472,811 Members | 1,119 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,811 software developers and data experts.

ANNOUNCE: WSGI XSS Prevention Middleware


I've just written a python WSGI middleware class to mitigate
XSS flaws, it's released under the python license. I've
attached the docs below.



WSGI Middleware class that prevents cross-site scripting flaws
in WSGI applications being exploited. Potentially malicious GET
and POST variables are checked for, and if found, a 403
Forbidden response is sent to the client.

Note that this class can false positive on input such as XML
or passwords containing the '<' character, so it is not useful
in all contexts. In addition, you should note that this
middleware is not a replacement for properly validating
input and quoting output.

This class can be downloaded from:

Author: Richard Moore, ri**@westpoint.ltd.uk
Copyright: (c) 2006 Westpoint Ltd
License: Released under the Python License
Version: 1.0

Nov 24 '06 #1
0 1163

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Thomas W | last post by:
Will there be a WSGI-server like BaseHTTPServer etc in the standard distro? I think that would increase the adoptation of the WSGI-standard. A new web-framework for python pops up every other week...
by: Ben Finney | last post by:
Howdy all, I'm trying to implement some new functionality for an existing PHP web application. Rather than writing a whole lot of stuff in PHP, and looking toward a future when more of the...
by: seberino | last post by:
I love idea of WSGI and hope it succeeds. It seems to be helpful for person tempted to write his own framework.....they can now just mix and match existing components with WSGI //instead//. I...
by: Gregory Piñero | last post by:
So I keep hearing more and more about this WSGI stuff, and honestly I still don't understand what it is exactly and how it differs from CGI in the fundamentals (Trying to research this on the web...
by: Adam Atlas | last post by:
I'm trying to figure out if there's any defined behaviour in PEP 333 for instances where an application returns an iterable as usual without error, but that iterable's next() method eventually...
by: Ron Garret | last post by:
The wsgiref module in Python 2.5 seems to be empty: $ python Python 2.5 (r25:51908, Mar 1 2007, 10:09:05) on darwin Type "help", "copyright", "credits" or "license" for more information. ...
by: tuom.larsen | last post by:
Dear all, what is the difference? Middleware? I'm wondering because the only variables I ever needed were PATH_INFO, REQUEST_METHOD, QUERY_STRING and maybe one more, all of which should be...
by: Michele Simionato | last post by:
At work we are shopping for a Web framework, so I have been looking at the available options on the current market. In particular I have looked at Paste and Pylons and I have written my...
by: Matthew Wilson | last post by:
I want to write some middleware to notice when the inner app returns a 500 status code. I'm sure there are already sophisticated loggers that do this sort of thing, but I'm using this as a...
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
by: lllomh | last post by:
How does React native implement an English player?
by: Mushico | last post by:
How to calculate date of retirement from date of birth
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.