Cross-site scripting (XSS) defense
Is there a module (or, better yet, sample code) that scrubs user-entered text to remove cross-site scripting attacks, while also allowing a small subset of HTML through? Contemplated application: a message board that allows people to use , , and so on, but does not allow any javascript, vbscript, or other nasties. -- http://mail.python.org/mailman/listinfo/python-list
Re: Cross-site scripting (XSS) defense
Have a look at http://feedparser.org/docs/html-sanitization.html . Jim -- http://mail.python.org/mailman/listinfo/python-list
Re: Cross-site scripting (XSS) defense
Have a look at http://feedparser.org/docs/html-sanitization.html . Jim -- http://mail.python.org/mailman/listinfo/python-list
Re: Cross-site scripting (XSS) defense
On 2006-06-16, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Is there a module (or, better yet, sample code) that scrubs > user-entered text to remove cross-site scripting attacks, while also > allowing a small subset of HTML through? > > Contemplated application: a message board that allows people to use >, , and so on, but does not allow any javascript, > vbscript, or other nasties. > I use Strip-o-Gram: http://www.zope.org/Members/chrisw/StripOGram It is used quite a bit in Zope, but I believe it will also stand on its own. -- http://mail.python.org/mailman/listinfo/python-list
