Web 2.0: Pottymouth 1.0 Sanitizes User Input

Nov 08, 2007

Version 1.0 of Pottymouth, a Python module for HTML processsing has just been released. The tool helps sanitize user input from websites.

The mathematician and linguist Matt Chisholm designed the tool for any scenario in which untrained or untrusted users are allowed to enter HTML code or text: blogs, forums, web mailers, Web 2.0 applications and the like. Pottymouth sanitizes anything that could endanger the layout or security of a web application.

For example, the Python module prevents users from injecting Javascript via Iframe or script tags, event handler attributes or "javascript:" links, thus preventing scripting and cross site scripting attacks on websites and their users. Pottymouth attempts to protect the site layout by removing style tags, CSS input, and attributes such as "height" and "width". At the same time, it converts markups indicated in plain text ("*bold*") or lists into correct HTML and adds an HTTP prefix to "www" links

A source code archive, Debian and RPM packages of version 1.0 are available under the BSD license from the Pottymouth homepage, as is an online demonstration for potential users to test.

Related content

comments powered by Disqus

Issue 169/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia