Hi,
I've just written a python WSGI middleware class to mitigate
XSS flaws, it's released under the python license. I've
attached the docs below.
Cheers
Rich.
WSGI Middleware class that prevents cross-site scripting flaws
in WSGI applications being exploited. Potentially malicious GET
and POST variables are checked for, and if found, a 403
Forbidden response is sent to the client.
Note that this class can false positive on input such as XML
or passwords containing the '<' character, so it is not useful
in all contexts. In addition, you should note that this
middleware is not a replacement for properly validating
input and quoting output.
This class can be downloaded from:
http://www.westpoint.ltd.uk/dist/wsgisecurity.zip
Author: Richard Moore, [EMAIL PROTECTED]
Copyright: (c) 2006 Westpoint Ltd
License: Released under the Python License
Version: 1.0
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
_______________________________________________
Web-SIG mailing list
Web-SIG@python.org
Web SIG: http://www.python.org/sigs/web-sig
Unsubscribe:
http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
