does Django HttpResponseRedirect suffer from xss attack?
Solution 1:
Django is generally secure by default framework, that means that it should not be vulnerable to the most common attacks (such as XSS, SQLi etc.).
As long as you didn't use mark_safe()
method (reference) or safe
template tag (<span id="search-query" >You searched for {{ query | safe }}</span>
) you should be safe from XSS attacks etc., because Django automatically escapes dangerous strings.
In your particullar case, XSS is impossible, as your URL accepts integers only (and as far as I understand, it displays only an ID of the question in the browser).
To sum up, for XSS in Django you have to use {{ something | safe }}
template tag, and load a string with malicious XSS payload to the HTML template.