[XSL-LIST Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] xhtml sanitizer
What would be the best way to implement an html "sanitizer"? E.g. for web-based input forms, you want to prevent cross-site scripting and other attacks. One way would be to allow xhtml input (but it's probably unreasonable to assume that people would input syntatically correct xhtml), and then have a DTD of allowed elements and attributes. On validation error the user is thrown back to the form. Another way could be to have an xsl that copies only allowed nodes. Comments? Is this still a job best left to other things, like regular expressions? -- Guy McArthur * email{guym@xxxxxxxxxxx} http{guymcarthur.com} XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|