Metadata-Version: 2.4
Name: xss-utils
Version: 1.0.0
Summary: Utility functions to prevent possible XSS attack on django/mako templates
Home-page: https://github.com/openedx/xss-utils
Author: edX
Author-email: oscm@edx.org
License: AGPL 3.0
Keywords: Django edx
Classifier: Development Status :: 3 - Alpha
Classifier: Framework :: Django
Classifier: Framework :: Django :: 4.2
Classifier: Framework :: Django :: 5.2
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.12
License-File: LICENSE
License-File: AUTHORS
Requires-Dist: Django>=1.11
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: home-page
Dynamic: keywords
Dynamic: license
Dynamic: license-file
Dynamic: requires-dist
Dynamic: summary

xss-utils
=============================

Utilities to prevent possible Cross Site Scripting (XSS) attacks on Django/Mako templates.

Overview
------------------------

This repo houses utility functions to protect edx codebase (Python, Javascript and other templating
engine eg django/mako) against possible XSS attacks. Helper code include html & js escaping filters
for django and mako templates.
For more information, please read `Preventing Cross Site Scripting Vulnerabilities <https://docs.openedx.org/en/latest/developers/references/developer_guide/preventing_xss/index.html>`_.

Documentation
-------------

The full documentation is in the docs directory
TODO: Publish to https://xss-utils.readthedocs.org.

License
-------

The code in this repository is licensed under the AGPL 3.0 unless
otherwise noted.

Please see ``LICENSE.txt`` for details.

How To Contribute
-----------------

Contributions are very welcome.

Please read `How To Contribute <https://github.com/openedx/.github/blob/master/CONTRIBUTING.md>`_ for details.

PR description template should be automatically applied if you are sending PR from github interface; otherwise you
can find it it at `PULL_REQUEST_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/PULL_REQUEST_TEMPLATE.md>`_

Issue report template should be automatically applied if you are sending it from github UI as well; otherwise you
can find it at `ISSUE_TEMPLATE.md <https://github.com/openedx/xss-utils/blob/master/.github/ISSUE_TEMPLATE.md>`_

Reporting Security Issues
-------------------------

Please do not report security issues in public. Please email security@openedx.org.

Getting Help
------------

Have a question about this repository, or about Open edX in general?  Please
refer to this `list of resources`_ if you need any assistance.

.. _list of resources: https://open.edx.org/getting-help


.. |pypi-badge| image:: https://img.shields.io/pypi/v/xss-utils.svg
    :target: https://pypi.python.org/pypi/xss-utils/
    :alt: PyPI

.. |ci-badge| image:: https://github.com/openedx/xss-utils/workflows/Python%20CI/badge.svg?branch=master
    :target: https://github.com/openedx/xss-utils/actions?query=workflow%3A%22Python+CI%22
    :alt: CI

.. |codecov-badge| image:: http://codecov.io/github/edx/xss-utils/coverage.svg?branch=master
    :target: http://codecov.io/github/edx/xss-utils?branch=master
    :alt: Codecov

.. |doc-badge| image:: https://readthedocs.org/projects/xss-utils/badge/?version=latest
    :target: http://xss-utils.readthedocs.io/en/latest/
    :alt: Documentation

.. |pyversions-badge| image:: https://img.shields.io/pypi/pyversions/xss-utils.svg
    :target: https://pypi.python.org/pypi/xss-utils/
    :alt: Supported Python versions

.. |license-badge| image:: https://img.shields.io/github/license/edx/xss-utils.svg
    :target: https://github.com/openedx/xss-utils/blob/master/LICENSE.txt
    :alt: License


Change Log
----------

..
   All enhancements and patches to xss_utils will be documented
   in this file.  It adheres to the structure of http://keepachangelog.com/ ,
   but in reStructuredText instead of Markdown (for ease of incorporation into
   Sphinx documentation and the PyPI description).

   This project adheres to Semantic Versioning (http://semver.org/).

.. There should always be an "Unreleased" section for changes pending release.

Unreleased
~~~~~~~~~~

[0.8.0] - 2025-04-17
~~~~~~~~~~~~~~~~~~~~

* Add support for django 5.2.

[0.7.1] - 2025-02-28
~~~~~~~~~~~~~~~~~~~~

* Fix to PyPI publishing workflow.

[0.7.0] - 2025-02-28
~~~~~~~~~~~~~~~~~~~~

* Drop support for Python 3.8

[0.6.0] - 2024-04-22
~~~~~~~~~~~~~~~~~~~~

* Test and declare Python 3.11 and 3.12 compatibility.

[0.5.0] - 2023-08-01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Switch from ``edx-sphinx-theme`` to ``sphinx-book-theme`` since the former is
  deprecated.  See https://github.com/openedx/edx-sphinx-theme/issues/184 for
  more details.
* Added supportt for Django 4.2

[0.4.0] - 2022-01-20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Added
_____

* Added Support for Django40

Dropped
_______

* Dropped Django22, 30, 31 from CI

[0.3.0] - 2021-07-07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Added
_____

* Support for django3.0, 3.1, 3.2

[0.1.0] - 2018-08-17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Added
_____

* Utilities to enable html escaping, preventing Cross Site Scripting (XSS) attacks in Django templates.
