xss-utils
=============================
Utilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.
Overview
------------------------
This repo houses utility functions to protect edx codebase (Python, Javascript and other templating
engine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters
for django and mako templates.
For more information, please read `Preventing Cross Site Scripting Vulnerabilities <https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/index.html>`_.
Documentation
-------------
The full documentation is in the docs directory
TODO: Publish to https://xss-utils.readthedocs.org.
License
-------
The code in this repository is licensed under the AGPL 3.0 unless
otherwise noted.
Please see ``LICENSE.txt`` for details.
How To Contribute
-----------------
Contributions are very welcome.
Please read `How To Contribute <https://github.com/openedx/.github/blob/master/CONTRIBUTING.md>`_ for details.
PR description template should be automatically applied if you are sending PR from github interface; otherwise you
can find it it at `PULL_REQUEST_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/PULL_REQUEST_TEMPLATE.md>`_
Issue report template should be automatically applied if you are sending it from github UI as well; otherwise you
can find it at `ISSUE_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/ISSUE_TEMPLATE.md>`_
Reporting Security Issues
-------------------------
Please do not report security issues in public. Please email security@openedx.org.
Getting Help
------------
Have a question about this repository, or about Open edX in general? Please
refer to this `list of resources`_ if you need any assistance.
.. _list of resources: https://open.edx.org/getting-help
.. |pypi-badge| image:: https://img.shields.io/pypi/v/xss-utils.svg
:target: https://pypi.python.org/pypi/xss-utils/
:alt: PyPI
.. |ci-badge| image:: https://github.com/openedx/xss-utils/workflows/Python%20CI/badge.svg?branch=master
:target: https://github.com/openedx/xss-utils/actions?query=workflow%3A%22Python+CI%22
:alt: CI
.. |codecov-badge| image:: http://codecov.io/github/edx/xss-utils/coverage.svg?branch=master
:target: http://codecov.io/github/edx/xss-utils?branch=master
:alt: Codecov
.. |doc-badge| image:: https://readthedocs.org/projects/xss-utils/badge/?version=latest
:target: http://xss-utils.readthedocs.io/en/latest/
:alt: Documentation
.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/xss-utils.svg
:target: https://pypi.python.org/pypi/xss-utils/
:alt: Supported Python versions
.. |license-badge| image:: https://img.shields.io/github/license/edx/xss-utils.svg
:target: https://github.com/openedx/xss-utils/blob/master/LICENSE.txt
:alt: License
Change Log
----------
..
All enhancements and patches to xss_utils will be documented
in this file. It adheres to the structure of http://keepachangelog.com/ ,
but in reStructuredText instead of Markdown (for ease of incorporation into
Sphinx documentation and the PyPI description).
This project adheres to Semantic Versioning (http://semver.org/).
.. There should always be an "Unreleased" section for changes pending release.
Unreleased
~~~~~~~~~~
[0.6.0] - 2024-04-22
~~~~~~~~~~~~~~~~~~~~
* Test and declare Python 3.11 and 3.12 compatibility.
[0.5.0] - 2023-08-01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Switch from ``edx-sphinx-theme`` to ``sphinx-book-theme`` since the former is
deprecated. See https://github.com/openedx/edx-sphinx-theme/issues/184 for
more details.
* Added supportt for Django 4.2
[0.4.0] - 2022-01-20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Added
_____
* Added Support for Django40
Dropped
_______
* Dropped Django22, 30, 31 from CI
[0.3.0] - 2021-07-07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Added
_____
* Support for django3.0, 3.1, 3.2
[0.1.0] - 2018-08-17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Added
_____
* Utilities to enable html escaping, preventing Cross Site Scripting (XSS) attacks in Django templates.
