[Zope] Mailcious HTML tags
Jeff Sasmor
jeff@janix.com
Wed, 28 Mar 2001 09:30:25 -0500
This isn't terribly sophisticated, but it worked
for me in the EventFolder product
-----------------------
import re
yuk=re.compile(r"<\s* (head|html|meta|base|
dtml|applet|area|bgsound|body|form|button|embed|frame|frameset|
iframe|input|layer|link|script|select|style|textarea|title)[^>]*>",re.IGNORE
CASE)
bad=re.findall(yuk,tc)
if bad:
print 'Illegal html tag(s) %s' % str(bad)) #or do something
else....
-----------------------------
I had to break up the re.compile line into multiple lines
for this posting - in the original it was all on one line.
Jeff Sasmor
jeff@sasmor.com
----- Original Message -----
From: "Steve Drees" <drees@the-bridge.net>
To: "Zope@Zope. Org" <zope@zope.org>
Sent: Tuesday, March 27, 2001 11:44 AM
Subject: [Zope] Mailcious HTML tags
> About a year ago a thread was started about the following advisory:
>
> http://www.cert.org/advisories/CA-2000-02.html
>
> Has anybody come up with a good filter for this?
>
>
> --
> Steve Drees
> SysAdmin/Software Developer/Web Geek/Chief Bottle Washer
> "A problem well-stated is a problem half-solved."
> http://www.christianmp3zone.com/savanna
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>