About a year ago a thread was started about the following advisory: http://www.cert.org/advisories/CA-2000-02.html Has anybody come up with a good filter for this? -- Steve Drees SysAdmin/Software Developer/Web Geek/Chief Bottle Washer "A problem well-stated is a problem half-solved." http://www.christianmp3zone.com/savanna
Hi Steve, Steve Drees wrote:
About a year ago a thread was started about the following advisory:
http://www.cert.org/advisories/CA-2000-02.html
Has anybody come up with a good filter for this?
Just use htmllib or sgmllib parser for this. You see how to do it in loadsite.py coming with your zope. Regards Tino
Tino Wildenhain wrote:
Just use htmllib or sgmllib parser for this. You see how to do it in loadsite.py coming with your zope.
If anyone's interested, I could post the parser from Squishdot. It works quite happily on it's own :-) cheers, Chris
About a year ago a thread was started about the following advisory:
http://www.cert.org/advisories/CA-2000-02.html
Has anybody come up with a good filter for this?
Squishdot 1.0 includes one and it's used everywhere except the 'preview posting' page. (Squishdot 1.0.1, here we come ;-) cheers, Chris
This isn't terribly sophisticated, but it worked for me in the EventFolder product ----------------------- import re yuk=re.compile(r"<\s* (head|html|meta|base| dtml|applet|area|bgsound|body|form|button|embed|frame|frameset| iframe|input|layer|link|script|select|style|textarea|title)[^>]*>",re.IGNORE CASE) bad=re.findall(yuk,tc) if bad: print 'Illegal html tag(s) %s' % str(bad)) #or do something else.... ----------------------------- I had to break up the re.compile line into multiple lines for this posting - in the original it was all on one line. Jeff Sasmor jeff@sasmor.com ----- Original Message ----- From: "Steve Drees" <drees@the-bridge.net> To: "Zope@Zope. Org" <zope@zope.org> Sent: Tuesday, March 27, 2001 11:44 AM Subject: [Zope] Mailcious HTML tags
About a year ago a thread was started about the following advisory:
http://www.cert.org/advisories/CA-2000-02.html
Has anybody come up with a good filter for this?
-- Steve Drees SysAdmin/Software Developer/Web Geek/Chief Bottle Washer "A problem well-stated is a problem half-solved." http://www.christianmp3zone.com/savanna
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Chris Withers -
Jeff Sasmor -
Steve Drees -
Tino Wildenhain