7725,7739,7769,7777,7781,7785,7790,7809,7813,7820,7824,7842,7851,7858,7862,7867,7950,7954,7959,8046,8050,8057,8061,8080,8089,8098,8108,8112,8130,8139,8177],{"__ignoreMap":1045},[1050,7206,7207],{"class":1052,"line":1053},[1050,7208,7209],{"class":1056},"# views.py - Secure rich text handling\n",[1050,7211,7212,7214,7216,7218,7220,7222,7224,7226],{"class":1052,"line":1060},[1050,7213,2805],{"class":1404},[1050,7215,2821],{"class":1092},[1050,7217,1233],{"class":1082},[1050,7219,2826],{"class":1092},[1050,7221,1233],{"class":1082},[1050,7223,2851],{"class":1092},[1050,7225,2811],{"class":1404},[1050,7227,7228],{"class":1092}," strip_tags\n",[1050,7230,7231,7233],{"class":1052,"line":1066},[1050,7232,2811],{"class":1404},[1050,7234,2863],{"class":1092},[1050,7236,7237],{"class":1052,"line":1073},[1050,7238,1070],{"emptyLinePlaceholder":1069},[1050,7240,7241,7243,7246],{"class":1052,"line":1079},[1050,7242,4218],{"class":1202},[1050,7244,7245],{"class":4221}," SecureRichTextMixin",[1050,7247,1497],{"class":1082},[1050,7249,7250,7252,7255],{"class":1052,"line":1104},[1050,7251,1312],{"class":1311},[1050,7253,7254],{"class":1315},"Mixin for secure rich text handling",[1050,7256,1319],{"class":1311},[1050,7258,7259],{"class":1052,"line":1109},[1050,7260,1364],{"class":1092},[1050,7262,7263,7265,7267],{"class":1052,"line":1115},[1050,7264,2964],{"class":1092},[1050,7266,1133],{"class":1082},[1050,7268,2969],{"class":1082},[1050,7270,7271,7273,7275,7277,7279,7281,7283,7285,7287,7289,7291,7293,7295,7297,7299,7301,7303,7305,7307,7309,7311,7313,7315,7317,7319,7321,7323,7325,7327,7329,7331,7333],{"class":1052,"line":1121},[1050,7272,2597],{"class":1136},[1050,7274,1026],{"class":1140},[1050,7276,1244],{"class":1136},[1050,7278,1353],{"class":1082},[1050,7280,1489],{"class":1136},[1050,7282,2984],{"class":1140},[1050,7284,1244],{"class":1136},[1050,7286,1353],{"class":1082},[1050,7288,1489],{"class":1136},[1050,7290,2993],{"class":1140},[1050,7292,1244],{"class":1136},[1050,7294,1353],{"class":1082},[1050,7296,1489],{"class":1136},[1050,7298,3002],{"class":1140},[1050,7300,1244],{"class":1136},[1050,7302,1353],{"class":1082},[1050,7304,1489],{"class":1136},[1050,7306,3011],{"class":1140},[1050,7308,1244],{"class":1136},[1050,7310,1353],{"class":1082},[1050,7312,1489],{"class":1136},[1050,7314,3020],{"class":1140},[1050,7316,1244],{"class":1136},[1050,7318,1353],{"class":1082},[1050,7320,1489],{"class":1136},[1050,7322,3029],{"class":1140},[1050,7324,1244],{"class":1136},[1050,7326,1353],{"class":1082},[1050,7328,1489],{"class":1136},[1050,7330,3038],{"class":1140},[1050,7332,1244],{"class":1136},[1050,7334,1576],{"class":1082},[1050,7336,7337,7339,7341,7343,7345,7347,7349,7351,7353,7355,7357,7359,7361,7363,7365,7367,7369,7371,7373,7375,7377,7379,7381,7383,7385,7387,7389,7391],{"class":1052,"line":1148},[1050,7338,2597],{"class":1136},[1050,7340,1022],{"class":1140},[1050,7342,1244],{"class":1136},[1050,7344,1353],{"class":1082},[1050,7346,1489],{"class":1136},[1050,7348,1030],{"class":1140},[1050,7350,1244],{"class":1136},[1050,7352,1353],{"class":1082},[1050,7354,1489],{"class":1136},[1050,7356,1035],{"class":1140},[1050,7358,1244],{"class":1136},[1050,7360,1353],{"class":1082},[1050,7362,1489],{"class":1136},[1050,7364,3073],{"class":1140},[1050,7366,1244],{"class":1136},[1050,7368,1353],{"class":1082},[1050,7370,1489],{"class":1136},[1050,7372,3082],{"class":1140},[1050,7374,1244],{"class":1136},[1050,7376,1353],{"class":1082},[1050,7378,1489],{"class":1136},[1050,7380,3091],{"class":1140},[1050,7382,1244],{"class":1136},[1050,7384,1353],{"class":1082},[1050,7386,1489],{"class":1136},[1050,7388,3100],{"class":1140},[1050,7390,1244],{"class":1136},[1050,7392,1576],{"class":1082},[1050,7394,7395,7397,7399,7401,7403,7405,7407,7409,7411,7413,7416,7418,7420,7422,7425,7427,7429,7431,7434,7436,7438,7440,7443,7445,7447,7449,7452,7454,7456,7458,7461],{"class":1052,"line":1154},[1050,7396,2597],{"class":1136},[1050,7398,2370],{"class":1140},[1050,7400,1244],{"class":1136},[1050,7402,1353],{"class":1082},[1050,7404,1489],{"class":1136},[1050,7406,2107],{"class":1140},[1050,7408,1244],{"class":1136},[1050,7410,1353],{"class":1082},[1050,7412,1489],{"class":1136},[1050,7414,7415],{"class":1140},"table",[1050,7417,1244],{"class":1136},[1050,7419,1353],{"class":1082},[1050,7421,1489],{"class":1136},[1050,7423,7424],{"class":1140},"thead",[1050,7426,1244],{"class":1136},[1050,7428,1353],{"class":1082},[1050,7430,1489],{"class":1136},[1050,7432,7433],{"class":1140},"tbody",[1050,7435,1244],{"class":1136},[1050,7437,1353],{"class":1082},[1050,7439,1489],{"class":1136},[1050,7441,7442],{"class":1140},"tr",[1050,7444,1244],{"class":1136},[1050,7446,1353],{"class":1082},[1050,7448,1489],{"class":1136},[1050,7450,7451],{"class":1140},"td",[1050,7453,1244],{"class":1136},[1050,7455,1353],{"class":1082},[1050,7457,1489],{"class":1136},[1050,7459,7460],{"class":1140},"th",[1050,7462,3121],{"class":1136},[1050,7464,7465],{"class":1052,"line":1163},[1050,7466,3126],{"class":1082},[1050,7468,7469],{"class":1052,"line":1172},[1050,7470,1364],{"class":1092},[1050,7472,7473,7475,7477],{"class":1052,"line":1177},[1050,7474,3135],{"class":1092},[1050,7476,1133],{"class":1082},[1050,7478,2592],{"class":1082},[1050,7480,7481,7483,7485,7487,7489,7491,7493,7495,7497,7499,7501,7503,7505],{"class":1052,"line":1183},[1050,7482,2597],{"class":1136},[1050,7484,2370],{"class":1140},[1050,7486,1244],{"class":1136},[1050,7488,1660],{"class":1082},[1050,7490,3152],{"class":1082},[1050,7492,1244],{"class":1136},[1050,7494,3157],{"class":1140},[1050,7496,1244],{"class":1136},[1050,7498,1353],{"class":1082},[1050,7500,1489],{"class":1136},[1050,7502,1848],{"class":1140},[1050,7504,1244],{"class":1136},[1050,7506,3170],{"class":1082},[1050,7508,7509,7511,7513,7515,7517,7519,7521,7523,7525,7527,7529,7531,7533,7535,7537,7539,7541,7543,7545,7547,7549],{"class":1052,"line":1193},[1050,7510,2597],{"class":1136},[1050,7512,2107],{"class":1140},[1050,7514,1244],{"class":1136},[1050,7516,1660],{"class":1082},[1050,7518,3152],{"class":1082},[1050,7520,1244],{"class":1136},[1050,7522,3187],{"class":1140},[1050,7524,1244],{"class":1136},[1050,7526,1353],{"class":1082},[1050,7528,1489],{"class":1136},[1050,7530,3196],{"class":1140},[1050,7532,1244],{"class":1136},[1050,7534,1353],{"class":1082},[1050,7536,1489],{"class":1136},[1050,7538,3205],{"class":1140},[1050,7540,1244],{"class":1136},[1050,7542,1353],{"class":1082},[1050,7544,1489],{"class":1136},[1050,7546,3214],{"class":1140},[1050,7548,1244],{"class":1136},[1050,7550,3170],{"class":1082},[1050,7552,7553,7555,7557,7559,7561,7563,7565,7567,7569],{"class":1052,"line":1199},[1050,7554,2597],{"class":1136},[1050,7556,7415],{"class":1140},[1050,7558,1244],{"class":1136},[1050,7560,1660],{"class":1082},[1050,7562,3152],{"class":1082},[1050,7564,1244],{"class":1136},[1050,7566,4218],{"class":1140},[1050,7568,1244],{"class":1136},[1050,7570,3170],{"class":1082},[1050,7572,7573,7575,7577,7579,7581,7583,7585,7588,7590,7592,7594,7597,7599],{"class":1052,"line":1227},[1050,7574,2597],{"class":1136},[1050,7576,7451],{"class":1140},[1050,7578,1244],{"class":1136},[1050,7580,1660],{"class":1082},[1050,7582,3152],{"class":1082},[1050,7584,1244],{"class":1136},[1050,7586,7587],{"class":1140},"colspan",[1050,7589,1244],{"class":1136},[1050,7591,1353],{"class":1082},[1050,7593,1489],{"class":1136},[1050,7595,7596],{"class":1140},"rowspan",[1050,7598,1244],{"class":1136},[1050,7600,3170],{"class":1082},[1050,7602,7603,7605,7607,7609,7611,7613,7615,7617,7619,7621,7623,7625,7627],{"class":1052,"line":1267},[1050,7604,2597],{"class":1136},[1050,7606,7460],{"class":1140},[1050,7608,1244],{"class":1136},[1050,7610,1660],{"class":1082},[1050,7612,3152],{"class":1082},[1050,7614,1244],{"class":1136},[1050,7616,7587],{"class":1140},[1050,7618,1244],{"class":1136},[1050,7620,1353],{"class":1082},[1050,7622,1489],{"class":1136},[1050,7624,7596],{"class":1140},[1050,7626,1244],{"class":1136},[1050,7628,3170],{"class":1082},[1050,7630,7631],{"class":1052,"line":1500},[1050,7632,2740],{"class":1082},[1050,7634,7635],{"class":1052,"line":1529},[1050,7636,1364],{"class":1092},[1050,7638,7639,7641,7644,7646,7648,7650,7653],{"class":1052,"line":1535},[1050,7640,4310],{"class":1202},[1050,7642,7643],{"class":1236}," sanitize_rich_text",[1050,7645,1241],{"class":1082},[1050,7647,4319],{"class":4318},[1050,7649,1353],{"class":1082},[1050,7651,7652],{"class":1302}," content",[1050,7654,1306],{"class":1082},[1050,7656,7657,7659,7662],{"class":1052,"line":1541},[1050,7658,4326],{"class":1311},[1050,7660,7661],{"class":1315},"Sanitize