Does anyone out there know of a perl module which will remove all javascript references from a string?
So that the users can use FCK to write html, but they cannot write javascript.
So that the users can use FCK to write html, but they cannot write javascript.
RE: Cross Site Scripting prevention
RE: Cross Site Scripting prevention
RE: Cross Site Scripting prevention
RE: Cross Site Scripting prevention
#remove <script ...>...</script> tags
$string =~ s/<script(.*?)>(.*?)<\/script>//sig;
#remove onmouseover etc
my $event_attribs = '(?:on(blur|c(hange|lick)|dblclick|focus|keypress|(key|mouse)(down|up)|(un)?load|mouse(move|o(ut|ver))|reset|s(elect|ubmit)))';
$string =~ s/<(.*?)$event_attribs=(.*?)(\s*?)(.*?)>/<$1>/sig;
#remove href=javascript:
$string =~ s/<a(.*?)href=(\"?)javascript\:(.*?)>/<a>/sig
RE: Cross Site Scripting prevention
$string =~ s/<(.*?)javascript\:(.*?)/<$1>/sig;