[Catalyst] What do you guys use for sanitizing HTML input

mateu hunter at missoula.org
Mon Jul 20 20:09:27 GMT 2009

Zbigniew Lukasiak wrote:
> I noticed that there is a new HTML sanitizer bundled with Mojo:
> http://search.cpan.org/~mramberg/MojoMojo-0.999030/lib/HTML/Declaw.pm
> by our own Marcus Ramberg.  The POD says it is a modifed version of
> HTML::Defang - but there is no clue as to what was really modified and
> why it is a fork.

It was done because HTML::Defang had to be modified to fit MojoMojo needs. 
The main changes have been:

* handle colgroup and col tags properly
* allow for youtube type src

We're not even sure if we'll continue to use a HTML::Defang or the derived
HTML::Declaw, but for now it's how we do XSS stripping.

View this message in context: http://www.nabble.com/What-do-you-guys-use-for-sanitizing-HTML-input-tp24554945p24576677.html
Sent from the Catalyst Web Framework mailing list archive at Nabble.com.

More information about the Catalyst mailing list