WebApp Sec mailing list archives
Re: Existing XSS filters
From: "Tim Greer" <chatmaster () charter net>
Date: Fri, 20 Jun 2003 12:36:25 -0700
The Perl module could use a bit of work. A good start, it would be good to expand on it. Perhaps I'll contact Nick and see if he'd like for me to contribute (some ideas/code) to it in an effort to get it to the point where it's a complete solution. I've not checked on the PHP one, want any assistance? -- Regards, Tim Greer chatmaster () charter net Server administration, security, programming, consulting. ----- Original Message ----- From: "Ulf Harnhammar" <metaur () operamail com> To: <webappsec () securityfocus com> Sent: Friday, June 20, 2003 11:50 AM Subject: Existing XSS filters
Here are the existing stand-alone open-source XSS filters that I know of: kses (me, Ulf Harnhammar) PHP http://sourceforge.net/projects/kses XSS filter for PHP4 - the filter from Squirrelmail (Konstantin Riabitsev) PHP http://www.mricon.com/html/phpfilter.html HTML::StripScripts and related CPAN modules (Nick Cleaton) Perl
http://search.cpan.org/author/NCLEATON/HTML-StripScripts-0.01/StripScripts.p m
There are also a lot of people who's written some kind of XSS filter
specifically for their project. Some of them are better than others.
Please reply if you know about any other stand-alone, open-source filters. // Ulf Harnhammar -- ____________________________________________ http://www.operamail.com Get OperaMail Premium today - USD 29.99/year Powered by Outblaze
Current thread:
- Existing XSS filters Ulf Harnhammar (Jun 20)
- Re: Existing XSS filters Tim Greer (Jun 20)