Page 3 of 3
Posted: Sat Jul 08, 2006 1:45 pm
by s.dot
Feyd wrote me a nice HTML sanitizer, which includes a default blacklist of "bad tags" and "bad attributes". I am not sure the liscense on that, as I paid for it, and I'm not sure how he uses it. But you might want to ask him for the default blacklist for his 'cleanTags' project.
Posted: Wed Jul 12, 2006 12:23 am
by wei
There are many possibilities to inject malicious code into html, see
http://ha.ckers.org/xss.html
For php the safehtml tool is quite good and is faster than your usually regexp checks (which are not really safe either).
http://pixel-apes.com/safehtml/
and it tried to convert nasty code to valid xhtml as well.
Posted: Thu Jul 20, 2006 10:09 am
by Bigun
wei wrote:There are many possibilities to inject malicious code into html, see
http://ha.ckers.org/xss.html
For php the safehtml tool is quite good and is faster than your usually regexp checks (which are not really safe either).
http://pixel-apes.com/safehtml/
and it tried to convert nasty code to valid xhtml as well.
That safehtml tool looks great, but I don't see any documentation for implementation...