RSS | Module Info | Add a review of HTML-StripScripts-Parser
HTML-StripScripts-Parser
(0.991)
UPDATE - I am now a maintainer for this module, and as of version 0.99, I have added the Rules option which makes it much easier to customise
---------------------------------------------------------------
Original comment re version 0.6:
I am more and more impressed with this module. It handles the case of accepting HTML from a user, processing it, correcting problems like incorrectly nested tags and removing anything that isn't specifically allowed. It seems to recognise all of the XSS exploits on RSnake's ha.ckers.org/xss.html.
The one negative comment I would make about it is that altering the default configuration is not as simple as it should be. The config is stored in hard-coded hashes, and there is no mechanism for merging only your changes into the existing config.
I dumped the hashes into YAML and subclassed the module to use the YAML as the source, but it could be simpler than this.
Clinton Gormley - 2007-05-31T02:00:04 (permalink)
6 out of 6 found this review helpful.
Was this review helpful to you?
Yes
No
