472,811 Members | 1,119 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > announce: wsgi xss prevention middleware

Join Bytes to post your question to a community of 472,811 software developers and data experts.

ANNOUNCE: WSGI XSS Prevention Middleware

Hi,

I've just written a python WSGI middleware class to mitigate
XSS flaws, it's released under the python license. I've
attached the docs below.

Cheers

Rich.

WSGI Middleware class that prevents cross-site scripting flaws
in WSGI applications being exploited. Potentially malicious GET
and POST variables are checked for, and if found, a 403
Forbidden response is sent to the client.

Note that this class can false positive on input such as XML
or passwords containing the '<' character, so it is not useful
in all contexts. In addition, you should note that this
middleware is not a replacement for properly validating
input and quoting output.

This class can be downloaded from:
http://www.westpoint.ltd.uk/dist/wsgisecurity.zip

Author: Richard Moore, ri**@westpoint.ltd.uk
Copyright: (c) 2006 Westpoint Ltd
License: Released under the Python License
Version: 1.0

Nov 24 '06 #1
0 1163
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
WSGI-server in the standard distro?
by: Thomas W | last post by:
Will there be a WSGI-server like BaseHTTPServer etc in the standard distro? I think that would increase the adoptation of the WSGI-standard. A new web-framework for python pops up every other week...
Python
2
Dumb-as-rocks WSGI serving using standard library
by: Ben Finney | last post by:
Howdy all, I'm trying to implement some new functionality for an existing PHP web application. Rather than writing a whole lot of stuff in PHP, and looking toward a future when more of the...
Python
1
Does WSGI offer anything for web *beginner*?
by: seberino | last post by:
I love idea of WSGI and hope it succeeds. It seems to be helpful for person tempted to write his own framework.....they can now just mix and match existing components with WSGI //instead//. I...
Python
11
WSGI - How Does It Affect Me?
by: Gregory Piñero | last post by:
So I keep hearing more and more about this WSGI stuff, and honestly I still don't understand what it is exactly and how it differs from CGI in the fundamentals (Trying to research this on the web...
Python
2
WSGI spec clarification regarding exceptions
by: Adam Atlas | last post by:
I'm trying to figure out if there's any defined behaviour in PEP 333 for instances where an application returns an iterable as usual without error, but that iterable's next() method eventually...
Python
8
Is wsgi ready for prime time?
by: Ron Garret | last post by:
The wsgiref module in Python 2.5 seems to be empty: $ python Python 2.5 (r25:51908, Mar 1 2007, 10:09:05) on darwin Type "help", "copyright", "credits" or "license" for more information. ...
Python
3
CGI vs WSGI
by: tuom.larsen | last post by:
Dear all, what is the difference? Middleware? I'm wondering because the only variables I ever needed were PATH_INFO, REQUEST_METHOD, QUERY_STRING and maybe one more, all of which should be...
Python
37
Yet another comparison of Python Web Frameworks
by: Michele Simionato | last post by:
At work we are shopping for a Web framework, so I have been looking at the available options on the current market. In particular I have looked at Paste and Pylons and I have written my...
Python
0
Very simple WSGI question
by: Matthew Wilson | last post by:
I want to write some middleware to notice when the inner app returns a 500 status code. I'm sure there are already sophisticated loggers that do this sort of thing, but I'm using this as a...
Python
0
linyimin
Speedup your spring application
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
General
2
isladogs
Access Europe meeting on Wed 6 Sept - Database Analyzer and other tools
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to insert a new record in a database
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
DB2 Database
0
Python code for finding the longest common subsequence
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
Python
5
To verify entry of a dropdown
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
Microsoft Access / VBA
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How does React native implement an English player?
by: lllomh | last post by:
How does React native implement an English player?
Mobile Development
0
How to calculate date of retirement from date of birth
by: Mushico | last post by:
How to calculate date of retirement from date of birth
Data Management
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!