Web 2.0: Pottymouth 1.0 Sanitizes User Input

Nov 08, 2007

Version 1.0 of Pottymouth, a Python module for HTML processsing has just been released. The tool helps sanitize user input from websites.

The mathematician and linguist Matt Chisholm designed the tool for any scenario in which untrained or untrusted users are allowed to enter HTML code or text: blogs, forums, web mailers, Web 2.0 applications and the like. Pottymouth sanitizes anything that could endanger the layout or security of a web application.

For example, the Python module prevents users from injecting Javascript via Iframe or script tags, event handler attributes or "javascript:" links, thus preventing scripting and cross site scripting attacks on websites and their users. Pottymouth attempts to protect the site layout by removing style tags, CSS input, and attributes such as "height" and "width". At the same time, it converts markups indicated in plain text ("*bold*") or lists into correct HTML and adds an HTTP prefix to "www" links

A source code archive, Debian and RPM packages of version 1.0 are available under the BSD license from the Pottymouth homepage, as is an online demonstration for potential users to test.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More