Prevent XSS attacks

emailtapan4 · March 4, 2022, 10:01pm

Hello, Below is the versions I have:
Dash: 1.21.0

My app has an input of type text where the user has the capability to enter any text along with some special characters as well. However, recently it was observed that, it was allowing a javascript script code as well(that may contain malicious code) and it was saving successfully as well.
How can I prevent user from entering any malicious code like javascripts, codes, etc.
Any suggestions are appreciated.

Thanks

tphil10 · March 5, 2022, 2:13pm

The idea you are thinking of is sanitizing your inputs. There’s a bunch of python libraries to do this, one of the more popular ones is bleach. Should be able to apply it’s functions to your input results and it’ll strip out the malicious code.

emailtapan4 · March 7, 2022, 2:16pm

Thanks @tphil10 for your suggestion. Appreciate it !!

Topic		Replies	Views
Writing Secure Dash Apps - Community Thread Dash Python	4	6613	June 21, 2022
How to validate user input via client side javascript Dash Python	2	723	May 29, 2021
Input Validations Dash Python	1	3450	April 30, 2018
How to accept only numbers and special characters including for input with type Text Dash Python question	3	807	May 23, 2022
What is the Current Way to Disable CSRF? (my_app = dash.Dash(csrf_protect=False)) Dash Python question	0	512	July 19, 2022

Prevent XSS attacks

Related topics