does Django HttpResponseRedirect suffer from xss attack?

Solution 1:

Django is generally secure by default framework, that means that it should not be vulnerable to the most common attacks (such as XSS, SQLi etc.).

As long as you didn't use mark_safe() method (reference) or safe template tag (<span id="search-query" >You searched for {{ query | safe }}</span>) you should be safe from XSS attacks etc., because Django automatically escapes dangerous strings.

In your particullar case, XSS is impossible, as your URL accepts integers only (and as far as I understand, it displays only an ID of the question in the browser).

To sum up, for XSS in Django you have to use {{ something | safe }} template tag, and load a string with malicious XSS payload to the HTML template.

Error creating a connection to Postgresql while preparing konga database

Take content from one text file and put it in another with PHP?

new int[size] vs std::vector

Terraform: googleapi: Error 403: Permission denied on resource project

How to extract values within a quotation from a string using regex? [duplicate]

Why BINARY usage in SQLAlchemy with Python3 cause a TypeError: 'string argument without an encoding'

ERROR: Could not build wheels for pymssql, which is required to install pyproject.toml-based projects In Mac M1

Is there a way to detect localstorage changes and rerun boot file or reassign a value in vuejs or javascript?

Using a callback on click of react-date-range defined ranges

How to convert $() into document.getElement? [duplicate]

How to mutate a new tibble column to include a data frame whose name is given as a string in the tibble?

FF XIII-2 Cemetary