what advantages vs risks in using html parsing in Cotonti?
| Trustmaster |
|
|---|---|
|
Yes, we need some HTML filter before HTML can be (safely) used for everyone, otherwise with malicious HTML attackers can easily get admin accounts via XSS.
The HTML purifier is way too heavy (~1MB of code) and it's GPL, so it cannot be included in Cotonti. We need a lightweight BSD/MIT solution. May the Source be with you!
|
