What is 'harmful' HTML?
Moderator: General Moderators
Feyd wrote me a nice HTML sanitizer, which includes a default blacklist of "bad tags" and "bad attributes". I am not sure the liscense on that, as I paid for it, and I'm not sure how he uses it. But you might want to ask him for the default blacklist for his 'cleanTags' project.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
There are many possibilities to inject malicious code into html, see
http://ha.ckers.org/xss.html
For php the safehtml tool is quite good and is faster than your usually regexp checks (which are not really safe either).
http://pixel-apes.com/safehtml/
and it tried to convert nasty code to valid xhtml as well.
http://ha.ckers.org/xss.html
For php the safehtml tool is quite good and is faster than your usually regexp checks (which are not really safe either).
http://pixel-apes.com/safehtml/
and it tried to convert nasty code to valid xhtml as well.
That safehtml tool looks great, but I don't see any documentation for implementation...wei wrote:There are many possibilities to inject malicious code into html, see
http://ha.ckers.org/xss.html
For php the safehtml tool is quite good and is faster than your usually regexp checks (which are not really safe either).
http://pixel-apes.com/safehtml/
and it tried to convert nasty code to valid xhtml as well.