WebApp Sec mailing list archives
Re: whitelisting HTML tags
From: Adam Shostack <adam () homeport org>
Date: Thu, 3 Nov 2005 10:02:32 -0500
I'm fond of the BB/Markdown sorts of solutions, which use an HTML-like language which you translate into HTML. If your parser tosses things it doesn't understand, this can be a good solution to the (often real) requirement of "we need to let users enter more than plain text." Adam On Wed, Nov 02, 2005 at 11:17:33AM -0500, Tim wrote: | | > This is exactly the sort of thing I'm looking for. Anyone know of any | > libraries (preferably in Java) that already do this? | | I personally feel it is a bad idea to allow any HTML, but if it is a | requirement, you might be best off requiring users use XHTML tags. That | way you can create a restrictive XML DTD for them, and there are plenty | of tools out there that can enforce that. | | tim
Current thread:
- whitelisting HTML tags Jeff Robertson (Nov 02)
- Re: whitelisting HTML tags Richard Moore (Nov 02)
- Message not available
- Re: whitelisting HTML tags Richard Moore (Nov 02)
- Message not available
- Re: whitelisting HTML tags Richard Moore (Nov 02)
- Re: whitelisting HTML tags Tomek Perlak (Nov 02)
- Re: whitelisting HTML tags Sverre H. Huseby (Nov 03)
- Re: whitelisting HTML tags bugtraq (Nov 03)
- <Possible follow-ups>
- RE: whitelisting HTML tags Jeff Robertson (Nov 02)
- Re: whitelisting HTML tags Simon Cornelius P. Umacob (Nov 03)
- RE: whitelisting HTML tags RSnake (Nov 03)
- Re: whitelisting HTML tags Tim (Nov 03)
- Re: whitelisting HTML tags Adam Shostack (Nov 04)
- Message not available
- Re: whitelisting HTML tags Adam Shostack (Nov 07)
- RE: whitelisting HTML tags Tim Hollebeek (Nov 07)
- RE: whitelisting HTML tags Tim Hollebeek (Nov 07)