comment on

If it's not flawless, I'll point all blame at the original author - any praise will, naturally, stop with me :)

That said, I've added tests for all (relevant) exploits on the XSS (Cross Site Scripting) Cheat Sheet website.

I don't know what tags you generate through HTML::BBCode, but you may need to override (by sub-classing) the default list if you need to add any.

Also, I think that your HTML generator would be a good match with HTML::StripScripts, because StripScripts need to receive tokens, and your module is generating tokens... the interface should be pretty easy.

If you need any help with it, drop me a /msg

Clint

In reply to Re^2: XSS-Bug in HTML::BBCode by clinton
in thread XSS-Bug in HTML::BBCode by Taulmarill

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Come for the quick hacks, stay for the epiphanies.
	PerlMonks