Bandit
latest
  • Configuration
  • Bandit Test Plugins
    • Writing Tests
    • Config Generation
    • Example Test Plugin
    • Plugin ID Groupings
    • Complete Test Plugin Listing
      • B101: assert_used
      • B102: exec_used
      • B103: set_bad_file_permissions
      • B104: hardcoded_bind_all_interfaces
      • B105: hardcoded_password_string
      • B106: hardcoded_password_funcarg
      • B107: hardcoded_password_default
      • B108: hardcoded_tmp_directory
      • B109: Test for a password based config option not marked secret
      • B110: try_except_pass
      • B111: Test for the use of rootwrap running as root
      • B112: try_except_continue
      • B201: flask_debug_true
      • B501: request_with_no_cert_validation
      • B502: ssl_with_bad_version
      • B503: ssl_with_bad_defaults
      • B504: ssl_with_no_version
      • B505: weak_cryptographic_key
      • B506: yaml_load
      • B507: ssh_no_host_key_verification
      • B601: paramiko_calls
      • B602: subprocess_popen_with_shell_equals_true
      • B603: subprocess_without_shell_equals_true
      • B604: any_other_function_with_shell_equals_true
      • B605: start_process_with_a_shell
      • B606: start_process_with_no_shell
      • B607: start_process_with_partial_path
      • B608: hardcoded_sql_expressions
      • B609: linux_commands_wildcard_injection
      • B610: django_extra_used
      • B611: django_rawsql_used
      • B701: jinja2_autoescape_false
      • B702: use_of_mako_templates
      • B703: django_mark_safe
  • Bandit Blacklist Plugins
  • Bandit Report Formatters
Bandit
  • Docs »
  • Bandit Test Plugins »
  • B703: django_mark_safe
  • Edit on GitHub

B703: django_mark_safeΒΆ

bandit.plugins.django_xss.django_mark_safe(context)[source]

B703: Potential XSS on mark_safe function

See also

  • https://docs.djangoproject.com/en/dev/topics/security/#cross-site-scripting-xss-protection
  • https://docs.djangoproject.com/en/dev/ref/utils/#module-django.utils.safestring
  • https://docs.djangoproject.com/en/dev/ref/utils/#django.utils.html.format_html

New in version 1.5.0.

Next Previous

© Copyright 2016, Bandit Developers Revision 8eee173f.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: latest
Versions
latest
stable
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds

Free document hosting provided by Read the Docs.