Re: [htmltmpl] Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good.
Brought to you by:
samtregar
Menu
▾
▴
Re: [htmltmpl] Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good.
|
From: Dan H. <dan...@re...> - 2006-10-26 17:14:14
|
> From: htm...@li... [mailto:html- > tem...@li...] On Behalf Of Eric Frazier > > This is pretty topical for me, but a little off topic for HTML::Template.. > I was looking for a good example on how to do this filtering. In the Perl > world I found HTML::StripScripts > and it looked like a good idea at the time sort of thing, it just seemed > too good/complex for me. Like the best way to do things, but I don't have > time for that :) > Another option for santising input is HTML::Scrubber (http://search.cpan.org/dist/HTML-Scrubber/). I use it via the Data::FormValidator filter Data::FormValidator::Filters::HTMLScrubber to remove not just scripts but tags that I don't want users to supply (like "font"). Dan |
