phith0n/python-xss-filter phith0n/python-xss-filter

  • Stars
    star
    117
  • Rank 301,828 (Top 6 %)
  • Language
    Python
  • Created over 9 years ago
  • Updated almost 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
phith0n/python-xss-filter
github

phith0n

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

python-xss-filter

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html

Python 富文本XSS过滤类

@package python-xss-filter
@version 0.2.0
@link https://github.com/phith0n/python-xss-filter
@since 20150407
@copyright (c) Phithon All Rights Reserved

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html
You can use it in all python web framework
Written by Phithon [email protected] in 2015 and placed in the public domain.
phithon [email protected] 编写于20150407
From: XDSEC <www.xdsec.org> & 离别歌 <www.leavesongs.com>
Demo: http://python-xss-filter.leavesongs.com
Usage:

import pxfilter
parser = pxfilter.XssHtml()
parser.feed('<html code>')
parser.close()
html = parser.getHtml()
print html

Requirements

Python 2.6+ or 3.2+
Cannot defense xss in browser which is belowed IE7
浏览器版本:IE7+ 或其他浏览器,无法防御IE6及以下版本浏览器中的XSS

BUGs

20150408 embed默认allowscriptaccess=never,改为强制allowscriptaccess=never
20150408 移除dict.has_key,兼容python3.4,embed增加一些常规属性
20150408 修改代码,减少代码耦合性,增加重用性。定义每个标签允许的属性更加简单,只需要增加、更改XssHtml.tags_own_attrs即可。
20150826 tab改4空格,所有双下划线方法改为单下划线,以便继承
20170201 将正则单独提取出来

Other

pxfilter.py 是过滤类所在的文件,其他文件是测试网站 http://python-xss-filter.leavesongs.com 的源代码。

More Repositories

1

Mind-Map

各种安全相关思维导图整理收集
4,457
star
2

JavaThings

Share Things Related to Java - Java安全漫谈笔记相关内容
Java
1,679
star
3

mooder

Mooder是一款开源、安全、简洁、强大的团队内部知识分享平台。
Python
762
star
4

Minos

一个基于Tornado/mongodb/redis的社区系统。
JavaScript
677
star
5

zkar

ZKar is a Java serialization protocol analysis tool implement in Go.
Go
588
star
6

code-breaking

Code-Breaking Puzzles
JavaScript
274
star
7

xray-poc-generation

🧬 辅助生成 XRay YAML POC
JavaScript
252
star
8

vueinfo

Extract website information from Vue
JavaScript
217
star
9

arbitrary-php-extension

这是一个实验性的PHP扩展,加载这个扩展后,每次请求将可以执行一段自己的PHP代码。
C
201
star
10

collision-webshell

A webshell and a normal file that have the same MD5
189
star
11

XssHtml

php富文本过滤类,XSS Filter
PHP
148
star
12

realworldctf

My Real World CTF challenges
Python
115
star
13

py-wget

small wget by python
Python
88
star
14

XDCTF2015

writeup about XDCTF 2015
Python
63
star
15

PaddingZip

PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.
Python
61
star
16

PasswordKeeper

一个本地密码管理软件
C++
49
star
17

ctfdbbuilder

a database query builder for CTFer(出题专用/开发阶段/慎用)
PHP
32
star
18

beautifyjs

A simple JavaScript beautify tool
JavaScript
28
star
19

race-condition-playground

Playground for Race Condition attack
Python
24
star
20

phpsrc-debug-docker

Debug environment for PHP inside a Docker container. Document waiting to be completed.
Dockerfile
24
star
21

Pytalk_Irc

An online IRC system based on Web.py~
JavaScript
21
star
22

sangebaimao_20151112

2015.11.12 三个白帽一题的源码
HTML
18
star
23

vindicator

Vindicator is a lightweight Golang library that is designed to hold and check any blocking function. e.g. subprocess, network connection...
Go
18
star
24

projector-runner

Run Swing based GUI application within the Docker container through the Jetbrains Projector, and access it from browsers.
Shell
17
star
25

bytecode-viewer

git lfs based bytecode-viewer and follow dependencies. Based on https://github.com/Konloch/bytecode-viewer and https://github.com/ThexXTURBOXx/bytecode-viewer
Java
15
star
26

Jsdxss

DOMXSS Filter Based on javascript
JavaScript
15
star
27

fbi_installer

remote install 3DS games for FBI
Go
14
star
28

pyduktape2

Embed the Duktape JS interpreter in Python, forking and develop based on https://github.com/stefano/pyduktape
Cython
14
star
29

tls_proxy

A lightweight reverse proxy server that converts TLS traffic to TCP, allowing secure communication between clients and upstream servers.
Go
10
star
30

phith0n

My Github profile page
8
star
31

embedded_django

a minimal django application template
Python
8
star
32

goattribute

goattribute is a lightweight Go library that allows you to set (and get) attributes of a struct dynamically, using dot notation (e.g., `a.b.c`).
Go
6
star
33

go_sampler

A sample for Go project
Go
5
star
34

asp_mssql_tool

exec mssql command on asp lang
ASP
4
star
35

hyperapp-startup

hyperapp startup boilerplate
JavaScript
4
star
36

Talks

ppt and code in some talks
HTML
4
star
37

webhook

github/bitbucket/coding push webhook
PHP
2
star
38

gin-cookiecutter

Gin template for cookiecutter
Go
1
star
39

vue3-cookiecutter

template for vue3 + vite
SCSS
1
star
40

git-skill

1
star
41

django-cookiecutter

cookiecutter is a command-line utility that creates projects from template.
Python
1
star