This isn't terribly sophisticated, but it worked for me in the EventFolder product ----------------------- import re yuk=re.compile(r"<\s* (head|html|meta|base| dtml|applet|area|bgsound|body|form|button|embed|frame|frameset| iframe|input|layer|link|script|select|style|textarea|title)[^>]*>",re.IGNORE CASE) bad=re.findall(yuk,tc) if bad: print 'Illegal html tag(s) %s' % str(bad)) #or do something else.... ----------------------------- I had to break up the re.compile line into multiple lines for this posting - in the original it was all on one line. Jeff Sasmor jeff@sasmor.com ----- Original Message ----- From: "Steve Drees" <drees@the-bridge.net> To: "Zope@Zope. Org" <zope@zope.org> Sent: Tuesday, March 27, 2001 11:44 AM Subject: [Zope] Mailcious HTML tags
About a year ago a thread was started about the following advisory:
http://www.cert.org/advisories/CA-2000-02.html
Has anybody come up with a good filter for this?
-- Steve Drees SysAdmin/Software Developer/Web Geek/Chief Bottle Washer "A problem well-stated is a problem half-solved." http://www.christianmp3zone.com/savanna
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )