jebus/enviPy-bayer
1
0
Fork 0
forked from enviPath/enviPy
Code Issues Pull Requests Actions Releases Activity
111 Commits 19 Branches 8 Tags
53fc91acf5cfcde87fb93f255011b4ca3b59a462
Commit Graph

3 Commits

Author SHA1 Message Date
Tobias O
34aed2c7aa refactor: large scale formatting/linting 2025-11-12 15:51:13 +13:00
liambrydon
34589efbde [Fix] Mitigate XSS attack vector by cleaning input before it hits our Database (#171) 
## Changes

- All text input fields are now cleaned with nh3 to remove html tags. We allow certain html tags under `settings.py/ALLOWED_HTML_TAGS` so we can easily update the tags we allow in the future.
- All names and descriptions now use the template tag `nh_safe` in all html files.
- Usernames and emails are a small exception and are not allowed any html tags

Co-authored-by: Liam Brydon <62733830+MyCreativityOutlet@users.noreply.github.com>
Co-authored-by: jebus <lorsbach@envipath.com>
Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#171
Reviewed-by: jebus <lorsbach@envipath.com>
Co-authored-by: liambrydon <lbry121@aucklanduni.ac.nz>
Co-committed-by: liambrydon <lbry121@aucklanduni.ac.nz>
 2025-11-11 22:49:55 +13:00
jebus
7ad4112343 [Feature] External Identifier/References 
Co-authored-by: Tim Lorsbach <tim@lorsba.ch>
Reviewed-on: enviPath/enviPy#139
 2025-10-02 00:40:00 +13:00