rich text content",[1050,7663,1319],{"class":1311},[1050,7665,7666,7668,7670,7672],{"class":1052,"line":1560},[1050,7667,4414],{"class":1404},[1050,7669,2938],{"class":1485},[1050,7671,7652],{"class":1092},[1050,7673,1497],{"class":1082},[1050,7675,7676,7679],{"class":1052,"line":1579},[1050,7677,7678],{"class":1404},"            return",[1050,7680,2950],{"class":1136},[1050,7682,7683],{"class":1052,"line":1593},[1050,7684,1532],{"class":1092},[1050,7686,7687],{"class":1052,"line":1599},[1050,7688,7689],{"class":1056},"        # Clean HTML with bleach\n",[1050,7691,7692,7695,7697,7699,7701,7703],{"class":1052,"line":1604},[1050,7693,7694],{"class":1092},"        cleaned ",[1050,7696,1133],{"class":1082},[1050,7698,3290],{"class":1092},[1050,7700,1233],{"class":1082},[1050,7702,3295],{"class":1340},[1050,7704,1557],{"class":1082},[1050,7706,7707,7709],{"class":1052,"line":1627},[1050,7708,1582],{"class":1340},[1050,7710,1576],{"class":1082},[1050,7712,7713,7715,7717,7719,7721,7723],{"class":1052,"line":3271},[1050,7714,4844],{"class":1563},[1050,7716,1133],{"class":1082},[1050,7718,4319],{"class":4341},[1050,7720,1233],{"class":1082},[1050,7722,3316],{"class":1481},[1050,7724,1576],{"class":1082},[1050,7726,7727,7729,7731,7733,7735,7737],{"class":1052,"line":3276},[1050,7728,4855],{"class":1563},[1050,7730,1133],{"class":1082},[1050,7732,4319],{"class":4341},[1050,7734,1233],{"class":1082},[1050,7736,3329],{"class":1481},[1050,7738,1576],{"class":1082},[1050,7740,7741,7743,7745,7747,7749,7751,7753,7755,7757,7759,7761,7763,7765,7767],{"class":1052,"line":3282},[1050,7742,4866],{"class":1563},[1050,7744,3851],{"class":1082},[1050,7746,1244],{"class":1136},[1050,7748,3245],{"class":1140},[1050,7750,1244],{"class":1136},[1050,7752,1353],{"class":1082},[1050,7754,1489],{"class":1136},[1050,7756,3254],{"class":1140},[1050,7758,1244],{"class":1136},[1050,7760,1353],{"class":1082},[1050,7762,1489],{"class":1136},[1050,7764,3263],{"class":1140},[1050,7766,1244],{"class":1136},[1050,7768,3170],{"class":1082},[1050,7770,7771,7773,7775],{"class":1052,"line":3300},[1050,7772,4889],{"class":1563},[1050,7774,1133],{"class":1082},[1050,7776,3356],{"class":3355},[1050,7778,7779],{"class":1052,"line":3308},[1050,7780,1596],{"class":1082},[1050,7782,7783],{"class":1052,"line":3321},[1050,7784,1532],{"class":1092},[1050,7786,7787],{"class":1052,"line":3334},[1050,7788,7789],{"class":1056},"        # Additional custom sanitization\n",[1050,7791,7792,7794,7796,7798,7800,7803,7805,7807],{"class":1052,"line":3347},[1050,7793,7694],{"class":1092},[1050,7795,1133],{"class":1082},[1050,7797,4342],{"class":4341},[1050,7799,1233],{"class":1082},[1050,7801,7802],{"class":1340},"remove_dangerous_attributes",[1050,7804,1241],{"class":1082},[1050,7806,3380],{"class":1340},[1050,7808,1359],{"class":1082},[1050,7810,7811],{"class":1052,"line":3359},[1050,7812,1532],{"class":1092},[1050,7814,7815,7817],{"class":1052,"line":3365},[1050,7816,2947],{"class":1404},[1050,7818,7819],{"class":1092}," cleaned\n",[1050,7821,7822],{"class":1052,"line":3370},[1050,7823,1364],{"class":1092},[1050,7825,7826,7828,7831,7833,7835,7837,7840],{"class":1052,"line":3385},[1050,7827,4310],{"class":1202},[1050,7829,7830],{"class":1236}," remove_dangerous_attributes",[1050,7832,1241],{"class":1082},[1050,7834,4319],{"class":4318},[1050,7836,1353],{"class":1082},[1050,7838,7839],{"class":1302}," html",[1050,7841,1306],{"class":1082},[1050,7843,7844,7846,7849],{"class":1052,"line":3390},[1050,7845,4326],{"class":1311},[1050,7847,7848],{"class":1315},"Remove potentially dangerous attributes",[1050,7850,1319],{"class":1311},[1050,7852,7853,7856],{"class":1052,"line":3401},[1050,7854,7855],{"class":1404},"        import",[1050,7857,2870],{"class":1092},[1050,7859,7860],{"class":1052,"line":3415},[1050,7861,1532],{"class":1092},[1050,7863,7864],{"class":1052,"line":3425},[1050,7865,7866],{"class":1056},"        # Remove style attributes (can contain JavaScript)\n",[1050,7868,7869,7872,7874,7876,7878,7880,7882,7884,7886,7888,7890,7892,7894,7896,7898,7900,7902,7904,7906,7908,7910,7912,7914,7916,7918,7920,7922,7924,7926,7928,7930,7932,7934,7936,7938,7940,7942,7944,7946,7948],{"class":1052,"line":3436},[1050,7870,7871],{"class":1092},"        html ",[1050,7873,1133],{"class":1082},[1050,7875,3462],{"class":1092},[1050,7877,1233],{"class":1082},[1050,7879,3467],{"class":1340},[1050,7881,1241],{"class":1082},[1050,7883,3472],{"class":1202},[1050,7885,1244],{"class":1136},[1050,7887,3633],{"class":3500},[1050,7889,2311],{"class":3477},[1050,7891,3633],{"class":3500},[1050,7893,3495],{"class":3494},[1050,7895,1133],{"class":3477},[1050,7897,3633],{"class":3500},[1050,7899,3495],{"class":3494},[1050,7901,3482],{"class":3481},[1050,7903,1137],{"class":3488},[1050,7905,3660],{"class":3659},[1050,7907,3663],{"class":3481},[1050,7909,3485],{"class":1485},[1050,7911,1137],{"class":3488},[1050,7913,3660],{"class":3659},[1050,7915,3491],{"class":3481},[1050,7917,3495],{"class":3494},[1050,7919,3482],{"class":3481},[1050,7921,1137],{"class":3488},[1050,7923,3660],{"class":3659},[1050,7925,3491],{"class":3481},[1050,7927,1244],{"class":1136},[1050,7929,1353],{"class":1082},[1050,7931,1356],{"class":1136},[1050,7933,1353],{"class":1082},[1050,7935,7839],{"class":1340},[1050,7937,1353],{"class":1082},[1050,7939,3521],{"class":1563},[1050,7941,1133],{"class":1082},[1050,7943,3526],{"class":1340},[1050,7945,1233],{"class":1082},[1050,7947,3531],{"class":1334},[1050,7949,1359],{"class":1082},[1050,7951,7952],{"class":1052,"line":3443},[1050,7953,1532],{"class":1092},[1050,7955,7956],{"class":1052,"line":3448},[1050,7957,7958],{"class":1056},"        # Remove data attributes (can be used for attacks)\n",[1050,7960,7961,7963,7965,7967,7969,7971,7973,7975,7977,7979,7982,7984,7986,7988,7990,7992,7994,7996,7998,8000,8002,8004,8006,8008,8010,8012,8014,8016,8018,8020,8022,8024,8026,8028,8030,8032,8034,8036,8038,8040,8042,8044],{"class":1052,"line":3454},[1050,7962,7871],{"class":1092},[1050,7964,1133],{"class":1082},[1050,7966,3462],{"class":1092},[1050,7968,1233],{"class":1082},[1050,7970,3467],{"class":1340},[1050,7972,1241],{"class":1082},[1050,7974,3472],{"class":1202},[1050,7976,1244],{"class":1136},[1050,7978,3633],{"class":3500},[1050,7980,7981],{"class":3477},"data-",[1050,7983,3639],{"class":3500},[1050,7985,3642],{"class":3494},[1050,7987,3633],{"class":3500},[1050,7989,3495],{"class":3494},[1050,7991,1133],{"class":3477},[1050,7993,3633],{"class":3500},[1050,7995,3495],{"class":3494},[1050,7997,3482],{"class":3481},[1050,7999,1137],{"class":3488},[1050,8001,3660],{"class":3659},[1050,8003,3663],{"class":3481},[1050,8005,3485],{"class":1485},[1050,8007,1137],{"class":3488},[1050,8009,3660],{"class":3659},[1050,8011,3491],{"class":3481},[1050,8013,3495],{"class":3494},[1050,8015,3482],{"class":3481},[1050,8017,1137],{"class":3488},[1050,8019,3660],{"class":3659},[1050,8021,3491],{"class":3481},[1050,8023,1244],{"class":1136},[1050,8025,1353],{"class":1082},[1050,8027,1356],{"class":1136},[1050,8029,1353],{"class":1082},[1050,8031,7839],{"class":1340},[1050,8033,1353],{"class":1082},[1050,8035,3521],{"class":1563},[1050,8037,1133],{"class":1082},[1050,8039,3526],{"class":1340},[1050,8041,1233],{"class":1082},[1050,8043,3531],{"class":1334},[1050,8045,1359],{"class":1082},[1050,8047,8048],{"class":1052,"line":3546},[1050,8049,1532],{"class":1092},[1050,8051,8052,8054],{"class":1052,"line":3551},[1050,8053,2947],{"class":1404},[1050,8055,8056],{"class":1092}," html\n",[1050,8058,8059],{"class":1052,"line":3557},[1050,8060,1070],{"emptyLinePlaceholder":1069},[1050,8062,8063,8065,8068,8070,8073,8075,8078],{"class":1052,"line":3603},[1050,8064,4218],{"class":1202},[1050,8066,8067],{"class":4221}," ArticleCreateView",[1050,8069,1241],{"class":1082},[1050,8071,8072],{"class":2228},"SecureRichTextMixin",[1050,8074,1353],{"class":1082},[1050,8076,8077],{"class":2228}," CreateView",[1050,8079,1306],{"class":1082},[1050,8081,8082,8084,8087],{"class":1052,"line":3608},[1050,8083,1312],{"class":1311},[1050,8085,8086],{"class":1315},"Secure