On 2006-06-16, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Is there a module (or, better yet, sample code) that scrubs > user-entered text to remove cross-site scripting attacks, while also > allowing a small subset of HTML through? > > Contemplated application: a message board that allows people to use ><b>, <a href="">, <i> and so on, but does not allow any javascript, > vbscript, or other nasties. >
I use Strip-o-Gram: http://www.zope.org/Members/chrisw/StripOGram It is used quite a bit in Zope, but I believe it will also stand on its own. -- http://mail.python.org/mailman/listinfo/python-list
