Metadata-Version: 2.1
Name: xss-utils
Version: 0.4.0
Summary: Utility functions to prevent possible XSS attack on django/mako templates
Home-page: https://github.com/edx/xss-utils
Author: edX
Author-email: oscm@edx.org
License: AGPL 3.0
Keywords: Django edx
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Framework :: Django
Classifier: Framework :: Django :: 3.2
Classifier: Framework :: Django :: 4.0
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
License-File: LICENSE
License-File: AUTHORS

xss-utils
=============================

Utilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.

Overview
------------------------

This repo houses utility functions to protect edx codebase (Python, Javascript and other templating
engine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters
for django and mako templates.
For more information, please read `Preventing Cross Site Scripting Vulnerabilities <https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/preventing_xss/index.html>`_.

Documentation
-------------

The full documentation is in the docs directory
TODO: Publish to https://xss-utils.readthedocs.org.

License
-------

The code in this repository is licensed under the AGPL 3.0 unless
otherwise noted.

Please see ``LICENSE.txt`` for details.

How To Contribute
-----------------

Contributions are very welcome.

Please read `How To Contribute <https://github.com/edx/edx-platform/blob/master/CONTRIBUTING.rst>`_ for details.

Even though they were written with ``edx-platform`` in mind, the guidelines
should be followed for Open edX code in general.

PR description template should be automatically applied if you are sending PR from github interface; otherwise you
can find it it at `PULL_REQUEST_TEMPLATE.md <https://github.com/edx/xss-utils/blob/master/.github/PULL_REQUEST_TEMPLATE.md>`_

Issue report template should be automatically applied if you are sending it from github UI as well; otherwise you
can find it at `ISSUE_TEMPLATE.md <https://github.com/edx/xss-utils/blob/master/.github/ISSUE_TEMPLATE.md>`_

Reporting Security Issues
-------------------------

Please do not report security issues in public. Please email security@edx.org.

Getting Help
------------

Have a question about this repository, or about Open edX in general?  Please
refer to this `list of resources`_ if you need any assistance.

.. _list of resources: https://open.edx.org/getting-help


.. |pypi-badge| image:: https://img.shields.io/pypi/v/xss-utils.svg
    :target: https://pypi.python.org/pypi/xss-utils/
    :alt: PyPI

.. |ci-badge| image:: https://github.com/edx/xss-utils/workflows/Python%20CI/badge.svg?branch=master
    :target: https://github.com/edx/xss-utils/actions?query=workflow%3A%22Python+CI%22
    :alt: CI

.. |codecov-badge| image:: http://codecov.io/github/edx/xss-utils/coverage.svg?branch=master
    :target: http://codecov.io/github/edx/xss-utils?branch=master
    :alt: Codecov

.. |doc-badge| image:: https://readthedocs.org/projects/xss-utils/badge/?version=latest
    :target: http://xss-utils.readthedocs.io/en/latest/
    :alt: Documentation

.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/xss-utils.svg
    :target: https://pypi.python.org/pypi/xss-utils/
    :alt: Supported Python versions

.. |license-badge| image:: https://img.shields.io/github/license/edx/xss-utils.svg
    :target: https://github.com/edx/xss-utils/blob/master/LICENSE.txt
    :alt: License


Change Log
----------

..
   All enhancements and patches to xss_utils will be documented
   in this file.  It adheres to the structure of http://keepachangelog.com/ ,
   but in reStructuredText instead of Markdown (for ease of incorporation into
   Sphinx documentation and the PyPI description).
   
   This project adheres to Semantic Versioning (http://semver.org/).

.. There should always be an "Unreleased" section for changes pending release.

Unreleased
~~~~~~~~~~

*

[0.4.0] - 2022-01-20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Added
_____

* Added Support for Django40

Dropped
_______

* Dropped Django22, 30, 31 from CI

[0.3.0] - 2021-07-07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Added
_____

* Support for django3.0, 3.1, 3.2

[0.1.0] - 2018-08-17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Added
_____

* Utilities to enable html escaping, preventing Cross Site Scripting (XSS) attacks in Django templates.


