RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
P5-html-stripscripts
Jul 20, 2023
Strip scripting constructs out of HTML
This module strips scripting constructs out of HTML, leaving as much non-scripting markup in place as possible. This allows web applications to display HTML originating from an untrusted source without introducing XSS cross site scripting vulnerabilities. You will probably use HTMLStripScriptsParser rather than using this module directly.
The process is based on whitelists of tags, attributes and attribute values. This approach is the most secure against disguised scripting constructs hidden in malicious HTML documents. As well as removing scripting constructs, this module ensures that there is a matching end for each start tag, and that the tags are properly nested.
Previously, in order to customise the output, you needed to subclass HTMLStripScripts and override methods. Now, most customisation can be done through the Rules option provided to new. See examples/declaration/ and examples/tags/ for cases where subclassing is necessary. The HTML document must be parsed into start tags, end tags and text before it can be filtered by this module. Use either HTMLStripScriptsParser or HTMLStripScriptsRegex instead if you want to input an unparsed HTML document.
Checkout these related ports:
- Zope213 - Object-based web application platform Version 2.13
- Zola - Fast static site generator
- Zgrab2 - Fast Go application scanner
- Zerowait-httpd - Lightweight and fast http server
- Zenphoto - Simpler web photo gallery
- Zend-framework - Framework for developing PHP web applications
- Yuicompressor - The Yahoo! JavaScript and CSS Compressor
- Ytdl - YouTube downloader written in Go
- Yt-dlp - Command-line program for downloading videos from various platforms
- Youtube_dl - Program for downloading videos from various services
- Yourls - Your Own URL Shortener
- You-get - Dumb downloader that scrapes the web
- Yaws - Web server for dynamic content written in Erlang
- Yarr - Yet another rss reader
- Yarn - Package manager for node, alternative to npm (meta port)