RSS | Module Info | Add a review of HTML-Detoxifier
HTML-Detoxifier
(0.02)
This module seems nicely constructed and documented, but I wouldn't use it for XSS protection. Choosing the 'dynamic' option would lead you to believe that all JavaScript would be covered, but I don't believe it covers in-line JavaScript, like <img src="javascript:foo()">.
Mark Stosberg - 2009-04-03T04:51:08 (permalink)
3 out of 3 found this review helpful.
Was this review helpful to you?
Yes
No
HTML-Detoxifier
(0.02)
Nice module, it works very well, as well as HTML::Scrubber (both are way more accurate than HTML::Strip).
Contrary to HTML::Scrubber, it offers a functional interface instead of an OO interface. HTML::Scrubber also permits a finer grain control over the tags to allow/disallow, while this module groups them by category (though most of the times this is perfectly appropriate, sufficient and even easier to deal with).
Emanuele Zeppieri - 2006-02-15T20:31:52 (permalink)
6 out of 7 found this review helpful.
Was this review helpful to you?
Yes
No
