logo       
<prev   next>

Re: Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good: msg#00016

Subject: Re: Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good. 
> From: html-template-users-bounces@xxxxxxxxxxxxxxxxxxxxx [mailto:html-
> template-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Eric Frazier
> 
> This is pretty topical for me, but a little off topic for HTML::Template..
> I was looking for a good example on how to do this filtering. In the Perl
> world I found HTML::StripScripts
> and it looked like a good idea at the time sort of thing, it just seemed
> too good/complex for me. Like the best way to do things, but I don't have
> time for that :)
> 

Another option for santising input is HTML::Scrubber
(http://search.cpan.org/dist/HTML-Scrubber/). I use it via the
Data::FormValidator filter Data::FormValidator::Filters::HTMLScrubber to
remove not just scripts but tags that I don't want users to supply (like
"font").

Dan


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good., Eric Frazier
Previous by Thread:  Re: Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good., Eric Frazier
Next by Thread:  TEST_DM3 - fwd: DOW Breaks 12, 100 - Hits All-time High Again - ref. Marie Franklin, Marisol Benavides
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
audio.irate.dev...    yellowdog.gener...    ietf.ips/2002-0...    xfree86.fonts/2...    busybox/2003-07...    emacs.jdee/2004...    linux.mandrake....    hardware.microc...    user-groups.lin...    science.analysi...    version-control...    db.filemaker.de...    cluster.openmos...    mail.eyebrowse....    text.xml.xerces...    kde.devel.kwrit...    finance.moneyda...    gcc.regression/...    network.routing...    os.freebsd.deve...    recreation.radi...    qnx.openqnx.dev...    python.xml/2002...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe