1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
Overriding HTML::StripScripts to add tags
-----------------------------------------
The allowed tags and attributes in HTML::StripScripts is not complete. Unsafe
tags have been specifically left out (eg <script>).
If, however, you would like to add certain tags or attributes into the allowed
list, then you will need to override HTML::StripScripts (or
HTML::StripScripts::Parser).
In this example, I add the <meta> and <link> tags into tags allowed under
the <head> tag.
WARNING: Both of these tags are potentially DANGEROUS. So think very carefully
before you allow them. Imagine, for example:
<meta http-equiv="refresh" content="0;url=http://hackme.com" />
After enabling these tags, you will be able to filter them with Rules, for
instance:
$f = MyStripScripts->new({
Rules => { meta => \&check_meta_tags },
});
--------------------------------------------------------------------------------
In this example, I override the tag definitions in MyStripScripts.
To run the example:
- change to the examples/tags directory:
cd examples/tags
- then type:
perl tags.pl
The example parses the same HTML, first with HTML::StripScripts::Parser, then
with MyStripScripts (a subclass of HTML::StripScripts::Parser) and prints out
the two versions.
No checking of the values is done.
The example script requires HTML::StripScripts::Parser to work.
|