article creation with rich text",[1050,8088,1319],{"class":1311},[1050,8090,8091,8094,8096],{"class":1052,"line":3614},[1050,8092,8093],{"class":1092},"    model ",[1050,8095,1133],{"class":1082},[1050,8097,4267],{"class":1092},[1050,8099,8100,8103,8105],{"class":1052,"line":3708},[1050,8101,8102],{"class":1092},"    form_class ",[1050,8104,1133],{"class":1082},[1050,8106,8107],{"class":1092}," ArticleForm\n",[1050,8109,8110],{"class":1052,"line":3713},[1050,8111,1364],{"class":1092},[1050,8113,8114,8116,8119,8121,8123,8125,8128],{"class":1052,"line":3721},[1050,8115,4310],{"class":1202},[1050,8117,8118],{"class":1236}," form_valid",[1050,8120,1241],{"class":1082},[1050,8122,4319],{"class":4318},[1050,8124,1353],{"class":1082},[1050,8126,8127],{"class":1302}," form",[1050,8129,1306],{"class":1082},[1050,8131,8132,8134,8137],{"class":1052,"line":3726},[1050,8133,4326],{"class":1311},[1050,8135,8136],{"class":1315},"Sanitize content before saving",[1050,8138,1319],{"class":1311},[1050,8140,8141,8144,8146,8149,8151,8153,8155,8157,8159,8162,8164,8167,8169,8171,8173,8175],{"class":1052,"line":3737},[1050,8142,8143],{"class":1092},"        form",[1050,8145,1233],{"class":1082},[1050,8147,8148],{"class":1481},"instance",[1050,8150,1233],{"class":1082},[1050,8152,1522],{"class":1481},[1050,8154,1210],{"class":1082},[1050,8156,4342],{"class":4341},[1050,8158,1233],{"class":1082},[1050,8160,8161],{"class":1340},"sanitize_rich_text",[1050,8163,1241],{"class":1082},[1050,8165,8166],{"class":1340},"form",[1050,8168,1233],{"class":1082},[1050,8170,8148],{"class":1481},[1050,8172,1233],{"class":1082},[1050,8174,1522],{"class":1481},[1050,8176,1359],{"class":1082},[1050,8178,8179,8181,8184,8186,8189,8191,8193],{"class":1052,"line":3751},[1050,8180,2947],{"class":1404},[1050,8182,8183],{"class":5706}," super",[1050,8185,5710],{"class":1082},[1050,8187,8188],{"class":1340},"form_valid",[1050,8190,1241],{"class":1082},[1050,8192,8166],{"class":1340},[1050,8194,1359],{"class":1082},[1035,8196,8198],{"id":8197},"file-upload-security","File Upload Security",[1040,8200,8202],{"className":1280,"code":8201,"language":1282,"meta":1045,"style":1045},"# File upload security to prevent XSS via uploaded files\nimport magic\nfrom django.core.exceptions import ValidationError\n\ndef validate_file_content(file):\n    \"\"\"Validate uploaded file content\"\"\"\n    \n    # Check file type using python-magic\n    file_type = magic.from_buffer(file.read(1024), mime=True)\n    file.seek(0)  # Reset file pointer\n    \n    allowed_types = [\n        'image/jpeg', 'image/png', 'image/gif',\n        'application/pdf', 'text/plain'\n    ]\n    \n    if file_type not in allowed_types:\n        raise ValidationError(f\"File type {file_type} not allowed\")\n    \n    # Additional checks for image files\n    if file_type.startswith('image/'):\n        validate_image_content(file)\n\ndef validate_image_content(file):\n    \"\"\"Additional validation for image files\"\"\"\n    \n    # Check for embedded scripts in image metadata\n    file.seek(0)\n    content = file.read()\n    \n    # Look for script tags in image data (SVG attacks)\n    if b'\u003Cscript' in content.lower() or b'javascript:' in content.lower():\n        raise ValidationError(\"Image contains potentially malicious content\")\n    \n    file.seek(0)\n\nclass SecureFileField(models.FileField):\n    \"\"\"Secure file field with content validation\"\"\"\n    \n    def __init__(self, *args, **kwargs):\n        kwargs.setdefault('validators', []).append(validate_file_content)\n        super().__init__(*args, **kwargs)\n\n# Usage in models\nclass Document(models.Model):\n    title = models.CharField(max_length=200)\n    file = SecureFileField(upload_to='documents/')\n    uploaded_by = models.ForeignKey(User, on_delete=models.CASCADE)\n",[1047,8203,8204,8209,8216,8234,8238,8252,8261,8265,8270,8311,8331,8335,8344,8373,8391,8395,8399,8416,8442,8446,8451,8473,8484,8488,8501,8510,8514,8519,8533,8548,8552,8557,8600,8617,8621,8635,8639,8657,8666,8670,8694,8727,8750,8754,8759,8776,8799,8823],{"__ignoreMap":1045},[1050,8205,8206],{"class":1052,"line":1053},[1050,8207,8208],{"class":1056},"# File upload security to prevent XSS via uploaded files\n",[1050,8210,8211,8213],{"class":1052,"line":1060},[1050,8212,2811],{"class":1404},[1050,8214,8215],{"class":1092}," magic\n",[1050,8217,8218,8220,8222,8224,8226,8228,8230,8232],{"class":1052,"line":1066},[1050,8219,2805],{"class":1404},[1050,8221,2821],{"class":1092},[1050,8223,1233],{"class":1082},[1050,8225,4187],{"class":1092},[1050,8227,1233],{"class":1082},[1050,8229,4192],{"class":1092},[1050,8231,2811],{"class":1404},[1050,8233,4197],{"class":1092},[1050,8235,8236],{"class":1052,"line":1073},[1050,8237,1070],{"emptyLinePlaceholder":1069},[1050,8239,8240,8242,8245,8247,8250],{"class":1052,"line":1079},[1050,8241,1294],{"class":1202},[1050,8243,8244],{"class":1236}," validate_file_content",[1050,8246,1241],{"class":1082},[1050,8248,8249],{"class":1302},"file",[1050,8251,1306],{"class":1082},[1050,8253,8254,8256,8259],{"class":1052,"line":1104},[1050,8255,1312],{"class":1311},[1050,8257,8258],{"class":1315},"Validate uploaded file content",[1050,8260,1319],{"class":1311},[1050,8262,8263],{"class":1052,"line":1109},[1050,8264,1364],{"class":1092},[1050,8266,8267],{"class":1052,"line":1115},[1050,8268,8269],{"class":1056},"    # Check file type using python-magic\n",[1050,8271,8272,8275,8277,8280,8282,8285,8287,8289,8291,8294,8296,8299,8302,8305,8307,8309],{"class":1052,"line":1121},[1050,8273,8274],{"class":1092},"    file_type ",[1050,8276,1133],{"class":1082},[1050,8278,8279],{"class":1092}," magic",[1050,8281,1233],{"class":1082},[1050,8283,8284],{"class":1340},"from_buffer",[1050,8286,1241],{"class":1082},[1050,8288,8249],{"class":1206},[1050,8290,1233],{"class":1082},[1050,8292,8293],{"class":1340},"read",[1050,8295,1241],{"class":1082},[1050,8297,8298],{"class":5043},"1024",[1050,8300,8301],{"class":1082},"),",[1050,8303,8304],{"class":1563}," mime",[1050,8306,1133],{"class":1082},[1050,8308,4398],{"class":3355},[1050,8310,1359],{"class":1082},[1050,8312,8313,8316,8318,8321,8323,8326,8328],{"class":1052,"line":1148},[1050,8314,8315],{"class":1206},"    file",[1050,8317,1233],{"class":1082},[1050,8319,8320],{"class":1340},"seek",[1050,8322,1241],{"class":1082},[1050,8324,8325],{"class":5043},"0",[1050,8327,1252],{"class":1082},[1050,8329,8330],{"class":1056},"  # Reset file pointer\n",[1050,8332,8333],{"class":1052,"line":1154},[1050,8334,1364],{"class":1092},[1050,8336,8337,8340,8342],{"class":1052,"line":1163},[1050,8338,8339],{"class":1092},"    allowed_types ",[1050,8341,1133],{"class":1082},[1050,8343,2969],{"class":1082},[1050,8345,8346,8348,8351,8353,8355,8357,8360,8362,8364,8366,8369,8371],{"class":1052,"line":1172},[1050,8347,2597],{"class":1136},[1050,8349,8350],{"class":1140},"image/jpeg",[1050,8352,1244],{"class":1136},[1050,8354,1353],{"class":1082},[1050,8356,1489],{"class":1136},[1050,8358,8359],{"class":1140},"image/png",[1050,8361,1244],{"class":1136},[1050,8363,1353],{"class":1082},[1050,8365,1489],{"class":1136},[1050,8367,8368],{"class":1140},"image/gif",[1050,8370,1244],{"class":1136},[1050,8372,1576],{"class":1082},[1050,8374,8375,8377,8380,8382,8384,8386,8389],{"class":1052,"line":1177},[1050,8376,2597],{"class":1136},[1050,8378,8379],{"class":1140},"application/pdf",[1050,8381,1244],{"class":1136},[1050,8383,1353],{"class":1082},[1050,8385,1489],{"class":1136},[1050,8387,8388],{"class":1140},"text/plain",[1050,8390,3121],{"class":1136},[1050,8392,8393],{"class":1052,"line":1183},[1050,8394,3126],{"class":1082},[1050,8396,8397],{"class":1052,"line":1193},[1050,8398,1364],{"class":1092},[1050,8400,8401,8403,8406,8409,8411,8414],{"class":1052,"line":1199},[1050,8402,1474],{"class":1404},[1050,8404,8405],{"class":1092}," file_type ",[1050,8407,8408],{"class":1485},"not",[1050,8410,5337],{"class":1485},[1050,8412,8413],{"class":1092}," allowed_types",[1050,8415,1497],{"class":1082},[1050,8417,8418,8420,8422,8424,8427,8430,8432,8435,8437,8440],{"class":1052,"line":1227},[1050,8419,5372],{"class":1404},[1050,8421,4472],{"class":1340},[1050,8423,1241],{"class":1082},[1050,8425,8426],{"class":1202},"f",[1050,8428,8429],{"class":1140},"\"File type ",[1050,8431,1386],{"class":1385},[1050,8433,8434],{"class":1340},"file_type",[1050,8436,1392],{"class":1385},[1050,8438,8439],{"class":1140}," not allowed\"",[1050,8441,1359],{"class":1082},[1050,8443,8444],{"class":1052,"line":1267},[1050,8445,1364],{"class":1092},[1050,8447,8448],{"class":1052,"line":1500},[1050,8449,8450],{"class":1056},"    # Additional checks for image files\n",[1050,8452,8453,8455,8458,8460,8462,8464,8466,8469,8471],{"class":1052,"line":1529},[1050,8454,1474],{"class":1404},[1050,8456,8457],{"class":1092}," file_type",[1050,8459,1233],{"class":1082},[1050,8461,6481],{"class":1340},[1050,8463,1241],{"class":1082},[1050,8465,1244],{"class":1136},[1050,8467,8468],{"class":1140},"image/",[1050,8470,1244],{"class":1136},[1050,8472,1306],{"class":1082},[1050,8474,8475,8478,8480,8482],{"class":1052,"line":1535},[1050,8476,8477],{"class":1340},"        validate_image_content",[1050,8479,1241],{"class":1082},[1050,8481,8249],{"class":1206},[1050,8483,1359],{"class":1082},[1050,8485,8486],{"class":1052,"line":1541},[1050,8487,1070],{"emptyLinePlaceholder":1069},[1050,8489,8490,8492,8495,8497,8499],{"class":1052,"line":1560},[1050,8491,1294],{"class":1202},[1050,8493,8494],{"class":1236}," validate_image_content",[1050,8496,1241],{"class":1082},[1050,8498,8249],{"class":1302},[1050,8500,1306],{"class":1082},[1050,8502,8503,8505,8508],{"class":1052,"line":1579},[1050,8504,1312],{"class":1311},[1050,8506,8507],{"class":1315},"Additional validation for image files",[1050,8509,1319],{"class":1311},[1050,8511,8512],{"class":1052,"line":1593},[1050,8513,1364],{"class":1092},[1050,8515,8516],{"class":1052,"line":1599},[1050,8517,8518],{"class":1056},"    # Check for embedded scripts in image metadata\n",[1050,8520,8521,8523,8525,8527,8529,8531],{"class":1052,"line":1604},[1050,8522,8315],{"class":1206},[1050,8524,1233],{"class":1082},[1050,8526,8320],{"class":1340},[1050,8528,1241],{"class":1082},[1050,8530,8325],{"class":5043},[1050,8532,1359],{"class":1082},[1050,8534,8535,8537,8539,8542,8544,8546],{"class":1052,"line":1627},[1050,8536,5614],{"class":1092},[1050,8538,1133],{"class":1082},[1050,8540,8541],{"class":1206}," file",[1050,8543,1233],{"class":1082},[1050,8545,8293],{"class":1340},[1050,8547,1624],{"class":1082},[1050,8549,8550],{"class":1052,"line":3271},[1050,8551,1364],{"class":1092},[1050,8553,8554],{"class":1052,"line":3276},[1050,8555,8556],{"class":1056},"    # Look for script tags in image data (SVG attacks)\n",[1050,8558,8559,8561,8564,8566,8568,8570,8572,8574,8576,8578,8580,8582,8584,8586,8588,8590,8592,8594,8596,8598],{"class":1052,"line":3282},[1050,8560,1474],{"class":1404},[1050,8562,8563],{"class":1202}," b",[1050,8565,1244],{"class":1136},[1050,8567,3478],{"class":1140},[1050,8569,1244],{"class":1136},[1050,8571,5337],{"class":1485},[1050,8573,7652],{"class":1092},[1050,8575,1233],{"class":1082},[1050,8577,5344],{"class":1340},[1050,8579,5347],{"class":1082},[1050,8581,5350],{"class":1485},[1050,8583,8563],{"class":1202},[1050,8585,1244],{"class":1136},[1050,8587,3576],{"class":1140},[1050,8589,1244],{"class":1136},[1050,8591,5337],{"class":1485},[1050,8593,7652],{"class":1092},[1050,8595,1233],{"class":1082},[1050,8597,5344],{"class":1340},[1050,8599,5367],{"class":1082},[1050,8601,8602,8604,8606,8608,8610,8613,8615],{"class":1052,"line":3300},[1050,8603,5372],{"class":1404},[1050,8605,4472],{"class":1340},[1050,8607,1241],{"class":1082},[1050,8609,1137],{"class":1136},[1050,8611,8612],{"class":1140},"Image contains potentially malicious content",[1050,8614,1137],{"class":1136},[1050,8616,1359],{"class":1082},[1050,8618,8619],{"class":1052,"line":3308},[1050,8620,1364],{"class":1092},[1050,8622,8623,8625,8627,8629,8631,8633],{"class":1052,"line":3321},[1050,8624,8315],{"class":1206},[1050,8626,1233],{"class":1082},[1050,8628,8320],{"class":1340},[1050,8630,1241],{"class":1082},[1050,8632,8325],{"class":5043},[1050,8634,1359],{"class":1082},[1050,8636,8637],{"class":1052,"line":3334},[1050,8638,1070],{"emptyLinePlaceholder":1069},[1050,8640,8641,8643,8646,8648,8650,8652,8655],{"class":1052,"line":3347},[1050,8642,4218],{"class":1202},[1050,8644,8645],{"class":4221}," SecureFileField",[1050,8647,1241],{"class":1082},[1050,8649,5557],{"class":2228},[1050,8651,1233],{"class":1082},[1050,8653,8654],{"class":2228},"FileField",[1050,8656,1306],{"class":1082},[1050,8658,8659,8661,8664],{"class":1052,"line":3359},[1050,8660,1312],{"class":1311},[1050,8662,8663],{"class":1315},"Secure file field with content validation",[1050,8665,1319],{"class":1311},[1050,8667,8668],{"class":1052,"line":3365},[1050,8669,1364],{"class":1092},[1050,8671,8672,8674,8676,8678,8680,8682,8684,8686,8688,8690,8692],{"class":1052,"line":3370},[1050,8673,4310],{"class":1202},[1050,8675,6167],{"class":5155},[1050,8677,1241],{"class":1082},[1050,8679,4319],{"class":4318},[1050,8681,1353],{"class":1082},[1050,8683,6015],{"class":1485},[1050,8685,6018],{"class":1302},[1050,8687,1353],{"class":1082},[1050,8689,6023],{"class":1485},[1050,8691,6026],{"class":1302},[1050,8693,1306],{"class":1082},[1050,8695,8696,8699,8701,8704,8706,8708,8711,8713,8715,8718,8720,8722,8725],{"class":1052,"line":3385},[1050,8697,8698],{"class":1092},"        kwargs",[1050,8700,1233],{"class":1082},[1050,8702,8703],{"class":1340},"setdefault",[1050,8705,1241],{"class":1082},[1050,8707,1244],{"class":1136},[1050,8709,8710],{"class":1140},"validators",[1050,8712,1244],{"class":1136},[1050,8714,1353],{"class":1082},[1050,8716,8717],{"class":1082}," []).",[1050,8719,6602],{"class":1340},[1050,8721,1241],{"class":1082},[1050,8723,8724],{"class":1340},"validate_file_content",[1050,8726,1359],{"class":1082},[1050,8728,8729,8731,8733,8736,8738,8740,8742,8744,8746,8748],{"class":1052,"line":3390},[1050,8730,5707],{"class":5706},[1050,8732,5710],{"class":1082},[1050,8734,8735],{"class":5155},"__init__",[1050,8737,1241],{"class":1082},[1050,8739,3495],{"class":1485},[1050,8741,6018],{"class":1340},[1050,8743,1353],{"class":1082},[1050,8745,6023],{"class":1485},[1050,8747,6026],{"class":1340},[1050,8749,1359],{"class":1082},[1050,8751,8752],{"class":1052,"line":3401},[1050,8753,1070],{"emptyLinePlaceholder":1069},[1050,8755,8756],{"class":1052,"line":3415},[1050,8757,8758],{"class":1056},"# Usage in models\n",[1050,8760,8761,8763,8766,8768,8770,8772,8774],{"class":1052,"line":3425},[1050,8762,4218],{"class":1202},[1050,8764,8765],{"class":4221}," Document",[1050,8767,1241],{"class":1082},[1050,8769,5557],{"class":2228},[1050,8771,1233],{"class":1082},[1050,8773,5562],{"class":2228},[1050,8775,1306],{"class":1082},[1050,8777,8778,8780,8782,8784,8786,8788,8790,8793,8795,8797],{"class":1052,"line":3436},[1050,8779,5569],{"class":1092},[1050,8781,1133],{"class":1082},[1050,8783,5574],{"class":1092},[1050,8785,1233],{"class":1082},[1050,8787,5579],{"class":1340},[1050,8789,1241],{"class":1082},[1050,8791,8792],{"class":1563},"max_length",[1050,8794,1133],{"class":1082},[1050,8796,5591],{"class":5043},[1050,8798,1359],{"class":1082},[1050,8800,8801,8803,8805,8807,8809,8812,8814,8816,8819,8821],{"class":1052,"line":3443},[1050,8802,8315],{"class":1206},[1050,8804,1210],{"class":1082},[1050,8806,8645],{"class":1340},[1050,8808,1241],{"class":1082},[1050,8810,8811],{"class":1563},"upload_to",[1050,8813,1133],{"class":1082},[1050,8815,1244],{"class":1136},[1050,8817,8818],{"class":1140},"documents/",[1050,8820,1244],{"class":1136},[1050,8822,1359],{"class":1082},[1050,8824,8825,8828,8830,8832,8834,8836,8838,8840,8842,8844,8846,8848,8850,8852],{"class":1052,"line":3448},[1050,8826,8827],{"class":1092},"    