Cross-site scripting (XSS) defense
Lee Harr
lee at example.com
Fri Jun 16 17:52:12 EDT 2006
On 2006-06-16, johnzenger at gmail.com <johnzenger at gmail.com> wrote:
> Is there a module (or, better yet, sample code) that scrubs
> user-entered text to remove cross-site scripting attacks, while also
> allowing a small subset of HTML through?
>
> Contemplated application: a message board that allows people to use
><b>, <a href="">, <i> and so on, but does not allow any javascript,
> vbscript, or other nasties.
>
I use Strip-o-Gram:
http://www.zope.org/Members/chrisw/StripOGram
It is used quite a bit in Zope, but I believe it
will also stand on its own.
More information about the Python-list
mailing list