WebApp Sec mailing list archives

Re: whitelisting HTML tags

From: Tim <tim-security () sentinelchicken org>
Date: Wed, 2 Nov 2005 11:17:33 -0500

This is exactly the sort of thing I'm looking for. Anyone know of any
libraries (preferably in Java) that already do this?


I personally feel it is a bad idea to allow any HTML, but if it is a
requirement, you might be best off requiring users use XHTML tags.  That
way you can create a restrictive XML DTD for them, and there are plenty
of tools out there that can enforce that.

tim

Current thread:

whitelisting HTML tags Jeff Robertson (Nov 02)
- Re: whitelisting HTML tags Richard Moore (Nov 02)
  - Message not available
    - Re: whitelisting HTML tags Richard Moore (Nov 02)
- Re: whitelisting HTML tags Tomek Perlak (Nov 02)
- Re: whitelisting HTML tags Sverre H. Huseby (Nov 03)
- Re: whitelisting HTML tags bugtraq (Nov 03)
- <Possible follow-ups>
- RE: whitelisting HTML tags Jeff Robertson (Nov 02)
  - Re: whitelisting HTML tags Simon Cornelius P. Umacob (Nov 03)
  - RE: whitelisting HTML tags RSnake (Nov 03)
  - Re: whitelisting HTML tags Tim (Nov 03)
    - Re: whitelisting HTML tags Adam Shostack (Nov 04)
    - Message not available
    - Re: whitelisting HTML tags Adam Shostack (Nov 07)
    - RE: whitelisting HTML tags Tim Hollebeek (Nov 07)
    - RE: whitelisting HTML tags Tim Hollebeek (Nov 07)
- RE: whitelisting HTML tags Evans, Arian (Nov 03)
- RE: whitelisting HTML tags Ory Segal (Nov 03)