uploaded_by ",[1050,8829,1133],{"class":1082},[1050,8831,5574],{"class":1092},[1050,8833,1233],{"class":1082},[1050,8835,5654],{"class":1340},[1050,8837,1241],{"class":1082},[1050,8839,5659],{"class":1340},[1050,8841,1353],{"class":1082},[1050,8843,5664],{"class":1563},[1050,8845,1133],{"class":1082},[1050,8847,5557],{"class":1340},[1050,8849,1233],{"class":1082},[1050,8851,5673],{"class":1334},[1050,8853,1359],{"class":1082},[1030,8855,8857],{"id":8856},"testing-xss-protection","Testing XSS Protection",[1035,8859,8861],{"id":8860},"xss-security-tests","XSS Security Tests",[1040,8863,8865],{"className":1280,"code":8864,"language":1282,"meta":1045,"style":1045},"# tests.py - Testing XSS protection\nfrom django.test import TestCase, Client\nfrom django.contrib.auth.models import User\nfrom django.urls import reverse\n\nclass XSSProtectionTests(TestCase):\n    \"\"\"Test XSS protection mechanisms\"\"\"\n    \n    def setUp(self):\n        self.client = Client()\n        self.user = User.objects.create_user(\n            username='testuser',\n            password='testpass123'\n        )\n    \n    def test_template_auto_escaping(self):\n        \"\"\"Test that templates automatically escape user input\"\"\"\n        \n        # Create article with potentially malicious content\n        malicious_title = '\u003Cscript>alert(\"XSS\")\u003C/script>'\n        \n        article = Article.objects.create(\n            title=malicious_title,\n            content='Test content',\n            author=self.user\n        )\n        \n        response = self.client.get(reverse('article_detail', args=[article.id]))\n        \n        # Check that script tags are escaped\n        self.assertContains(response, '<script>')\n        self.assertNotContains(response, '\u003Cscript>')\n    \n    def test_form_input_sanitization(self):\n        \"\"\"Test that form input is properly sanitized\"\"\"\n        \n        self.client.login(username='testuser', password='testpass123')\n        \n        # Submit form with malicious content\n        response = self.client.post(reverse('create_article'), {\n            'title': '\u003Cscript>alert(\"XSS\")\u003C/script>',\n            'content': '\u003Cp>Safe content\u003C/p>\u003Cscript>alert(\"XSS\")\u003C/script>'\n        })\n        \n        # Check that article was created with sanitized content\n        article = Article.objects.latest('id')\n        self.assertNotIn('\u003Cscript>', article.title)\n        self.assertNotIn('\u003Cscript>', article.content)\n    \n    def test_json_script_safety(self):\n        \"\"\"Test that json_script filter is safe\"\"\"\n        \n        # Data with potentially dangerous content\n        user_data = {\n            'name': '\u003C/script>\u003Cscript>alert(\"XSS\")\u003C/script>',\n            'bio': '\u003Cimg src=x onerror=alert(\"XSS\")>'\n        }\n        \n        response = self.client.get(reverse('profile'), {\n            'user_data': user_data\n        })\n        \n        # Check that dangerous content is properly escaped in JSON\n        self.assertNotContains(response, '\u003Cscript>alert(\"XSS\")\u003C/script>')\n    \n    def test_csp_headers(self):\n        \"\"\"Test that CSP headers are present\"\"\"\n        \n        response = self.client.get('/')\n        \n        self.assertIn('Content-Security-Policy', response)\n        csp = response['Content-Security-Policy']\n        self.assertIn(\"default-src 'self'\", csp)\n        self.assertIn(\"script-src\", csp)\n",[1047,8866,8867,8872,8893,8919,8935,8939,8953,8962,8966,8979,8995,9019,9035,9049,9053,9057,9070,9079,9083,9088,9102,9106,9125,9137,9152,9166,9170,9174,9221,9225,9230,9255,9279,9283,9296,9305,9309,9350,9354,9359,9393,9411,9428,9433,9437,9442,9469,9497,9523,9527,9540,9549,9553,9558,9567,9586,9603,9607,9611,9643,9655,9659,9663,9668,9690,9694,9707,9716,9720,9747,9751,9775,9794,9817],{"__ignoreMap":1045},[1050,8868,8869],{"class":1052,"line":1053},[1050,8870,8871],{"class":1056},"# tests.py - Testing XSS protection\n",[1050,8873,8874,8876,8878,8880,8883,8885,8888,8890],{"class":1052,"line":1060},[1050,8875,2805],{"class":1404},[1050,8877,2821],{"class":1092},[1050,8879,1233],{"class":1082},[1050,8881,8882],{"class":1092},"test ",[1050,8884,2811],{"class":1404},[1050,8886,8887],{"class":1092}," TestCase",[1050,8889,1353],{"class":1082},[1050,8891,8892],{"class":1092}," Client\n",[1050,8894,8895,8897,8899,8901,8904,8906,8909,8911,8914,8916],{"class":1052,"line":1066},[1050,8896,2805],{"class":1404},[1050,8898,2821],{"class":1092},[1050,8900,1233],{"class":1082},[1050,8902,8903],{"class":1092},"contrib",[1050,8905,1233],{"class":1082},[1050,8907,8908],{"class":1092},"auth",[1050,8910,1233],{"class":1082},[1050,8912,8913],{"class":1092},"models ",[1050,8915,2811],{"class":1404},[1050,8917,8918],{"class":1092}," User\n",[1050,8920,8921,8923,8925,8927,8930,8932],{"class":1052,"line":1073},[1050,8922,2805],{"class":1404},[1050,8924,2821],{"class":1092},[1050,8926,1233],{"class":1082},[1050,8928,8929],{"class":1092},"urls ",[1050,8931,2811],{"class":1404},[1050,8933,8934],{"class":1092}," reverse\n",[1050,8936,8937],{"class":1052,"line":1079},[1050,8938,1070],{"emptyLinePlaceholder":1069},[1050,8940,8941,8943,8946,8948,8951],{"class":1052,"line":1104},[1050,8942,4218],{"class":1202},[1050,8944,8945],{"class":4221}," XSSProtectionTests",[1050,8947,1241],{"class":1082},[1050,8949,8950],{"class":2228},"TestCase",[1050,8952,1306],{"class":1082},[1050,8954,8955,8957,8960],{"class":1052,"line":1109},[1050,8956,1312],{"class":1311},[1050,8958,8959],{"class":1315},"Test XSS protection mechanisms",[1050,8961,1319],{"class":1311},[1050,8963,8964],{"class":1052,"line":1115},[1050,8965,1364],{"class":1092},[1050,8967,8968,8970,8973,8975,8977],{"class":1052,"line":1121},[1050,8969,4310],{"class":1202},[1050,8971,8972],{"class":1236}," setUp",[1050,8974,1241],{"class":1082},[1050,8976,4319],{"class":4318},[1050,8978,1306],{"class":1082},[1050,8980,8981,8983,8985,8988,8990,8993],{"class":1052,"line":1148},[1050,8982,6183],{"class":4341},[1050,8984,1233],{"class":1082},[1050,8986,8987],{"class":1481},"client",[1050,8989,1210],{"class":1082},[1050,8991,8992],{"class":1340}," Client",[1050,8994,1624],{"class":1082},[1050,8996,8997,8999,9001,9003,9005,9008,9010,9012,9014,9017],{"class":1052,"line":1154},[1050,8998,6183],{"class":4341},[1050,9000,1233],{"class":1082},[1050,9002,1573],{"class":1481},[1050,9004,1210],{"class":1082},[1050,9006,9007],{"class":1092}," User",[1050,9009,1233],{"class":1082},[1050,9011,1549],{"class":1481},[1050,9013,1233],{"class":1082},[1050,9015,9016],{"class":1340},"create_user",[1050,9018,1557],{"class":1082},[1050,9020,9021,9024,9026,9028,9031,9033],{"class":1052,"line":1163},[1050,9022,9023],{"class":1563},"            username",[1050,9025,1133],{"class":1082},[1050,9027,1244],{"class":1136},[1050,9029,9030],{"class":1140},"testuser",[1050,9032,1244],{"class":1136},[1050,9034,1576],{"class":1082},[1050,9036,9037,9040,9042,9044,9047],{"class":1052,"line":1172},[1050,9038,9039],{"class":1563},"            