CSE HTML Validator

Support Forum
http://www.htmlvalidator.com/CSEForum/

A way to clean up HTML (kill XSS content)

http://www.htmlvalidator.com/CSEForum/viewtopic.php?f=3&t=1536

Page 1 of 1

A way to clean up HTML (kill XSS content)

PostPosted: Thu Jul 19, 2012 8:48 pm
by MikeGale
An area that is surprisingly poorly supported is ways to clean up HTML.

Considering that browsers do a lot of it all day every day, there's not a lot of good ways to automate the process, before publication.

Here's an approach which looks right to me. (I haven't tested this yet!)

http://j.mp/MuR91O

It's from Rick Strahl who does some excellent work.

Might be useful to some people around here.

Re: A way to clean up HTML (kill XSS content)

PostPosted: Mon Jul 23, 2012 11:12 am
by Albert Wiersch
Thanks Mike. Interesting stuff even though I don't use .NET (as of now anyway).

I do like this quote:

Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-)
All times are UTC - 6 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/