Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
raiboon2015-02-09 19:31:17
Django
raiboon, 2015-02-09 19:31:17

Are Django-templates safe for third parties to access?

I want to sketch something like a website builder. You need to give users the opportunity to upload their site templates and edit them directly on the server. Personally, I... I can't think of a way to break a site or get unauthorized access to other people's data only with the help of templates and tags, but... I can't find it, was there such information anywhere? Or is it better to write your own templates? (Which is debatable, for sure they will also be full of holes from the first ten times)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
O
OnYourLips, 2015-02-09
@OnYourLips

Python code cannot be injected, but XSS can. And steal cookies through it, make redirects, etc.

Similar questions
W
wanderbit2016-07-09 17:42:10
How to display the category_id value for a product in the featured module? 2Reply
A
albertalexandrov2020-09-25 15:40:29
Error "type object 'GenericType' has no attribute 'get_queryset'"? 0Reply
X
x4zx2022-01-23 01:33:27
How to connect MongoDB to Django? 1Reply
T
Tash1moto2016-06-25 10:55:09
How to print a sales receipt in javascript? 2Reply
F
Friend2020-09-27 11:48:17
How to display inlines OneToOneField with multiple links in Django Admin? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question