Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Sverre H. Huseby (shhthathost.com)
Date: Sun Apr 28 2002 - 05:00:41 CDT
| After that, filtering out content between <script*></script> including the
| tags themselves is a good place to start.
| You'll also want to:
| - Filter <embed*>, <object*>, <iframe*>, <applet*>
| - Remove the on* attribute from every tag. Examples: <img onClick=...>,
| <<body onLoad=...>
| - Remove <meta> tags with an http-equiv attribute of "Refresh" or
| This list is of course far from complete. When you're ready to
| start testing your filter with some real data, you can tweak the
| rules as necessary.
You are black-listing. From a security point of view, white-listing
is preferrable: Instead of removing what you know is bad, you should
let through what you know is good (and drop the unknown).
-- shhthathost.com Computer Geek? Try my Nerd Quiz http://shh.thathost.com/ http://nerdquiz.thathost.com/