Django Framework

  1. Security
    1. Cross-Site Scripting (XSS) Protection
      1. Auto-Escaping in Templates
        1. Marking Safe Content
          1. `|safe` Filter
            1. `{% autoescape %}` Tag
            2. Cross-Site Request Forgery (CSRF) Protection
              1. CSRF Middleware
                1. Using `{% csrf_token %}` in Forms
                  1. CSRF in AJAX
                    1. Exempting Views from CSRF
                      1. `@csrf_exempt`
                    2. SQL Injection Protection
                      1. ORM Query Safety
                        1. Parameterized Queries
                          1. Avoiding Raw SQL
                            1. Safe Use of `extra()`
                            2. Clickjacking Protection
                              1. X-Frame-Options Middleware
                                1. Using `@xframe_options_exempt`
                                  1. Using `@xframe_options_deny`
                                    1. Using `@xframe_options_sameorigin`
                                    2. HTTPS/SSL
                                      1. Enforcing HTTPS
                                        1. `SECURE_SSL_REDIRECT`
                                          1. `SECURE_PROXY_SSL_HEADER`
                                          2. Secure Cookies
                                          3. HSTS Settings
                                            1. `SECURE_HSTS_SECONDS`
                                              1. `SECURE_HSTS_INCLUDE_SUBDOMAINS`
                                                1. `SECURE_HSTS_PRELOAD`
                                                2. Content Security Policy
                                                3. User Input Validation
                                                  1. Form Validation
                                                    1. Model Validation
                                                      1. File Upload Security
                                                      2. The `check --deploy` Command
                                                        1. Running Deployment Checks
                                                          1. Interpreting Warnings and Errors
                                                            1. Security Check Categories

                                                          Previous

                                                          11. Testing

                                                          Go to top

                                                          Next

                                                          13. Advanced Topics