Tutorial :Python library for XSS filtering? [closed]



Question:

Is there a good, actively maintained python library available for filtering malicious input such as XSS?


Solution:1

If you are using a web framework and a template engine like Jinja2 there is a chance that the template engine or the framework has something built in just for that.

There is something in the cgi module that can help you:

cgi.escape('malicious code here'), see: http://docs.python.org/library/cgi.html#cgi.escape

Also Jinja2 provides escaping:

from jinja2 import utils  str(utils.escape('malicious code here'))  


Solution:2

You can easily code XSS-defense in Python, see for example http://code.activestate.com/recipes/496942/ for an instructive and usable piece of code.


Solution:3

The Strip-o-Gram library looks quite nice. I haven't checked it out properly, but it looks like it does things well (i.e. can whitelist HTML tags you specify, as well as HTML-escaping anything nasty).

Here's the example usage snippet, quoted from that page:

  from stripogram import html2text, html2safehtml    mylumpofdodgyhtml # a lump of dodgy html ;-)    # Only allow <b>, <a>, <i>, <br>, and <p> tags    mylumpofcoolcleancollectedhtml = html2safehtml(mylumpofdodgyhtml,valid_tags=("b", "a", "i", "br", "p"))    # Don't process <img> tags, just strip them out. Use an indent of 4 spaces     # and a page that's 80 characters wide.    mylumpoftext = html2text(mylumpofcoolcleancollectedhtml,ignore_tags=("img",),indent_width=4,page_width=80)  

Hope that helps.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »