minte9
LearnRemember / PYTHON





Escape

Prevent xss attacks with html escape.
 
""" XSS
Prevent cross site scriting attacks
Escape html tags with html library
"""
import html

a = """& < " ' >"""
x = html.escape(a)

b = "<script>alert('hack');</script>"
y = html.escape(b)

print(x) # &amp; &lt; &quot; &#x27; &gt;
print(y) # &lt;script&gt;alert(&#x27;hack&#x27;);&lt;/script&gt;

XML

The sax library escape should execute faster.
 
""" XSS 
Prevent cross site scriting attacks
The sax library escape should execute faster
"""
from xml.sax.saxutils import escape
from xml.sax.saxutils import quoteattr

a = '< & >'
x = escape(a)

b = "a ' b"
y = quoteattr(b)

assert x == '&lt; &amp; &gt;'
assert y == '"a \' b"'

print('pass')



  Last update: 702 days ago


Questions and answers:




To prevent XSS attacks you must:

  • a) escape user input
  • b) validate user output


References and applications: