Home » Django » How to strip html/javascript from text input in django

How to strip html/javascript from text input in django

Posted by: admin November 30, 2017 Leave a comment

Questions:

What is the easiest way to strip all html/javascript from a string?

Answers:

If you want to strip tags in the python, you can use:

from django.utils.html import strip_tags

strip_tags(string_value)

EDIT: If you are using strip_tags, than you should update your django. Because security researchers found a way in order to bypass strip_tags . Further information : http://www.mehmetince.net/django-strip_tags-bypass-vulnerability-exploit/

Questions:
Answers:

The striptags template filter.

{{ value|striptags }}

Questions:
Answers:

nice snippet, if you want to hold some tags and strip the rest:

http://djangosnippets.org/snippets/295/