Comments on: HTML filtering and XSS protection

By: star config web design sydney

star config web design sydney — Fri, 15 Jan 2010 05:44:01 +0000

I agree with you html validation is very important when u building cms, i heared about TinyMCE editir, similar editor is used in joomla and mambo content managment system, and they using it in moodle2, it is quite well.

Thank you for your article it is really good, i liked it.

By: Sara

Sara — Tue, 27 Oct 2009 19:54:36 +0000

Interesting point on web scrappers, For web scrappers i use python for simple things, but for larger projects i have used extractingdata.com web scrapper which builds custom web scrappers and data extracting programs simple and fast

By: HTML filtering and XSS protection | Juozas devBlog

HTML filtering and XSS protection | Juozas devBlog — Mon, 30 Mar 2009 05:08:45 +0000

[...] Here is the original: HTML filtering and XSS protection | Juozas devBlog [...]

By: Jamie Krasnoo

Jamie Krasnoo — Thu, 26 Mar 2009 18:04:24 +0000

HTML Purifier is meant to scrub user input for use in a site so it won’t return the if it’s included. It will scrub it out.

HTML Purifier is a bit of a pig but if you take the time to set up its cache you’ll be rewarded with a performance increase.

By: Juozas Kaziukenas’ Blog: HTML filtering and XSS protection : Dragonfly Networks

Tue, 24 Mar 2009 04:51:59 +0000

[...] Kaziukenas has an example of how to keep you and your application’s data safe from prying eyes by filtering input with [...]

By: Juozas Kaziukenas’ Blog: HTML filtering and XSS protection : WebNetiques, LLC : Website Developers in Minneapolis, MN

Tue, 24 Mar 2009 04:49:33 +0000

[...] Kaziukenas has an example of how to keep you and your application’s data safe from prying eyes by filtering input with [...]

By: Jim R. Wilson

Jim R. Wilson — Mon, 23 Mar 2009 17:58:03 +0000

You’re absolutely right that purifying potentially malicious HTML is a pain. One solution that I particularly like is using a light markup language in lieu of allowing full-blown HTML.

A variety of suitable light markup languages exist, such as Markdown, Textile and those included with wiki systems (MediaWiki’s wikitext comes to mind). Of course, this generally comes as a tradeoff since most WYSIWYG editors focus on creating HTML to return to the server.

If your users can tolerate learning a light markup language, IMO that’s a good way to go.

By: Juozas Kaziukenas’ Blog: HTML filtering and XSS protection | Development Blog With Code Updates : Developercast.com

Mon, 23 Mar 2009 16:42:11 +0000

[...] Kaziukenas has an example of how to keep you and your application’s data safe from prying eyes by filtering input with [...]

By: Juozas

Juozas — Sun, 22 Mar 2009 12:56:11 +0000

Hi, thanks for your comment.

What about returning:

doctype return

? It shouldn’t be that hard to implement :)

By: Edward Z. Yang

Edward Z. Yang — Sun, 22 Mar 2009 08:59:56 +0000

Hello!

Thanks for your blog post about HTML Purifier. You are right: HTML Purifier isn’t currently able to return HTML with the head tag; it’s just not what HTML Purifier is made for. Maybe in a future version it will have that functionality (probably when we build-in HTML5 parsing).