Login

3113 snippets

Snippet List

Sanitize HTML filter with tag/attribute whitelist and XSS protection

Reworked version of [this snippet](http://www.djangosnippets.org/snippets/205/) that now accepts an argument so the user can specify which tags to allow, and which attributes should be allowed for each tag. Argument should be in form `tag2:attr1:attr2 tag2:attr1 tag3`, where tags are allowed HTML tags, and attrs are the allowed attributes for that tag. It also uses code from [this post on stack overflow](http://stackoverflow.com/questions/16861/sanitising-user-input-using-python) to add XSS protection.

  • html
  • security
  • sanitize
  • whitelist
Read More

HTML5 filter for XXS

Usefull for TinyMCE, to allow some HTML but be vunarable by XXS attacks You need to install html5lib sudo easy_install html5lib

  • template
  • filter
  • security
  • sanitize
  • xss
Read More

MySQL "Text" Type Model Field

Custom field for using MySQL's `text` type. `text` is more compact than the `longtext` field that Django assigns for `models.TextField` (2^16 vs. 2^32, respectively)

  • text
  • models
  • mysql
  • db
  • database
  • field
  • custom-field
Read More

Fail Faster: unsafe_test Management Command

The faster you fail the faster you reach success. This management command runs tests within the django environment, but without a test database, hence the word "UNSAFE". It only runs unittests for a single application, which are not subclasses of django.test.TestCase. Django's TestCases are not supported because they attempt to purge the database. Turn this flaw into a feature by segregating testcases into those that either need or don't need the test database. This tool may not be useful in all cases, but in certain cases you can have more rapid testing iterations. I use it for certain utility applications. **Setup:** Place in <app_name>/management/commands/unsafe_test.py **Run:** $./manage.py unsafe_test <app_name>

  • management-command
Read More

Django with AngularJS

This is a simpel snippet to prevent conflict between Django and AngularJS template syntax. It is possible to change the AngularJS syntax, but this can cause compatibility problems, so I figured that this was a better solution.

  • AngularJS
Read More

Transparent encryption for model fields

Here's a simple way to transparently encrypt a field (just repeat the idiom for more than one) so that it is not stored plaintext in the database. This might be useful for social security numbers, etc. The storage size for the ciphertext depends on which algorithm you use. Blowfish here requires 32 characters to store an encrypted 16 characters. Note also that Blowfish requires a block size of a multiple of 8, so that is what the repeat in the _set_ssn() is all about. The Crypto module is from http://www.amk.ca/python/code/crypto.html I make no claims as to how secure this scheme is overall, comments on this are welcome.

  • database
  • encryption
Read More

AntiSpamForm

A general AntiSpamForm using some tricks to prevent spam based on current [django.contrib.comments.forms](http://code.djangoproject.com/browser/django/trunk/django/contrib/comments/forms.py). It uses a timestamp, a security hash and a honeypot field. See [AntiSpamModelForm](http://www.djangosnippets.org/snippets/1856/) too.

  • forms
  • spam
  • form
  • antispam
Read More

Plugin Framework

This is a very basic -- yet fully functional -- framework for producing a loosely coupled plugin architecture. Full details of its use can be found [on my blog](http://gulopine.gamemusic.org/2008/jan/10/simple-plugin-framework/), but the basics are listed below. ## Defining a mount point for plugins class ActionProvider: __metaclass__ = PluginMount ## Implementing plugins class Insert(ActionProvider): def perform(self): # Do stuff here class Update(ActionProvider): def perform(self): # Do stuff here ## Utilizing plugins for action in ActionProvider.plugins: action.perform() Yes, it really is that simple.

  • plugins
Read More