ANNOUNCE: WSGI XSS Prevention Middleware
richmoore44 at gmail.com
richmoore44 at gmail.com
Fri Nov 24 10:56:25 EST 2006
Hi,
I've just written a python WSGI middleware class to mitigate
XSS flaws, it's released under the python license. I've
attached the docs below.
Cheers
Rich.
WSGI Middleware class that prevents cross-site scripting flaws
in WSGI applications being exploited. Potentially malicious GET
and POST variables are checked for, and if found, a 403
Forbidden response is sent to the client.
Note that this class can false positive on input such as XML
or passwords containing the '<' character, so it is not useful
in all contexts. In addition, you should note that this
middleware is not a replacement for properly validating
input and quoting output.
This class can be downloaded from:
http://www.westpoint.ltd.uk/dist/wsgisecurity.zip
Author: Richard Moore, rich at westpoint.ltd.uk
Copyright: (c) 2006 Westpoint Ltd
License: Released under the Python License
Version: 1.0
More information about the Python-list
mailing list