p5-HTML-StripScripts 1.04 www =0

Strip scripting constructs out of HTML
Maintained by: kftseng@iyard.org
Port Added: 09 May 2008 18:26:26
Also Listed In: perl5

---

---

This module strips scripting constructs out of HTML, leaving as
much non-scripting markup in place as possible. This allows web
applications to display HTML originating from an untrusted source
without introducing XSS (cross site scripting) vulnerabilities.
You will probably use HTML::StripScripts::Parser rather than using
this module directly.

The process is based on whitelists of tags, attributes and attribute
values. This approach is the most secure against disguised scripting
constructs hidden in malicious HTML documents. As well as removing
scripting constructs, this module ensures that there is a matching
end for each start tag, and that the tags are properly nested.

Previously, in order to customise the output, you needed to subclass
HTML::StripScripts and override methods. Now, most customisation
can be done through the Rules option provided to new(). (See
examples/declaration/ and examples/tags/ for cases where subclassing
is necessary.) The HTML document must be parsed into start tags,
end tags and text before it can be filtered by this module. Use
either HTML::StripScripts::Parser or HTML::StripScripts::Regex
instead if you want to input an unparsed HTML document.

WWW: http://search.cpan.org/dist/HTML-StripScripts/

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

Required To Build: lang/perl5.8
Required To Run: lang/perl5.8

---

To install the port: cd /usr/ports/www/p5-HTML-StripScripts/ && make install clean
To add the package: pkg_add -r p5-HTML-StripScripts

---

Configuration Options

     No options to configure

---

Master Sites:

ftp://ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module/HTML/

ftp://ftp.cpan.org/pub/CPAN/modules/by-module/HTML/

http://www.cpan.dk/modules/by-module/HTML/

http://ring.nict.go.jp/archives/lang/perl/CPAN/modules/by-module/HTML/

http://ring.sakura.ad.jp/archives/lang/perl/CPAN/modules/by-module/HTML/

http://ring.riken.jp/archives/lang/perl/CPAN/modules/by-module/HTML/

ftp://ftp.kddlabs.co.jp/lang/perl/CPAN/modules/by-module/HTML/

ftp://ftp.dti.ad.jp/pub/lang/CPAN/modules/by-module/HTML/

ftp://ftp.sunet.se/pub/lang/perl/CPAN/modules/by-module/HTML/

ftp://mirror.hiwaay.net/CPAN/modules/by-module/HTML/

ftp://ftp.mirrorservice.org/sites/ftp.funet.fi/pub/languages/perl/CPAN/modules/by-module/HTML/

ftp://csociety-ftp.ecn.purdue.edu/pub/CPAN/modules/by-module/HTML/

ftp://ftp.isu.net.sa/pub/CPAN/modules/by-module/HTML/

ftp://ftp.cs.colorado.edu/pub/perl/CPAN/modules/by-module/HTML/

ftp://cpan.pop-mg.com.br/pub/CPAN/modules/by-module/HTML/

http://at.cpan.org/modules/by-module/HTML/

ftp://ftp.chg.ru/pub/lang/perl/CPAN/modules/by-module/HTML/

ftp://ftp.auckland.ac.nz/pub/perl/CPAN/modules/by-module/HTML/

http://backpan.cpan.org/modules/by-module/HTML/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

- add HTML-StripScripts 1.04

This module strips scripting constructs out of HTML, leaving as
much non-scripting markup in place as possible. This allows web
applications to display HTML originating from an untrusted source
without introducing XSS (cross site scripting) vulnerabilities.
You will probably use HTML::StripScripts::Parser rather than using
this module directly.

WWW: http://search.cpan.org/dist/HTML-StripScripts/

Submitted by:   kftseng@iyard.org

8 vulnerabilities affecting 22 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities