[ACCEPTED]-Python library for XSS filtering?-xss
If you are using a web framework and a template 5 engine like Jinja2 there is a chance that 4 the template engine or the framework has 3 something built in just for that.
There is 2 something in the cgi module that can help 1 you:
cgi.escape('malicious code here'), see: http://docs.python.org/library/cgi.html#cgi.escape
Also Jinja2 provides escaping:
from jinja2 import utils str(utils.escape('malicious code here'))
You can easily code XSS-defense in Python, see 2 for example http://code.activestate.com/recipes/496942/ for an instructive and usable 1 piece of code.
The Strip-o-Gram library looks quite nice. I haven't 6 checked it out properly, but it looks like 5 it does things well (i.e. can whitelist 4 HTML tags you specify, as well as HTML-escaping 3 anything nasty).
Here's the example usage 2 snippet, quoted from that page:
from stripogram import html2text, html2safehtml mylumpofdodgyhtml # a lump of dodgy html ;-) # Only allow <b>, <a>, <i>, <br>, and <p> tags mylumpofcoolcleancollectedhtml = html2safehtml(mylumpofdodgyhtml,valid_tags=("b", "a", "i", "br", "p")) # Don't process <img> tags, just strip them out. Use an indent of 4 spaces # and a page that's 80 characters wide. mylumpoftext = html2text(mylumpofcoolcleancollectedhtml,ignore_tags=("img",),indent_width=4,page_width=80)
Hope that 1 helps.
More Related questions