On Wednesday, July 25, 2012 4:11:28 PM UTC+1, Volker Braun wrote:
>
> Is it?
>
> <<script>script> alert("Haha, I hacked your page."); </</script>script>
>
The html5lib sanitizer seems to handle that graciously:
In [18]: import html5lib
In [19]: from html5lib import sanitizer
In [20]: p = html5lib.HTMLParser(tokenizer = sanitizer.HTMLSanitizer)
In [21]: html = '<<script>script> alert("Haha, I hacked your page.");
</</script>script>'
In [22]: p.parse(html)
Out[22]: <None>
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/sage-support
URL: http://www.sagemath.org
