HTML::Defang

Cleans HTML as well as CSS of scripting and other executable contents, and neutralises XSS attacks
Download

HTML::Defang Ranking & Summary

Advertisement

  • Rating:
  • License:
  • Perl Artistic License
  • Price:
  • FREE
  • Publisher Name:
  • Kurian Jose Aerthail
  • Publisher web site:
  • http://search.cpan.org/~kurianja/

HTML::Defang Tags


HTML::Defang Description

Cleans HTML as well as CSS of scripting and other executable contents, and neutralises XSS attacks HTML::Defang is a Perl module that accepts an input HTML and/or CSS string and removes any executable code including scripting, embedded objects, applets, etc., and neutralises any XSS attacks. A whitelist based approach is used which means only HTML known to be safe is allowed through.HTML::Defang uses a custom html tag parser. The parser has been designed and tested to work with nasty real world html and to try and emulate as close as possible what browsers actually do with strange looking constructs. The test suite has been built based on examples from a range of sources such as http://ha.ckers.org/xss.html and http://imfo.ru/csstest/css_hacks/import.php to ensure that as many as possible XSS attack scenarios have been dealt with.HTML::Defang can make callbacks to client code when it encounters the following: * When a specified tag is parsed * When a specified attribute is parsed * When a URL is parsed as part of an HTML attribute, or CSS property value. * When style data is parsed, as part of an HTML style attribute, or as part of an HTML < style > tag.The callbacks include details about the current tag/attribute that is being parsed, and also gives a scalar reference to the input HTML. Querying pos() on the input HTML should indicate where the module is with parsing. This gives the client code flexibility in working with HTML::Defang.HTML::Defang can defang whole tags, any attribute in a tag, any URL that appear as an attribute or style property, or any CSS declaration in a declaration block in a style rule. This helps to precisely block the most specific unwanted elements in the contents(for example, block just an offending attribute instead of the whole tag), while retaining any safe HTML/CSS. Requirements: · Perl


HTML::Defang Related Software

About SoftwareSea