Cross-site scripting (XSS) defense

J

johnzenger

Is there a module (or, better yet, sample code) that scrubs
user-entered text to remove cross-site scripting attacks, while also
allowing a small subset of HTML through?

Contemplated application: a message board that allows people to use
<b>, <a href="">, <i> and so on, but does not allow any javascript,
vbscript, or other nasties.
 
L

Lee Harr

Is there a module (or, better yet, sample code) that scrubs
user-entered text to remove cross-site scripting attacks, while also
allowing a small subset of HTML through?

Contemplated application: a message board that allows people to use
<b>, <a href="">, <i> and so on, but does not allow any javascript,
vbscript, or other nasties.
Click to expand...


I use Strip-o-Gram:
http://www.zope.org/Members/chrisw/StripOGram

It is used quite a bit in Zope, but I believe it
will also stand on its own.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Filter user entered Html for possible Cross Site Scripting attacks 0
Cross-Site Scripting ! 0
So called cross-site (XSS) vulnerabilities: a new fraud or a stupidme? 1
Cross Site Scripting 2
Ruby, Web Apps and Cross Site Scripting 2
Cross-Domain-Scripting 1
Cross-Site Scripting basic sample 0
cross site scripting 3

Members online

No members online now.
Total: 14 (members: 0, guests: 14)
Robots: 150

Forum statistics

Threads
473,776
Messages
2,569,603
Members
45,189
Latest member
CryptoTaxSoftware

Latest Threads

Top