Cross-site scripting (XSS) defense
lee at example.com
Fri Jun 16 23:52:12 CEST 2006
On 2006-06-16, johnzenger at gmail.com <johnzenger at gmail.com> wrote:
> Is there a module (or, better yet, sample code) that scrubs
> user-entered text to remove cross-site scripting attacks, while also
> allowing a small subset of HTML through?
> Contemplated application: a message board that allows people to use
> vbscript, or other nasties.
I use Strip-o-Gram:
It is used quite a bit in Zope, but I believe it
will also stand on its own.
More information about the Python-list