xhtml sanitizer

Play the video

Subject: xhtml sanitizer
From: Guy McArthur <guym@xxxxxxxxxxxxxxx>
Date: Fri, 19 Jul 2002 10:18:20 -0700 (MST)

What would be the best way to implement an html "sanitizer"?
E.g. for web-based input forms, you want to prevent cross-site scripting 
and other attacks.

One way would be to allow xhtml input (but it's probably unreasonable to
assume that people would input syntatically correct xhtml), and then have
a DTD of allowed elements and attributes. On validation error the user is
thrown back to the form. Another way could be to have an xsl that copies
only allowed nodes.

Comments? Is this still a job best left to other things, like regular 
expressions?

--
Guy McArthur * email{guym@xxxxxxxxxxx} http{guymcarthur.com}      


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list

Current Thread
Good XPath book name. Mukul . Mudgal - Fri, 19 Jul 2002 06:36:13 -0400 (EDT) James Fuller - Fri, 19 Jul 2002 06:53:09 -0400 (EDT) Michael Kay - Fri, 19 Jul 2002 11:11:29 -0400 (EDT) G. Ken Holman - Fri, 19 Jul 2002 12:56:12 -0400 (EDT) Guy McArthur - Fri, 19 Jul 2002 13:17:09 -0400 (EDT) <=

<- Previous	Index	Next ->
Re: Good XPath book name., G. Ken Holman	Thread	strings and recursive templat, Andrew Welch
Re: Hierarchy problem, Dimitre Novatchev	Date	Re: The longest node in a nod, J.Pietschmann
	Month

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >