search

phith0n / python-xss-filter

Based on native Python module HTMLParser purifier of HTML, To Clear all javascript in html
115 stars 64 forks source link

fix non-standard tag parse error #3

Closed duoduo369 closed 8 years ago

duoduo369 commented 8 years ago

When html parse feed a non-standard tag, parse will raise error.

parser.feed('''<p><img src onerror="alert('xss1')"/></p>''')

/root/projects/python-xss-filter/pxfilter.py in _htmlspecialchars(self, html)
    184
    185     def _htmlspecialchars(self, html):
--> 186         return html.replace("<", "&lt;")\
    187             .replace(">", "&gt;")\
    188             .replace('"', "&quot;")\

after fix, it will be:

'<p><img src="" /></p>'