Maugrim The Reaper's Blog

Richard about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Mon, 30.08.2010 23:22
This is quite an interesting p ost and also informational. Ce rtainly one of such posts that brings a fresh perspect [...]

Bobby about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 17.08.2010 22:24
I just wanted to thank you for the article and the research. I was looking for a solution and was surprised to fin [...]

Tyson Sturdivant about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Mon, 16.08.2010 19:30
Does anyone have any input on "Universal Feed Parser" and it s effectiveness?

Don't wo rry about it - I'm completely harmless.

Miha about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Thu, 12.08.2010 15:59
OMG. What did I write. You men tioned html5lib in your post. And I go on mentioning just th at. /me is now ashamed [...]

Miha about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Wed, 11.08.2010 20:46
html5lib (http://code.google.c om/p/html5lib/) is the one I r un on a few days ago, so I'm p robably guessing that th [...]

Padraic Brady about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Wed, 11.08.2010 19:56
I haven't decided on it yet. A t the moment, many server side development tools are in the same boat. libxml2 and t [...]

Miha about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Wed, 11.08.2010 19:32
@Padraic: What will you do in a 6months when html5 becomes p opular and along with it stand ardized parser. Its prob [...]

Maarten about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Wed, 11.08.2010 12:45
looking forward to your soluti on. To be honest, we're using HTMLPurifier and I have yet to encounter big problems [...]

Padraic Brady about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 10.08.2010 18:44
Quoting from the original repo rt (26 June '10): "Bonus vu lnerability from a brief look through of the blacklist [...]

Jeremy Cook about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 10.08.2010 18:30
Thanks for the excellent artic le. Very informative.

Brett Bieber about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 10.08.2010 17:43
I believe you're incorrect reg arding the -ms-behavior css er ror in HTML_Safe. The blacklis t includes "behavior" wh [...]

Pádraic Brady about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 10.08.2010 11:18
Yes, it's being proposed to Ze nd Framework. HTMLPurifier rea lly is that good, largely beca use it properly normalis [...]

Pádraic Brady about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 10.08.2010 11:13
Hi Santosh, As the article notes, CSS may be used to styl e elements in such a way that may overlay or expand th [...]

Peter about HTML Sanitisation: The Devil's In The Details (And The Vulnerabilities)
Tue, 10.08.2010 10:15
So if HTML Purifier is that go od, will you still be proposin g your own for inclusion into Zend?