Skip to content

Commit

Permalink
Merge pull request #41 from MomHelpMe/fix/xss
Browse files Browse the repository at this point in the history 
xss 방지
  • Loading branch information
@seungwonme
seungwonme authored Dec 30, 2024
2 parents 084a53a + 6a2bce6 commit 98ba3f6
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
4 changes: 2 additions & 2 deletions backend/users/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ class User(models.Model):
]

user_id = models.IntegerField(primary_key=True)
nickname = models.CharField(max_length=255)
email = models.EmailField(max_length=255)
nickname = models.CharField(max_length=12)
email = models.EmailField(max_length=255 )
img_url = models.URLField(blank=True)
is_2FA = models.BooleanField(default=False)
is_online = models.BooleanField(default=False)
Expand Down
3 changes: 3 additions & 0 deletions backend/users/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
from login.views import decode_jwt
from drf_yasg.utils import swagger_auto_schema
from game.onlineConsumers import OnlineConsumer
from django.utils.html import escape


class UserDetailView(APIView):
Expand All @@ -36,6 +37,8 @@ def put(self, request):
# FIXME: is_online도 변경이 가능함 수정 필요
serializer = UserSerializer(user, data=request.data, partial=True)
if serializer.is_valid():
serializer.validated_data['nickname'] = escape(serializer.validated_data['nickname'])
serializer.validated_data['img_url'] = escape(serializer.validated_data['img_url'])
serializer.save()
return JsonResponse(serializer.data)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
Expand Down

0 comments on commit 98ba3f6

Please sign in to comment.