password",[1050,9041,1133],{"class":1082},[1050,9043,1244],{"class":1136},[1050,9045,9046],{"class":1140},"testpass123",[1050,9048,3121],{"class":1136},[1050,9050,9051],{"class":1052,"line":1177},[1050,9052,1596],{"class":1082},[1050,9054,9055],{"class":1052,"line":1183},[1050,9056,1364],{"class":1092},[1050,9058,9059,9061,9064,9066,9068],{"class":1052,"line":1193},[1050,9060,4310],{"class":1202},[1050,9062,9063],{"class":1236}," test_template_auto_escaping",[1050,9065,1241],{"class":1082},[1050,9067,4319],{"class":4318},[1050,9069,1306],{"class":1082},[1050,9071,9072,9074,9077],{"class":1052,"line":1199},[1050,9073,4326],{"class":1311},[1050,9075,9076],{"class":1315},"Test that templates automatically escape user input",[1050,9078,1319],{"class":1311},[1050,9080,9081],{"class":1052,"line":1227},[1050,9082,1532],{"class":1092},[1050,9084,9085],{"class":1052,"line":1267},[1050,9086,9087],{"class":1056},"        # Create article with potentially malicious content\n",[1050,9089,9090,9093,9095,9097,9100],{"class":1052,"line":1500},[1050,9091,9092],{"class":1092},"        malicious_title ",[1050,9094,1133],{"class":1082},[1050,9096,1489],{"class":1136},[1050,9098,9099],{"class":1140},"\u003Cscript>alert(\"XSS\")\u003C/script>",[1050,9101,3121],{"class":1136},[1050,9103,9104],{"class":1052,"line":1529},[1050,9105,1532],{"class":1092},[1050,9107,9108,9111,9113,9115,9117,9119,9121,9123],{"class":1052,"line":1535},[1050,9109,9110],{"class":1092},"        article ",[1050,9112,1133],{"class":1082},[1050,9114,5552],{"class":1092},[1050,9116,1233],{"class":1082},[1050,9118,1549],{"class":1481},[1050,9120,1233],{"class":1082},[1050,9122,1554],{"class":1340},[1050,9124,1557],{"class":1082},[1050,9126,9127,9130,9132,9135],{"class":1052,"line":1541},[1050,9128,9129],{"class":1563},"            title",[1050,9131,1133],{"class":1082},[1050,9133,9134],{"class":1340},"malicious_title",[1050,9136,1576],{"class":1082},[1050,9138,9139,9141,9143,9145,9148,9150],{"class":1052,"line":1560},[1050,9140,1582],{"class":1563},[1050,9142,1133],{"class":1082},[1050,9144,1244],{"class":1136},[1050,9146,9147],{"class":1140},"Test content",[1050,9149,1244],{"class":1136},[1050,9151,1576],{"class":1082},[1050,9153,9154,9157,9159,9161,9163],{"class":1052,"line":1579},[1050,9155,9156],{"class":1563},"            author",[1050,9158,1133],{"class":1082},[1050,9160,4319],{"class":4341},[1050,9162,1233],{"class":1082},[1050,9164,9165],{"class":1481},"user\n",[1050,9167,9168],{"class":1052,"line":1593},[1050,9169,1596],{"class":1082},[1050,9171,9172],{"class":1052,"line":1599},[1050,9173,1532],{"class":1092},[1050,9175,9176,9178,9180,9182,9184,9186,9188,9190,9192,9195,9197,9199,9202,9204,9206,9209,9211,9214,9216,9218],{"class":1052,"line":1604},[1050,9177,6219],{"class":1092},[1050,9179,1133],{"class":1082},[1050,9181,4342],{"class":4341},[1050,9183,1233],{"class":1082},[1050,9185,8987],{"class":1481},[1050,9187,1233],{"class":1082},[1050,9189,1341],{"class":1340},[1050,9191,1241],{"class":1082},[1050,9193,9194],{"class":1340},"reverse",[1050,9196,1241],{"class":1082},[1050,9198,1244],{"class":1136},[1050,9200,9201],{"class":1140},"article_detail",[1050,9203,1244],{"class":1136},[1050,9205,1353],{"class":1082},[1050,9207,9208],{"class":1563}," args",[1050,9210,3851],{"class":1082},[1050,9212,9213],{"class":1340},"article",[1050,9215,1233],{"class":1082},[1050,9217,2600],{"class":1481},[1050,9219,9220],{"class":1082},"]))\n",[1050,9222,9223],{"class":1052,"line":1627},[1050,9224,1532],{"class":1092},[1050,9226,9227],{"class":1052,"line":3271},[1050,9228,9229],{"class":1056},"        # Check that script tags are escaped\n",[1050,9231,9232,9234,9236,9239,9241,9244,9246,9248,9251,9253],{"class":1052,"line":3276},[1050,9233,6183],{"class":4341},[1050,9235,1233],{"class":1082},[1050,9237,9238],{"class":1340},"assertContains",[1050,9240,1241],{"class":1082},[1050,9242,9243],{"class":1340},"response",[1050,9245,1353],{"class":1082},[1050,9247,1489],{"class":1136},[1050,9249,9250],{"class":1140},"<script>",[1050,9252,1244],{"class":1136},[1050,9254,1359],{"class":1082},[1050,9256,9257,9259,9261,9264,9266,9268,9270,9272,9275,9277],{"class":1052,"line":3282},[1050,9258,6183],{"class":4341},[1050,9260,1233],{"class":1082},[1050,9262,9263],{"class":1340},"assertNotContains",[1050,9265,1241],{"class":1082},[1050,9267,9243],{"class":1340},[1050,9269,1353],{"class":1082},[1050,9271,1489],{"class":1136},[1050,9273,9274],{"class":1140},"\u003Cscript>",[1050,9276,1244],{"class":1136},[1050,9278,1359],{"class":1082},[1050,9280,9281],{"class":1052,"line":3300},[1050,9282,1364],{"class":1092},[1050,9284,9285,9287,9290,9292,9294],{"class":1052,"line":3308},[1050,9286,4310],{"class":1202},[1050,9288,9289],{"class":1236}," test_form_input_sanitization",[1050,9291,1241],{"class":1082},[1050,9293,4319],{"class":4318},[1050,9295,1306],{"class":1082},[1050,9297,9298,9300,9303],{"class":1052,"line":3321},[1050,9299,4326],{"class":1311},[1050,9301,9302],{"class":1315},"Test that form input is properly sanitized",[1050,9304,1319],{"class":1311},[1050,9306,9307],{"class":1052,"line":3334},[1050,9308,1532],{"class":1092},[1050,9310,9311,9313,9315,9317,9319,9322,9324,9327,9329,9331,9333,9335,9337,9340,9342,9344,9346,9348],{"class":1052,"line":3347},[1050,9312,6183],{"class":4341},[1050,9314,1233],{"class":1082},[1050,9316,8987],{"class":1481},[1050,9318,1233],{"class":1082},[1050,9320,9321],{"class":1340},"login",[1050,9323,1241],{"class":1082},[1050,9325,9326],{"class":1563},"username",[1050,9328,1133],{"class":1082},[1050,9330,1244],{"class":1136},[1050,9332,9030],{"class":1140},[1050,9334,1244],{"class":1136},[1050,9336,1353],{"class":1082},[1050,9338,9339],{"class":1563}," password",[1050,9341,1133],{"class":1082},[1050,9343,1244],{"class":1136},[1050,9345,9046],{"class":1140},[1050,9347,1244],{"class":1136},[1050,9349,1359],{"class":1082},[1050,9351,9352],{"class":1052,"line":3359},[1050,9353,1532],{"class":1092},[1050,9355,9356],{"class":1052,"line":3365},[1050,9357,9358],{"class":1056},"        # Submit form with malicious content\n",[1050,9360,9361,9363,9365,9367,9369,9371,9373,9376,9378,9380,9382,9384,9387,9389,9391],{"class":1052,"line":3370},[1050,9362,6219],{"class":1092},[1050,9364,1133],{"class":1082},[1050,9366,4342],{"class":4341},[1050,9368,1233],{"class":1082},[1050,9370,8987],{"class":1481},[1050,9372,1233],{"class":1082},[1050,9374,9375],{"class":1340},"post",[1050,9377,1241],{"class":1082},[1050,9379,9194],{"class":1340},[1050,9381,1241],{"class":1082},[1050,9383,1244],{"class":1136},[1050,9385,9386],{"class":1140},"create_article",[1050,9388,1244],{"class":1136},[1050,9390,8301],{"class":1082},[1050,9392,2592],{"class":1082},[1050,9394,9395,9397,9399,9401,9403,9405,9407,9409],{"class":1052,"line":3385},[1050,9396,2680],{"class":1136},[1050,9398,1848],{"class":1140},[1050,9400,1244],{"class":1136},[1050,9402,1660],{"class":1082},[1050,9404,1489],{"class":1136},[1050,9406,9099],{"class":1140},[1050,9408,1244],{"class":1136},[1050,9410,1576],{"class":1082},[1050,9412,9413,9415,9417,9419,9421,9423,9426],{"class":1052,"line":3390},[1050,9414,2680],{"class":1136},[1050,9416,1522],{"class":1140},[1050,9418,1244],{"class":1136},[1050,9420,1660],{"class":1082},[1050,9422,1489],{"class":1136},[1050,9424,9425],{"class":1140},"\u003Cp>Safe content\u003C/p>\u003Cscript>alert(\"XSS\")\u003C/script>",[1050,9427,3121],{"class":1136},[1050,9429,9430],{"class":1052,"line":3401},[1050,9431,9432],{"class":1082},"        })\n",[1050,9434,9435],{"class":1052,"line":3415},[1050,9436,1532],{"class":1092},[1050,9438,9439],{"class":1052,"line":3425},[1050,9440,9441],{"class":1056},"        # Check that article was created with sanitized