Zbigniew Lukasiak wrote: > > I noticed that there is a new HTML sanitizer bundled with Mojo: > http://search.cpan.org/~mramberg/MojoMojo-0.999030/lib/HTML/Declaw.pm > by our own Marcus Ramberg. The POD says it is a modifed version of > HTML::Defang - but there is no clue as to what was really modified and > why it is a fork. >
It was done because HTML::Defang had to be modified to fit MojoMojo needs. The main changes have been: * handle colgroup and col tags properly * allow for youtube type src We're not even sure if we'll continue to use a HTML::Defang or the derived HTML::Declaw, but for now it's how we do XSS stripping. -- View this message in context: http://www.nabble.com/What-do-you-guys-use-for-sanitizing-HTML-input-tp24554945p24576677.html Sent from the Catalyst Web Framework mailing list archive at Nabble.com. _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/