[python-uk] Favourite ways of scrubbing HTML/whitelisting specific HTML tags?
Michael Foord
fuzzyman at voidspace.org.uk
Thu Feb 7 18:43:36 CET 2008
Jon Ribbens wrote:
> On Thu, Feb 07, 2008 at 02:35:29PM +0000, Michael Sparks wrote:
>
>> Just a quick Q for people: what's your favourite way (preferably a library :)
>> of allowing a subset of HTML tags through? I can think of 1/2 dozen different
>> ways of doing this, but I'm sure there's a preferred approach for some...
>>
>
> Be aware that if you are doing this for security reasons (e.g. to
> prevent cross-site scripting), it is very hard to get right.
>
> The code at
> http://www.voidspace.org.uk/python/weblog/arch_d7_2005_04_23.shtml#e35
> is wrong, for example.
>
I take no responsibility for anything I did two years ago. ;-)
That aside, what *is* wrong with it. (I know nothing about XSS nor was
that my concern - but I am interested).
Michael
> _______________________________________________
> python-uk mailing list
> python-uk at python.org
> http://mail.python.org/mailman/listinfo/python-uk
>
>
More information about the python-uk
mailing list