Hi Djangoers,
I was a little disappointed to see that Django doesn't include a safe HTML checker / sanitizer. RoR has something along these lines afaik (which is very little in this case).
It's an understandable omission, but a good community maintained HTML security checker could go a *long way* to prevent Django from falling into the same XSS pit as PHP (well, the python language doesn't suck horrible, which helps, of course).
Getting secure HTML validation right is quite hard: http://ha.ckers.org/xss.html
And XSS is nasty. It's been thought of as a trivial problem, but there's already been an XSS based myspqce worm. XSS can easily be used to steal a user's authentication info, for instance, which can enable identity theft.
Anyway, I was wondering if anyone has tried to solve this in their own implementations. Any suggestions for a good HTML sanitizing library that's python friendly? Am I missing some implementation of this functionality buried away in django?
Thanks again,
~ol
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
- XSS and Secure HTML Filtering Oliver Lavery
- Re: XSS and Secure HTML Filtering James Bennett
- Re: XSS and Secure HTML Filtering SmileyChris
- Re: Re: XSS and Secure HTML Filtering James Bennett
- Re: XSS and Secure HTML Filtering Oliver Lavery
- Re: XSS and Secure HTML Filtering SmileyChris
- Re: XSS and Secure HTML Filtering Oliver Lavery
- Re: Re: XSS and Secure HTML Filtering James Bennett
- Re: Re: XSS and Secure HTML Filtering Oliver Lavery
- Re: Re: Re: XSS and Secure HTML Filter... James Bennett