Raw data
{
"_id": null,
"home_page": "https://github.com/openedx/xss-utils",
"name": "xss-utils",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "Django edx",
"author": "edX",
"author_email": "oscm@edx.org",
"download_url": "https://files.pythonhosted.org/packages/04/81/cf958cc6e900946f329772a545a6c670679dd014122a747df8ba261ee797/xss-utils-0.6.0.tar.gz",
"platform": null,
"description": "xss-utils\n=============================\n\nUtilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.\n\nOverview\n------------------------\n\nThis repo houses utility functions to protect edx codebase (Python, Javascript and other templating\nengine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters\nfor django and mako templates.\nFor more information, please read `Preventing Cross Site Scripting Vulnerabilities <https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/index.html>`_.\n\nDocumentation\n-------------\n\nThe full documentation is in the docs directory\nTODO: Publish to https://xss-utils.readthedocs.org.\n\nLicense\n-------\n\nThe code in this repository is licensed under the AGPL 3.0 unless\notherwise noted.\n\nPlease see ``LICENSE.txt`` for details.\n\nHow To Contribute\n-----------------\n\nContributions are very welcome.\n\nPlease read `How To Contribute <https://github.com/openedx/.github/blob/master/CONTRIBUTING.md>`_ for details.\n\nPR description template should be automatically applied if you are sending PR from github interface; otherwise you\ncan find it it at `PULL_REQUEST_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/PULL_REQUEST_TEMPLATE.md>`_\n\nIssue report template should be automatically applied if you are sending it from github UI as well; otherwise you\ncan find it at `ISSUE_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/ISSUE_TEMPLATE.md>`_\n\nReporting Security Issues\n-------------------------\n\nPlease do not report security issues in public. Please email security@openedx.org.\n\nGetting Help\n------------\n\nHave a question about this repository, or about Open edX in general? Please\nrefer to this `list of resources`_ if you need any assistance.\n\n.. _list of resources: https://open.edx.org/getting-help\n\n\n.. |pypi-badge| image:: https://img.shields.io/pypi/v/xss-utils.svg\n :target: https://pypi.python.org/pypi/xss-utils/\n :alt: PyPI\n\n.. |ci-badge| image:: https://github.com/openedx/xss-utils/workflows/Python%20CI/badge.svg?branch=master\n :target: https://github.com/openedx/xss-utils/actions?query=workflow%3A%22Python+CI%22\n :alt: CI\n\n.. |codecov-badge| image:: http://codecov.io/github/edx/xss-utils/coverage.svg?branch=master\n :target: http://codecov.io/github/edx/xss-utils?branch=master\n :alt: Codecov\n\n.. |doc-badge| image:: https://readthedocs.org/projects/xss-utils/badge/?version=latest\n :target: http://xss-utils.readthedocs.io/en/latest/\n :alt: Documentation\n\n.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/xss-utils.svg\n :target: https://pypi.python.org/pypi/xss-utils/\n :alt: Supported Python versions\n\n.. |license-badge| image:: https://img.shields.io/github/license/edx/xss-utils.svg\n :target: https://github.com/openedx/xss-utils/blob/master/LICENSE.txt\n :alt: License\n\n\nChange Log\n----------\n\n..\n All enhancements and patches to xss_utils will be documented\n in this file. It adheres to the structure of http://keepachangelog.com/ ,\n but in reStructuredText instead of Markdown (for ease of incorporation into\n Sphinx documentation and the PyPI description).\n\n This project adheres to Semantic Versioning (http://semver.org/).\n\n.. There should always be an \"Unreleased\" section for changes pending release.\n\nUnreleased\n~~~~~~~~~~\n\n[0.6.0] - 2024-04-22\n~~~~~~~~~~~~~~~~~~~~\n\n* Test and declare Python 3.11 and 3.12 compatibility.\n\n[0.5.0] - 2023-08-01\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n* Switch from ``edx-sphinx-theme`` to ``sphinx-book-theme`` since the former is\n deprecated. See https://github.com/openedx/edx-sphinx-theme/issues/184 for\n more details.\n* Added supportt for Django 4.2\n\n[0.4.0] - 2022-01-20\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nAdded\n_____\n\n* Added Support for Django40\n\nDropped\n_______\n\n* Dropped Django22, 30, 31 from CI\n\n[0.3.0] - 2021-07-07\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nAdded\n_____\n\n* Support for django3.0, 3.1, 3.2\n\n[0.1.0] - 2018-08-17\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nAdded\n_____\n\n* Utilities to enable html escaping, preventing Cross Site Scripting (XSS) attacks in Django templates.\n",
"bugtrack_url": null,
"license": "AGPL 3.0",
"summary": "Utility functions to prevent possible XSS attack on django/mako templates",
"version": "0.6.0",
"project_urls": {
"Homepage": "https://github.com/openedx/xss-utils"
},
"split_keywords": [
"django",
"edx"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "e1daf7321133eea314c6dff06410551dc628afc2f5771c5117e3ead37265f338",
"md5": "2fe4d535f4683b5d7e234eb95ff0f470",
"sha256": "ef712a5298a66dc314bade46c467a2b9f1ff5130b975a95bb0729699194c80cc"
},
"downloads": -1,
"filename": "xss_utils-0.6.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "2fe4d535f4683b5d7e234eb95ff0f470",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 17201,
"upload_time": "2024-04-22T16:42:19",
"upload_time_iso_8601": "2024-04-22T16:42:19.080426Z",
"url": "https://files.pythonhosted.org/packages/e1/da/f7321133eea314c6dff06410551dc628afc2f5771c5117e3ead37265f338/xss_utils-0.6.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "0481cf958cc6e900946f329772a545a6c670679dd014122a747df8ba261ee797",
"md5": "4497d7dc96f0f8023fa423ca411694a9",
"sha256": "ada8c888facae812b8684a0ab37b3bb01f17514d7ff9aa2729f4a8964bab31ac"
},
"downloads": -1,
"filename": "xss-utils-0.6.0.tar.gz",
"has_sig": false,
"md5_digest": "4497d7dc96f0f8023fa423ca411694a9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 20625,
"upload_time": "2024-04-22T16:42:20",
"upload_time_iso_8601": "2024-04-22T16:42:20.303806Z",
"url": "https://files.pythonhosted.org/packages/04/81/cf958cc6e900946f329772a545a6c670679dd014122a747df8ba261ee797/xss-utils-0.6.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-22 16:42:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "openedx",
"github_project": "xss-utils",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"tox": true,
"lcname": "xss-utils"
}
JSON
