jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity
113 Commits 19 Branches 8 Tags
39faab3d1164df38d84101013ea43dedc264e8f5
Commit Graph

4 Commits

Author SHA1 Message Date
Tobias O
21d30a923f [Refactor] Large scale formatting/linting (#193) 
All html files now prettier formatted and fixes for incompatible blocks applied

Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#193
Co-authored-by: Tobias O <tobias.olenyi@envipath.com>
Co-committed-by: Tobias O <tobias.olenyi@envipath.com>
 2025-11-12 22:47:10 +13:00
liambrydon
34589efbde [Fix] Mitigate XSS attack vector by cleaning input before it hits our Database (#171) 
## Changes

- All text input fields are now cleaned with nh3 to remove html tags. We allow certain html tags under `settings.py/ALLOWED_HTML_TAGS` so we can easily update the tags we allow in the future.
- All names and descriptions now use the template tag `nh_safe` in all html files.
- Usernames and emails are a small exception and are not allowed any html tags

Co-authored-by: Liam Brydon <62733830+MyCreativityOutlet@users.noreply.github.com>
Co-authored-by: jebus <lorsbach@envipath.com>
Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#171
Reviewed-by: jebus <lorsbach@envipath.com>
Co-authored-by: liambrydon <lbry121@aucklanduni.ac.nz>
Co-committed-by: liambrydon <lbry121@aucklanduni.ac.nz>
 2025-11-11 22:49:55 +13:00
jebus
6e6b394289 Cleanup (#52) 
Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#52
 2025-08-22 06:36:22 +12:00
Tim Lorsbach
ded50edaa2 Current Dev State 2025-06-23 20:13:54 +02:00