HTML-Defang version 1.04
This module accepts an input HTML and/or CSS string and removes any
executable code including scripting, embedded objects, applets, etc.,
and neutralises any XSS attacks. A whitelist based approach is used
which means only HTML known to be safe is allowed through.
To install this module type the following:
Revision history for Perl extension HTML::Defang.
1.04 Mon Jan 03 12:00:00 2011
- Change defang_and_add_to_output to delay the defanging until after the current tag is actually emmitted to the output
- If url callback has marked the attribute as to be defanged, skip result of attribute callback
- Track <a> tags as part of mismatched tag tracking
- Replace magic constants of 0, 1 and 2 in HTM