Hi Michael, Michael Sparks wrote: > Just a quick Q for people: what's your favourite way (preferably a library :) > of allowing a subset of HTML tags through? I can think of 1/2 dozen different > ways of doing this, but I'm sure there's a preferred approach for some... > > Thanks in advance :-)
Whatever you go with, test it against the attacks described in the XSS Cheat Sheet[1]. If you're serious about XSS you should test against these approaches. In the past I've written a tag and attribute filter built on the standard library HTMLParser. Of course this only works for well-formed HTML (which I had). Regards, Menno [1] http://ha.ckers.org/xss.html _______________________________________________ python-uk mailing list python-uk@python.org http://mail.python.org/mailman/listinfo/python-uk
