in reply to Removing malicious HTML entities (now with more questions!)

The usual way to handle something like this, particularly if you don't know what will cause harm, is to select a set of tags and attributes that should be allowed and remove everything else.

For an example: see perlmonks. Below the input box is the list of tags that will work. The reason they do this is simple: who knows what might cause harm? But we can be reasonably certain the strong and emphasis tags are ok.

-Paul

  • Comment on Re: Removing malicious HTML entities (now with more questions!)

Replies are listed 'Best First'.
Re^2: Removing malicious HTML entities (now with more questions!)
by Lawliet (Curate) on Aug 16, 2008 at 12:45 UTC

    dHarry's link suggested that as well. Thanks for the second (and third) opinion.

    I'm so adjective, I verb nouns!

    chomp; # nom nom nom
[reply]

In Section Seekers of Perl Wisdom