[Catalyst] What do you guys use for sanitizing HTML input
mateu
hunter at missoula.org
Mon Jul 20 20:09:27 GMT 2009
Zbigniew Lukasiak wrote:
>
> I noticed that there is a new HTML sanitizer bundled with Mojo:
> http://search.cpan.org/~mramberg/MojoMojo-0.999030/lib/HTML/Declaw.pm
> by our own Marcus Ramberg. The POD says it is a modifed version of
> HTML::Defang - but there is no clue as to what was really modified and
> why it is a fork.
>
It was done because HTML::Defang had to be modified to fit MojoMojo needs.
The main changes have been:
* handle colgroup and col tags properly
* allow for youtube type src
We're not even sure if we'll continue to use a HTML::Defang or the derived
HTML::Declaw, but for now it's how we do XSS stripping.
--
View this message in context: http://www.nabble.com/What-do-you-guys-use-for-sanitizing-HTML-input-tp24554945p24576677.html
Sent from the Catalyst Web Framework mailing list archive at Nabble.com.
More information about the Catalyst
mailing list