[Web-SIG] ANNOUNCE: WSGI XSS Prevention Middleware
Richard Moore
rich at westpoint.ltd.uk
Fri Nov 24 15:03:53 CET 2006
Hi,
I've just written a python WSGI middleware class to mitigate
XSS flaws, it's released under the python license. I've
attached the docs below.
Cheers
Rich.
WSGI Middleware class that prevents cross-site scripting flaws
in WSGI applications being exploited. Potentially malicious GET
and POST variables are checked for, and if found, a 403
Forbidden response is sent to the client.
Note that this class can false positive on input such as XML
or passwords containing the '<' character, so it is not useful
in all contexts. In addition, you should note that this
middleware is not a replacement for properly validating
input and quoting output.
This class can be downloaded from:
http://www.westpoint.ltd.uk/dist/wsgisecurity.zip
Author: Richard Moore, rich at westpoint.ltd.uk
Copyright: (c) 2006 Westpoint Ltd
License: Released under the Python License
Version: 1.0
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
More information about the Web-SIG
mailing list