HTML::Defang accepts an input HTML and/or CSS string
and removes any executable code
including scripting, embedded objects, applets, etc.,
and neutralises any XSS attacks.
A whitelist based approach is used
which means only HTML known to be safe is allowed through.
.
HTML::Defang uses a custom html tag parser.
The parser has been designed and tested
to work with nasty real world html
and to try and emulate as close as possible
what browsers actually do with strange looking constructs.
The test suite has been built
based on examples from a range of sources
such as
and
to ensure that as many as possible XSS attack scenarios
have been dealt with.
Installed Size: 103.4 kB
Architectures: all