content\n",[1050,9443,9444,9446,9448,9450,9452,9454,9456,9459,9461,9463,9465,9467],{"class":1052,"line":3436},[1050,9445,9110],{"class":1092},[1050,9447,1133],{"class":1082},[1050,9449,5552],{"class":1092},[1050,9451,1233],{"class":1082},[1050,9453,1549],{"class":1481},[1050,9455,1233],{"class":1082},[1050,9457,9458],{"class":1340},"latest",[1050,9460,1241],{"class":1082},[1050,9462,1244],{"class":1136},[1050,9464,2600],{"class":1140},[1050,9466,1244],{"class":1136},[1050,9468,1359],{"class":1082},[1050,9470,9471,9473,9475,9478,9480,9482,9484,9486,9488,9491,9493,9495],{"class":1052,"line":3443},[1050,9472,6183],{"class":4341},[1050,9474,1233],{"class":1082},[1050,9476,9477],{"class":1340},"assertNotIn",[1050,9479,1241],{"class":1082},[1050,9481,1244],{"class":1136},[1050,9483,9274],{"class":1140},[1050,9485,1244],{"class":1136},[1050,9487,1353],{"class":1082},[1050,9489,9490],{"class":1340}," article",[1050,9492,1233],{"class":1082},[1050,9494,1848],{"class":1481},[1050,9496,1359],{"class":1082},[1050,9498,9499,9501,9503,9505,9507,9509,9511,9513,9515,9517,9519,9521],{"class":1052,"line":3448},[1050,9500,6183],{"class":4341},[1050,9502,1233],{"class":1082},[1050,9504,9477],{"class":1340},[1050,9506,1241],{"class":1082},[1050,9508,1244],{"class":1136},[1050,9510,9274],{"class":1140},[1050,9512,1244],{"class":1136},[1050,9514,1353],{"class":1082},[1050,9516,9490],{"class":1340},[1050,9518,1233],{"class":1082},[1050,9520,1522],{"class":1481},[1050,9522,1359],{"class":1082},[1050,9524,9525],{"class":1052,"line":3454},[1050,9526,1364],{"class":1092},[1050,9528,9529,9531,9534,9536,9538],{"class":1052,"line":3546},[1050,9530,4310],{"class":1202},[1050,9532,9533],{"class":1236}," test_json_script_safety",[1050,9535,1241],{"class":1082},[1050,9537,4319],{"class":4318},[1050,9539,1306],{"class":1082},[1050,9541,9542,9544,9547],{"class":1052,"line":3551},[1050,9543,4326],{"class":1311},[1050,9545,9546],{"class":1315},"Test that json_script filter is safe",[1050,9548,1319],{"class":1311},[1050,9550,9551],{"class":1052,"line":3557},[1050,9552,1532],{"class":1092},[1050,9554,9555],{"class":1052,"line":3603},[1050,9556,9557],{"class":1056},"        # Data with potentially dangerous content\n",[1050,9559,9560,9563,9565],{"class":1052,"line":3608},[1050,9561,9562],{"class":1092},"        user_data ",[1050,9564,1133],{"class":1082},[1050,9566,2592],{"class":1082},[1050,9568,9569,9571,9573,9575,9577,9579,9582,9584],{"class":1052,"line":3614},[1050,9570,2680],{"class":1136},[1050,9572,2504],{"class":1140},[1050,9574,1244],{"class":1136},[1050,9576,1660],{"class":1082},[1050,9578,1489],{"class":1136},[1050,9580,9581],{"class":1140},"\u003C/script>\u003Cscript>alert(\"XSS\")\u003C/script>",[1050,9583,1244],{"class":1136},[1050,9585,1576],{"class":1082},[1050,9587,9588,9590,9592,9594,9596,9598,9601],{"class":1052,"line":3708},[1050,9589,2680],{"class":1136},[1050,9591,6048],{"class":1140},[1050,9593,1244],{"class":1136},[1050,9595,1660],{"class":1082},[1050,9597,1489],{"class":1136},[1050,9599,9600],{"class":1140},"\u003Cimg src=x onerror=alert(\"XSS\")>",[1050,9602,3121],{"class":1136},[1050,9604,9605],{"class":1052,"line":3713},[1050,9606,2735],{"class":1082},[1050,9608,9609],{"class":1052,"line":3721},[1050,9610,1532],{"class":1092},[1050,9612,9613,9615,9617,9619,9621,9623,9625,9627,9629,9631,9633,9635,9637,9639,9641],{"class":1052,"line":3726},[1050,9614,6219],{"class":1092},[1050,9616,1133],{"class":1082},[1050,9618,4342],{"class":4341},[1050,9620,1233],{"class":1082},[1050,9622,8987],{"class":1481},[1050,9624,1233],{"class":1082},[1050,9626,1341],{"class":1340},[1050,9628,1241],{"class":1082},[1050,9630,9194],{"class":1340},[1050,9632,1241],{"class":1082},[1050,9634,1244],{"class":1136},[1050,9636,2698],{"class":1140},[1050,9638,1244],{"class":1136},[1050,9640,8301],{"class":1082},[1050,9642,2592],{"class":1082},[1050,9644,9645,9647,9649,9651,9653],{"class":1052,"line":3737},[1050,9646,2680],{"class":1136},[1050,9648,2774],{"class":1140},[1050,9650,1244],{"class":1136},[1050,9652,1660],{"class":1082},[1050,9654,2781],{"class":1340},[1050,9656,9657],{"class":1052,"line":3751},[1050,9658,9432],{"class":1082},[1050,9660,9661],{"class":1052,"line":3761},[1050,9662,1532],{"class":1092},[1050,9664,9665],{"class":1052,"line":3772},[1050,9666,9667],{"class":1056},"        # Check that dangerous content is properly escaped in JSON\n",[1050,9669,9670,9672,9674,9676,9678,9680,9682,9684,9686,9688],{"class":1052,"line":3779},[1050,9671,6183],{"class":4341},[1050,9673,1233],{"class":1082},[1050,9675,9263],{"class":1340},[1050,9677,1241],{"class":1082},[1050,9679,9243],{"class":1340},[1050,9681,1353],{"class":1082},[1050,9683,1489],{"class":1136},[1050,9685,9099],{"class":1140},[1050,9687,1244],{"class":1136},[1050,9689,1359],{"class":1082},[1050,9691,9692],{"class":1052,"line":3784},[1050,9693,1364],{"class":1092},[1050,9695,9696,9698,9701,9703,9705],{"class":1052,"line":3793},[1050,9697,4310],{"class":1202},[1050,9699,9700],{"class":1236}," test_csp_headers",[1050,9702,1241],{"class":1082},[1050,9704,4319],{"class":4318},[1050,9706,1306],{"class":1082},[1050,9708,9709,9711,9714],{"class":1052,"line":3817},[1050,9710,4326],{"class":1311},[1050,9712,9713],{"class":1315},"Test that CSP headers are present",[1050,9715,1319],{"class":1311},[1050,9717,9718],{"class":1052,"line":3822},[1050,9719,1532],{"class":1092},[1050,9721,9722,9724,9726,9728,9730,9732,9734,9736,9738,9740,9743,9745],{"class":1052,"line":3828},[1050,9723,6219],{"class":1092},[1050,9725,1133],{"class":1082},[1050,9727,4342],{"class":4341},[1050,9729,1233],{"class":1082},[1050,9731,8987],{"class":1481},[1050,9733,1233],{"class":1082},[1050,9735,1341],{"class":1340},[1050,9737,1241],{"class":1082},[1050,9739,1244],{"class":1136},[1050,9741,9742],{"class":1140},"/",[1050,9744,1244],{"class":1136},[1050,9746,1359],{"class":1082},[1050,9748,9749],{"class":1052,"line":3845},[1050,9750,1532],{"class":1092},[1050,9752,9753,9755,9757,9760,9762,9764,9766,9768,9770,9773],{"class":1052,"line":3881},[1050,9754,6183],{"class":4341},[1050,9756,1233],{"class":1082},[1050,9758,9759],{"class":1340},"assertIn",[1050,9761,1241],{"class":1082},[1050,9763,1244],{"class":1136},[1050,9765,6274],{"class":1140},[1050,9767,1244],{"class":1136},[1050,9769,1353],{"class":1082},[1050,9771,9772],{"class":1340}," response",[1050,9774,1359],{"class":1082},[1050,9776,9777,9780,9782,9784,9786,9788,9790,9792],{"class":1052,"line":3890},[1050,9778,9779],{"class":1092},"        csp ",[1050,9781,1133],{"class":1082},[1050,9783,9772],{"class":1092},[1050,9785,3482],{"class":1082},[1050,9787,1244],{"class":1136},[1050,9789,6274],{"class":1140},[1050,9791,1244],{"class":1136},[1050,9793,3268],{"class":1082},[1050,9795,9796,9798,9800,9802,9804,9806,9808,9810,9812,9815],{"class":1052,"line":3903},[1050,9797,6183],{"class":4341},[1050,9799,1233],{"class":1082},[1050,9801,9759],{"class":1340},[1050,9803,1241],{"class":1082},[1050,9805,1137],{"class":1136},[1050,9807,6350],{"class":1140},[1050,9809,1137],{"class":1136},[1050,9811,1353],{"class":1082},[1050,9813,9814],{"class":1340}," csp",[1050,9816,1359],{"class":1082},[1050,9818,9819,9821,9823,9825,9827,9829,9832,9834,9836,9838],{"class":1052,"line":3925},[1050,9820,6183],{"class":4341},[1050,9822,1233],{"class":1082},[1050,9824,9759],{"class":1340},[1050,9826,1241],{"class":1082},[1050,9828,1137],{"class":1136},[1050,9830,9831],{"class":1140},"script-src",[1050,9833,1137],{"class":1136},[1050,9835,1353],{"class":1082},[1050,9837,9814],{"class":1340},[1050,9839,1359],{"class":1082},[1030,9841,9843],{"id":9842},"best-practices-summary","Best Practices Summary",[1035,9845,9847],{"id":9846},"template-security","Template Security",[3029,9849,9850,9857,9863,9866],{},[3038,9851,9852,9853,9856],{},"Never use ",[1047,9854,9855],{},"|safe"," filter with user input",[3038,9858,9859,9860,9862],{},"Use ",[1047,9861,2229],{}," for passing data to JavaScript",[3038,9864,9865],{},"Implement custom template filters for HTML sanitization",[3038,9867,9868],{},"Use CSP headers to prevent inline script execution",[1035,9870,9872],{"id":9871},"input-validation","Input Validation",[3029,9874,9875,9878,9881,9884],{},[3038,9876,9877],{},"Sanitize all user input at multiple levels",[3038,9879,9880],{},"Use whitelist approach for allowed HTML tags",[3038,9882,9883],{},"Validate file uploads for malicious content",[3038,9885,9886],{},"Implement proper form validation",[1035,9888,9890],{"id":9889},"output-encoding","Output