python pymsql 重写ORM save方法防止XSS攻击
class BaseModel(models.Model):
create_time = models.DateField(auto_now_add=True, null=True, verbose_name='创建时间')
update_time = models.DateField(auto_now=True, null=True, verbose_name='更新时间')
class Meta:
abstract = True
def save(self, *args, **kwargs):
for field in self._meta.concrete_fields:
obj = getattr(self, field.name, None)
if isinstance(old, str):
obj = obj.replace('>', '>').replace('<', '<').replace('"', '"')
setattr(self, field.name, obj)
super().save(self)