Re: [PyCS-devel] html_cleaner.py is not safe
Status: Alpha
Brought to you by:
myelin
Menu
▾
▴
Re: [PyCS-devel] html_cleaner.py is not safe
|
From: Phillip P. <pp...@my...> - 2003-10-12 19:23:43
|
> Maybe we should switch from html_cleaner to use stripogram? That's what > I use in PyDS. Seems to work quite nicely. I _think_ that's what Yasushi > says on his weblog, too. Babelfish is sometimes a bit problematic - > sometimes the english version doesn't make more sense than the japanese > one ;-) Sounds fine to me. html_cleaner _is_ used (in comments/__init__.py) but Yasushi's correct in that it doesn't attempt to strip out dodgy html tags. I'm sure there's a bunch of XSS holes in PyCS - we should drop stripogram in there and use it for things like referrer pages as well ... Cheers, Phil |
