Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
raiboon2015-02-09 19:31:17
Django
raiboon, 2015-02-09 19:31:17

Are Django-templates safe for third parties to access?

I want to sketch something like a website builder. You need to give users the opportunity to upload their site templates and edit them directly on the server. Personally, I... I can't think of a way to break a site or get unauthorized access to other people's data only with the help of templates and tags, but... I can't find it, was there such information anywhere? Or is it better to write your own templates? (Which is debatable, for sure they will also be full of holes from the first ten times)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
O
OnYourLips, 2015-02-09
@OnYourLips

Python code cannot be injected, but XSS can. And steal cookies through it, make redirects, etc.

Similar questions
N
Nikolai Gromov2017-04-28 13:16:05
How to access an element of an object that is in an array? 2Reply
O
Onigire2021-06-04 20:32:19
Why is the last element of the list not displayed? 1Reply
H
hukabuk2019-04-14 18:22:59
How to set up nginx+uwsgi for multiple projects? 0Reply
M
mkone1122020-12-27 10:27:13
Why keep tests in application directories? 1Reply
B
Boldy2014-11-23 20:01:16
How to use getattr/setattr in .update() request in django? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question