Hi I'm looking for a xss filter, but couldn't find a xslt based filter for xhtml.
I make browser based jabber clients and the problem with xhtml (svg) is, that it is very difficult to get rid of javascript. If a "cracker" is able to execute javascript in my client, he is able to take over the account - that's not good. Here I tried to make a filter: http://lamp2.fh-stpoelten.ac.at/%7Elbz/beispiele/ws2006/xss/ If somebody has a better filter please tell me. Otherwise feel free to test and improve it. Bernhard > Indeed. And on top of that, client implementations that support > XHTML-IM, are strongly urged to sanitize incoming messages instead of > blindly feeding it to an embedded HTML renderer. This is how malware > gets its chance. > > This also goes for a possible XHTML document enclosure XEP, or any other > non-local data for that matter. >
