Django security libraries

Tools

Bleach (sanitizing library for Django)

data sanitizing

Bleach is a library for Django that can sanitize HTML by escaping and stripping harmful content. It provides a filter for untrusted content and disarms potential unwanted scripts from the input. This may be useful to apply to data that is transmitted via HTML forms or otherwise.

django-sudo ('sudo' for Django applications)

application security

For some destructive events like removing an account, you may want to revalidate if the user really wants to continue. To ensure it is the actual owner of the account, django-sudo requests authentication again within the web application. GitHub uses this as well for some events like ownership changes and deletions.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.