I'm receiving data in Django using the editor Quill, data formatted as HTML.
It is possible to encode/clean the data when I push in the database, and when I retrieve to be back in html ? If yes how ?
Also I use only paragraph,lists and
(this is passed by editor), but I want to check if the user doesn't add anything else in code.
For example:
I get from the editor:
<li>fdsafdsafdsa</li><li>fdsafdafsdafds</li>
In the database I want to save as(now I save as html):
<li>fdsafdsa</li><li>fdsafdsa</li
When I push back to page, I serve back:
<li>fdsafdsafdsa</li><li>fdsafdafsdafds</li>
I finally decided to use the bleach package form Mozilla like this:
value = bleach.clean(value, tags=['p', 'ul', 'ol', 'li', 'br'])