[Fixed]-How to secure a Django template to get its values (HTML and Javascript) altered by inspect element feature of web browser?


This is a classic example of the X-Y problem; your chosen solution, storing calculated data in fields, is subject to a security issue, so you ask how that can be prevented, rather than realising this solution is not suitable.

You should not be sending the total from your form at all. Feel free to calculate it in JS to show to the user, but don’t send it. You are already posting the details of the selected packages to the backend; use that data, rather than the posted total, to calculate the actual amount payable.

Leave a comment