Encoding",[3029,9892,9893,9896,9899,9902],{},[3038,9894,9895],{},"Rely on Django's automatic escaping",[3038,9897,9898],{},"Use appropriate filters for different contexts",[3038,9900,9901],{},"Escape data properly when using raw SQL or APIs",[3038,9903,9904],{},"Be careful with JavaScript context escaping",[1035,9906,9908],{"id":9907},"content-security-policy","Content Security Policy",[3029,9910,9911,9914,9917,9920],{},[3038,9912,9913],{},"Implement strict CSP headers",[3038,9915,9916],{},"Avoid inline scripts and styles",[3038,9918,9919],{},"Use nonces or hashes for necessary inline content",[3038,9921,9922],{},"Monitor CSP violation reports",[1030,9924,9926],{"id":9925},"next-steps","Next Steps",[1026,9928,9929],{},"Now that you understand XSS prevention, let's explore SQL injection protection and how Django's ORM helps prevent database attacks.",[2311,9931,9932],{},"html pre.shiki code .s9Tkl, html code.shiki .s9Tkl{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#A0ADA0;--shiki-default-font-style:inherit;--shiki-dark:#758575DD;--shiki-dark-font-style:inherit}html pre.shiki code .soVBu, html code.shiki .soVBu{--shiki-light:#39ADB5;--shiki-default:#999999;--shiki-dark:#666666}html pre.shiki code .sJFLg, html code.shiki .sJFLg{--shiki-light:#E53935;--shiki-default:#1E754F;--shiki-dark:#4D9375}html pre.shiki code .sftqT, html code.shiki .sftqT{--shiki-light:#90A4AE;--shiki-default:#393A34;--shiki-dark:#DBD7CAEE}html pre.shiki code .s5q8q, html code.shiki .s5q8q{--shiki-light:#9C3EDA;--shiki-default:#B07D48;--shiki-dark:#BD976A}html pre.shiki code .sbYkP, html code.shiki .sbYkP{--shiki-light:#39ADB5;--shiki-default:#B5695977;--shiki-dark:#C98A7D77}html pre.shiki code .sTbE_, html code.shiki .sTbE_{--shiki-light:#91B859;--shiki-default:#B56959;--shiki-dark:#C98A7D}html pre.shiki code .s5Kfy, html code.shiki .s5Kfy{--shiki-light:#9C3EDA;--shiki-default:#AB5959;--shiki-dark:#CB7676}html pre.shiki code .sSC40, html code.shiki .sSC40{--shiki-light:#90A4AE;--shiki-default:#B07D48;--shiki-dark:#BD976A}html pre.shiki code .sljsM, html code.shiki .sljsM{--shiki-light:#6182B8;--shiki-default:#59873A;--shiki-dark:#80A665}html pre.shiki code .snCua, html code.shiki .snCua{--shiki-light:#90A4AE;--shiki-default:#999999;--shiki-dark:#666666}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sCyAa, html code.shiki .sCyAa{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#393A34;--shiki-default-font-style:inherit;--shiki-dark:#DBD7CAEE;--shiki-dark-font-style:inherit}html pre.shiki code .sm7ve, html code.shiki .sm7ve{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#B5695977;--shiki-default-font-style:inherit;--shiki-dark:#C98A7D77;--shiki-dark-font-style:inherit}html pre.shiki code .sVyVU, html code.shiki .sVyVU{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#B56959;--shiki-default-font-style:inherit;--shiki-dark:#C98A7D;--shiki-dark-font-style:inherit}html pre.shiki code .sFGJz, html code.shiki .sFGJz{--shiki-light:#E53935;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .siWMO, html code.shiki .siWMO{--shiki-light:#6182B8;--shiki-default:#393A34;--shiki-dark:#DBD7CAEE}html pre.shiki code .s3h35, html code.shiki .s3h35{--shiki-light:#F76D47;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .siDh9, html code.shiki .siDh9{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#1E754F;--shiki-default-font-style:inherit;--shiki-dark:#4D9375;--shiki-dark-font-style:inherit}html pre.shiki code .sBPpx, html code.shiki .sBPpx{--shiki-light:#E53935;--shiki-default:#393A34;--shiki-dark:#DBD7CAEE}html pre.shiki code .sVsLi, html code.shiki .sVsLi{--shiki-light:#39ADB5;--shiki-default:#AB5959;--shiki-dark:#CB7676}html pre.shiki code .sqOPj, html code.shiki .sqOPj{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#B07D48;--shiki-default-font-style:inherit;--shiki-dark:#BD976A;--shiki-dark-font-style:inherit}html pre.shiki code .sYn-s, html code.shiki .sYn-s{--shiki-light:#E2931D;--shiki-default:#59873A;--shiki-dark:#80A665}html pre.shiki code .sKL33, html code.shiki .sKL33{--shiki-light:#E2931D;--shiki-default:#B07D48;--shiki-dark:#BD976A}html pre.shiki code .s5HLA, html code.shiki .s5HLA{--shiki-light:#8796B0;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .s8XtY, html code.shiki .s8XtY{--shiki-light:#39ADB5;--shiki-default:#1E754F;--shiki-dark:#4D9375}html pre.shiki code .s27EL, html code.shiki .s27EL{--shiki-light:#91B859;--shiki-default:#AB5E3F;--shiki-dark:#C4704F}html pre.shiki code .sETVe, html code.shiki .sETVe{--shiki-light:#39ADB5;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .sz9Cv, html code.shiki .sz9Cv{--shiki-light:#91B859;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .sGuSu, html code.shiki .sGuSu{--shiki-light:#39ADB5;--shiki-default:#2F798A;--shiki-dark:#4C9A91}html pre.shiki code .sRJPX, html code.shiki .sRJPX{--shiki-light:#91B859;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .sk0MF, html code.shiki .sk0MF{--shiki-light:#90A4AE;--shiki-default:#BDA437;--shiki-dark:#E6CC77}html pre.shiki code .sD-vU, html code.shiki .sD-vU{--shiki-light:#E2931D;--shiki-default:#2E8F82;--shiki-dark:#5DA994}html pre.shiki code .sRjD_, html code.shiki .sRjD_{--shiki-light:#E53935;--shiki-light-font-style:italic;--shiki-default:#393A34;--shiki-default-font-style:inherit;--shiki-dark:#DBD7CAEE;--shiki-dark-font-style:inherit}html pre.shiki code .se3Ec, html code.shiki .se3Ec{--shiki-light:#90A4AE;--shiki-default:#A65E2B;--shiki-dark:#C99076}html pre.shiki code .s7CZa, html code.shiki .s7CZa{--shiki-light:#F76D47;--shiki-default:#2F798A;--shiki-dark:#4C9A91}html pre.shiki code .sJdAF, html code.shiki .sJdAF{--shiki-light:#6182B8;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .sa2tF, html code.shiki .sa2tF{--shiki-light:#E2931D;--shiki-default:#998418;--shiki-dark:#B8A965}html pre.shiki code .sLdnO, html code.shiki .sLdnO{--shiki-light:#E53935;--shiki-default:#999999;--shiki-dark:#666666}",{"title":1045,"searchDepth":1053,"depth":1060,"links":9934},[9935,9939,9944,9949,9953,9957,9961,9964,9970],{"id":1032,"depth":1060,"text":1033,"children":9936},[9937,9938],{"id":1037,"depth":1066,"text":1038},{"id":1276,"depth":1066,"text":1277},{"id":1669,"depth":1060,"text":1670,"children":9940},[9941,9942,9943],{"id":1673,"depth":1066,"text":1674},{"id":1822,"depth":1066,"text":1823},{"id":2026,"depth":1066,"text":2027},{"id":2399,"depth":1060,"text":2400,"children":9945},[9946,9947,9948],{"id":2403,"depth":1066,"text":2404},{"id":2789,"depth":1066,"text":2790},{"id":4008,"depth":1066,"text":4009},{"id":4150,"depth":1060,"text":4151,"children":9950},[9951,9952],{"id":4154,"depth":1066,"text":4155},{"id":5247,"depth":1066,"text":5248},{"id":6123,"depth":1060,"text":6124,"children":9954},[9955,9956],{"id":6127,"depth":1066,"text":6128},{"id":6920,"depth":1066,"text":6921},{"id":7194,"depth":1060,"text":7195,"children":9958},[9959,9960],{"id":7198,"depth":1066,"text":7199},{"id":8197,"depth":1066,"text":8198},{"id":8856,"depth":1060,"text":8857,"children":9962},[9963],{"id":8860,"depth":1066,"text":8861},{"id":9842,"depth":1060,"text":9843,"children":9965},[9966,9967,9968,9969],{"id":9846,"depth":1066,"text":9847},{"id":9871,"depth":1066,"text":9872},{"id":9889,"depth":1066,"text":9890},{"id":9907,"depth":1066,"text":9908},{"id":9925,"depth":1060,"text":9926},"md",null,{},{"title":555,"description":1028},"Lm3XCnZTW88R2E0hTe8TpYqH3nxdIgB7kc7CQp7ZPaA",[9977,9979],{"title":551,"path":552,"stem":553,"description":9978,"children":-1},"Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. Django provides robust built-in CSRF protection that's enabled by default.",{"title":559,"path":560,"stem":561,"description":9980,"children":-1},"SQL injection is one of the most dangerous web application vulnerabilities, allowing attackers to manipulate database queries and potentially access, modify, or delete sensitive data. Django's ORM provides robust protection against SQL injection attacks through parameterized queries and safe query construction.",1772474938458]