Re^2: XSS-Bug in HTML::BBCode


Perl-Sensitive Sunglasses
	PerlMonks

Re^2: XSS-Bug in HTML::BBCode

by clinton (Priest)

on Aug 14, 2007 at 15:00 UTC ( #632513=note: print w/replies, xml )

Need Help??

in reply to Re: XSS-Bug in HTML::BBCode
in thread XSS-Bug in HTML::BBCode

If it's not flawless, I'll point all blame at the original author - any praise will, naturally, stop with me :)

That said, I've added tests for all (relevant) exploits on the XSS (Cross Site Scripting) Cheat Sheet website.

I don't know what tags you generate through HTML::BBCode, but you may need to override (by sub-classing) the default list if you need to add any.

Also, I think that your HTML generator would be a good match with HTML::StripScripts, because StripScripts need to receive tokens, and your module is generating tokens... the interface should be pretty easy.

If you need any help with it, drop me a /msg

Clint

Comment on Re^2: XSS-Bug in HTML::BBCode

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://632513]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others examining the Monastery: (6)

As of 2023-11-28 12:51 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?