HTML-Defang version 1.02
This module accepts an input HTML and/or CSS string and removes any
executable code including scripting, embedded objects, applets, etc.,
and neutralises any XSS attacks. A whitelist based approach is used
which means only HTML known to be safe is allowed through.
To install this module type the following:
Revision history for Perl extension HTML::Defang.
1.02 Mon Aug 24 18:00:00 2009
- add col and colgroup as possible ImplicitOpenTags
- change to prevent double-defang by default. Add option to allow it.
- open a new <tr>, not a <tbody> if we need to open an implicit tag
- add tbody back into list of implicit table tags
- include & ... ; when encoding entity in new attributes
- don't insert