HTML-StripScripts-Parser (0.991)

UPDATE - I am now a maintainer for this module, and as of version 0.99, I have added the Rules option which makes it much easier to customise
---------------------------------------------------------------
Original comment re version 0.6:

I am more and more impressed with this module. It handles the case of accepting HTML from a user, processing it, correcting problems like incorrectly nested tags and removing anything that isn't specifically allowed. It seems to recognise all of the XSS exploits on RSnake's ha.ckers.org/xss.html.

The one negative comment I would make about it is that altering the default configuration is not as simple as it should be. The config is stored in hard-coded hashes, and there is no mechanism for merging only your changes into the existing config.

I dumped the hashes into YAML and subclassed the module to use the YAML as the source, but it could be simpler than this.

Clinton Gormley - 2007-05-31T02:00:04