ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:
network security
system management
troubleshooting
performance tuning
virtualization
cloud computing
on Windows, Linux, Solaris, and popular varieties of Unix.
Version 1.0 of Pottymouth, a Python module for HTML processsing has just been released. The tool helps sanitize user input from websites.
The mathematician and linguist Matt Chisholm designed the tool for any scenario in which untrained or untrusted users are allowed to enter HTML code or text: blogs, forums, web mailers, Web 2.0 applications and the like. Pottymouth sanitizes anything that could endanger the layout or security of a web application.
For example, the Python module prevents users from injecting Javascript via Iframe or script tags, event handler attributes or "javascript:" links, thus preventing scripting and cross site scripting attacks on websites and their users. Pottymouth attempts to protect the site layout by removing style tags, CSS input, and attributes such as "height" and "width". At the same time, it converts markups indicated in plain text ("*bold*") or lists into correct HTML and adds an HTTP prefix to "www" links
A source code archive, Debian and RPM packages of version 1.0 are available under the BSD license from the Pottymouth homepage, as is an online demonstration for potential users to test.
Comments