[ACCEPTED]-Python library for XSS filtering?-xss

Accepted answer
Score: 14

If you are using a web framework and a template 5 engine like Jinja2 there is a chance that 4 the template engine or the framework has 3 something built in just for that.

There is 2 something in the cgi module that can help 1 you:

cgi.escape('malicious code here'), see: http://docs.python.org/library/cgi.html#cgi.escape

Also Jinja2 provides escaping:

from jinja2 import utils
str(utils.escape('malicious code here'))
Score: 3

You can easily code XSS-defense in Python, see 2 for example http://code.activestate.com/recipes/496942/ for an instructive and usable 1 piece of code.

Score: 1

The Strip-o-Gram library looks quite nice. I haven't 6 checked it out properly, but it looks like 5 it does things well (i.e. can whitelist 4 HTML tags you specify, as well as HTML-escaping 3 anything nasty).

Here's the example usage 2 snippet, quoted from that page:

  from stripogram import html2text, html2safehtml
  mylumpofdodgyhtml # a lump of dodgy html ;-)
  # Only allow <b>, <a>, <i>, <br>, and <p> tags
  mylumpofcoolcleancollectedhtml = html2safehtml(mylumpofdodgyhtml,valid_tags=("b", "a", "i", "br", "p"))
  # Don't process <img> tags, just strip them out. Use an indent of 4 spaces 
  # and a page that's 80 characters wide.
  mylumpoftext = html2text(mylumpofcoolcleancollectedhtml,ignore_tags=("img",),indent_width=4,page_width=80)

Hope that 1 helps.

More Related questions