BBS--后台管理页面，编辑文章,xss攻击

1

1、对文章进行增删改查

 # 后台管理url
    re_path(r'^cn_backend/$', views.cn_backend, name='cn_backend'),
    re_path(r'^cn_backend/add_article/$', views.add_article, name='add_articles'),

view视图

from django.shortcuts import render, HttpResponse, redirect
from blog import models
from django.contrib.auth.decorators import login_required  # 用户登录证装饰器


@login_required
def cn_backend(request):
    """后台管理页面"""
    article_list = models.Article.objects.filter(user=request.user)

    return render(request, "backend/backend.html", locals())


@login_required
def add_article(request):

    if request.method == "POST":
        title = request.POST.get('title')
        content = request.POST.get('content')

        models.Article.objects.create(title=title,content=content, user=request.user)
        return redirect("/cn_backend/")
    return render(request, "backend/add_article.html", locals())

2、文本编辑器

 比如你写  hello 选择标题一    编辑器后台的模式为<h1>hello</h1>