Menu
▾
▴
[Nms-cgi-devel] Re: [Nms-cgi-commits] CVS Commit guestbook.pl
|
From: Nick C. <ni...@cl...> - 2001-12-15 00:35:48
|
On Fri, Dec 14, 2001 at 04:19:25PM -0800, Nick Cleaton wrote: > > Modified Files: > guestbook.pl > Log Message: > Added a whitelist-based HTML filter to strip out unsafe constructs > when $allow_html is 1 > This needs testing. It limits HTML constructs to safe tags with safe attributes, and untangles things like <b><i></b></i>. It doesn't do anything about improper nesting order (as in <i><table></table></i>) but I don't think it needs to in order to be secure against malicious scripting constructs. Since it's already too long and too complicated, I'm not inclined to add nesting order logic. -- Nick |
