[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#494204: ITP: libhtml-stripscripts-perl -- Strip scripting constructs out of HTML



Package: wnpp
Severity: wishlist
Owner: Tim Retout <tim@retout.co.uk>

* Package name    : libhtml-stripscripts-perl
  Version         : 1.04
  Upstream Author : Clinton Gormley <clint@traveljury.com>
* URL             : http://search.cpan.org/dist/HTML-StripScripts/
* License         : Artistic | GPL-1+
  Programming Lang: Perl
  Description     : Strip scripting constructs out of HTML

HTML::StripScripts strips scripting constructs out of HTML, leaving as
much non-scripting markup in place as possible.  This allows web
applications to display HTML originating from an untrusted source
without introducing XSS (cross site scripting) vulnerabilities.

You will probably use HTML::StripScripts::Parser rather than using
this module directly - see the libhtml-stripscripts-parser-perl
package.

The process is based on whitelists of tags, attributes and attribute
values.  This approach is the most secure against disguised scripting
constructs hidden in malicious HTML documents.

As well as removing scripting constructs, this module ensures that
there is a matching end for each start tag, and that the tags are
properly nested.



Reply to: