"""直接返回 HTML内容的视图，（存在XXS cross site scripting 漏洞，能被攻击者使用）"""

def resume_datail(request, pk):    try:        resume = Resume.objects.get(pk=pk)        content = f"name: {resume.username} <br> introduction: {resume.candidate_introduction} <br>"        return HttpResponse(content)    except Resume.DoesNotExist:        raise Http404(_("resume does not exist"))

from django.conf import settings
# 测试是否为开发环境if settings.DEBUG:
    urlpatterns += [        re_path(r'^resume/detail/(?P<pk>\d+)/$', jobs.views.resume_datail, name='resume_datail')    ]

def escape(s, quote=True):    """    Replace special characters "&", "<" and ">" to HTML-safe sequences.    If the optional flag quote is true (the default), the quotation mark    characters, both double quote (") and single quote (') characters are also    translated.    """    s = s.replace("&", "&amp;") # Must be done first!    s = s.replace("<", "&lt;")    s = s.replace(">", "&gt;")    if quote:        s = s.replace('"', "&quot;")        s = s.replace('\'', "&#x27;")    return s

import htmldef resume_datail(request, pk):    try:        resume = Resume.objects.get(pk=pk)        content = f"name: {resume.username} <br> introduction: {resume.candidate_introduction} <br>"
        return HttpResponse(html.escape(content))    except Resume.DoesNotExist:        raise Http404(_("resume does not exist"))

              🤞到这里，如果还有什么疑问🤞    🎩欢迎私信博主问题哦，博主会尽自己能力为你解答疑惑的！🎩      🥳如果对你有帮助，你的赞是对博主最大的支持！！🥳