Re: strip_tags - HTML tag stripper

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: strip_tags - HTML tag stripper
From: "troels knak-nielsen" <troelskn@...>
Date: Tue, 22 Apr 2008 10:27:29 +0200

On Tue, Apr 22, 2008 at 9:54 AM, Jim Whitehead II <jnwhiteh@gmail.com> wrote:
>  I was not advocating a blacklist versus a whitelist, since a whitelist
>  is obviously more secure.  This is actually what yuri's xssfilter
>  library provides, and it seems to do a very solid job.  That being
>  said, I will look into htmlpurifier but it being a pure PHP solution
>  makes it much less useful to me directly.

I mostly mentioned HtmlPurifier as a counter to strip_tags. Obviously,
it's of little use together with Lua.

I always get a little uneasy, whenever people talk about filtering
HTML. Mind you, there are situations where that's the only thing to
do, but generally speaking, you have a security problem, the moment
you let the user supply data, that you are going to display directly.
Filtering helps, but it's fundamentally a flawed solution. Just my 2€.

--
troels

References:
- strip_tags - HTML tag stripper, Jim Whitehead II
- Re: strip_tags - HTML tag stripper, Bertrand Mansion
- Re: strip_tags - HTML tag stripper, troels knak-nielsen
- Re: strip_tags - HTML tag stripper, Jim Whitehead II

Prev by Date: Re: strip_tags - HTML tag stripper
Next by Date: Re: Lua and Google Summer of Code
Previous by thread: Re: strip_tags - HTML tag stripper
Next by thread: Re: strip_tags - HTML tag stripper
Index(es):
- Date
- Thread