views:

303

answers:

1

Hi

I'm guessing this is going to involve regexp or something, but I'll give it a shot. At the minute, a user can break a website by typing something similar to £$(*£$(£@$&£($ in the title field, which is converted into a slug using Django slugify.

Because none of these characters can be converted, Django returns an error. My question is, what should I put in the form validation method to raise a forms.ValidationError when the user uses a title like this?

Thanks.

+5  A: 

A slug should have at least one letter or number. The regex you're looking for is just:

[a-zA-Z0-9]+

or

[\w\d]+

But you should also check to see if there are other slugs (already stored) with the same name.

Oli
Seems to work. Thanks a lot mate. In clean_field method: if re.match("[a-zA-Z0-9]+", potential_slug) == None: raise forms.ValidationError("The title is not sluggable.")