HTML::Detoxifier HTML::Detoxifier is a practical module to strip harmful HTML.
Download

HTML::Detoxifier Ranking & Summary

HTML::Detoxifier Tags

strip Perl module strip HTML harmful HTML harmful

HTML::Detoxifier Description

HTML::Detoxifier is a practical module to strip harmful HTML. HTML::Detoxifier is a practical module to strip harmful HTML.SYNOPSIS use HTML::Detoxifier qw; my $clean_html = detoxify $html; my $cleaner_html = detoxify($html, disallow => ); my $stripped_html = detoxify($html, disallow => );HTML::Detoxifier is a practical module to remove harmful tags from HTML input. It's intended to be used for web sites that accept user input in the form of HTML and then present that information in some form.Accepting all HTML from untrusted users is generally a very bad idea; typically, all HTML should be run through some kind of filter before being presented to end users. Cross-site scripting (XSS) vulnerabilities can run rampant without a filter. The most common and obvious HTML vulnerability lies in stealing users' login cookies through JavaScript.Unlike other modules, HTML::Detoxifier is intended to be a practical solution that abstracts away all the specifics of whitelisting certain tags easily and securely. Tags are divided into functional groups, each of which can be disallowed or allowed as you wish. Additionally, HTML::Detoxifier knows how to clean inline CSS; with HTML::Detoxifier, you can securely allow users to use style sheets without allowing cross-site scripting vulnerabilities. (Yes, it is possible to execute JavaScript from CSS!)In addition to this main purpose, HTML::Detoxifier cleans up some common mistakes with HTML: all tags are closed, empty tags are converted to valid XML (that is, with a trailing /), and images without ALT text as required in HTML 4.0 are given a plain ALT tag. The module does its best to emit valid XHTML 1.0; it even adds XML declarations and DOCTYPE elements where needed. Requirements: · Perl

HTML::Detoxifier Related Software