NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Cross-site scripting (XSS) defense
3 answers - 365 bytes -
Is there a module (or, better yet, sample code) that scrubs
user-entered text to remove cross-site scripting attacks, while also
allowing a small subset of HTML through?
Contemplated application: a message board that allows people to use
<b>, <a href="">, <iand so on, but does not allow any javascript,
vbscript, or other nasties.No.1 | | 25 bytes |
| 
Have a look at
JimNo.2 | | 25 bytes |
| Have a look at
JimNo.3 | | 599 bytes |
| 2006-06-16, johnzenger (AT) gmail (DOT) com <johnzenger (AT) gmail (DOT) comwrote:
Is there a module (or, better yet, sample code) that scrubs
user-entered text to remove cross-site scripting attacks, while also
allowing a small subset of HTML through?
Contemplated application: a message board that allows people to use
><b>, <a href="">, <iand so on, but does not allow any javascript,
vbscript, or other nasties.
I use Strip-o-Gram:
It is used quite a bit in Zope, but I believe it
will also stand on its own.
QUESTION ON "Development"
- BeautifulSoup error
- Opening an editor for interactive use
- modeling logit(y/n) using lrm
- modeling logit(y/n) using lrm
- number of iteration s exceeded maximum of 50
- download file from intranet linux server to windows clients
- New: .debug_str is used only when optimizing
- gfortran gives "Array bound mismatch" for valid program
- r61805 - trunk/ipod-sharp/tests
- publishing repos with Apache?
- add elements to indexed list locations
- Help Installing on FC4
- New: Dwarf no longer uses merged strings for DW_AT_comp_dir
- MIPS RDHWR instruction reordering
- New: codecvt locale facet is broken (reproducible crash)
- New: ICE in inline_forbidden_p
- New: ICE in simplify_subreg, at simplify-rtx.c:4466
- Normalize svn:ignore pattern matching
- Extracting values from text file
- Pycrypto