[Mimedefang] Suggestions on an HTML sanitize program.

[Kevin A. McGrail]

> Would fix 90% of the problem.  It still leave other sources of scripts,
> such as on the "onload" attribute in an image.  It will also miss scripts 
> hidden by character encodings. In the interests of having something that 
> is quick and simple, however, I may do exactly the above.

Good point!

> On the other hand, once I'm ready to add that line of code, I may as well 
> type, for example:
>
>     my $stripped_html = detoxify($html, disallow => [qw(dynamic)]);

My experience vicariously from reading about these modules has never lent me 
to risk running one of them, unfortunately.


Regards,
KAM