Hi, I've just written a python WSGI middleware class to mitigate XSS flaws, it's released under the python license. I've attached the docs below.
Cheers Rich. WSGI Middleware class that prevents cross-site scripting flaws in WSGI applications being exploited. Potentially malicious GET and POST variables are checked for, and if found, a 403 Forbidden response is sent to the client. Note that this class can false positive on input such as XML or passwords containing the '<' character, so it is not useful in all contexts. In addition, you should note that this middleware is not a replacement for properly validating input and quoting output. This class can be downloaded from: http://www.westpoint.ltd.uk/dist/wsgisecurity.zip Author: Richard Moore, [EMAIL PROTECTED] Copyright: (c) 2006 Westpoint Ltd License: Released under the Python License Version: 1.0 -- http://mail.python.org/mailman/listinfo/python-list
