HTML :: StripScripts still safe to remove modern exploits?

Question

I need a way in Perl to break naughty things like XSS, image interjection and work.

I found HTML :: StripScripts , but it has not been updated for two years, and I am not aware of all the new feats.

Is it safe?

What other markup languages (in Perl) would you use?

+3

Timmy May 6, '09 at 7:17

2 answers

XSS is an extensive topic, and adventures appear every day.

/ .

( ) . html/ , . <b>, <i>

Defang / XSS lib perl cpan

CAL9000, , / XSS

+2

Chad Grant 06 '09 7:35

Timmy · Accepted Answer · 2009-11-03T17:02:41+0000

HTML :: StripScripts is a whitelist and can use a tree-based parser and should be as safe as a whitelist.