[Mimedefang] Suggestions on an HTML sanitize program.
Kevin A. McGrail
kmcgrail at pccc.com
Thu Apr 30 15:01:27 EDT 2009
> Would fix 90% of the problem. It still leave other sources of scripts,
> such as on the "onload" attribute in an image. It will also miss scripts
> hidden by character encodings. In the interests of having something that
> is quick and simple, however, I may do exactly the above.
Good point!
> On the other hand, once I'm ready to add that line of code, I may as well
> type, for example:
>
> my $stripped_html = detoxify($html, disallow => [qw(dynamic)]);
My experience vicariously from reading about these modules has never lent me
to risk running one of them, unfortunately.
Regards,
KAM
More information about the MIMEDefang
mailing list