[Systers-dev] help with a html sanitizer

[Anna Granudd]

Hi,
I implemented the opportunity to write whatever questions you want for the
essay directly when creating a list, but now realized that my solution might
be a bit risky. The current solution (not yet implemented to the main
branch) makes it possible to enter the questions and formatting them
straight away with html code in a text field. This means that it's possible
to add code here (for instance some evil java script) that does whatever one
want and if some malicious person was to do this, it's a security risk that
we're facing. Of course, as long as it's just Systers who uses our code we'd
be fairly safe anyway since it's unlikely that one of us would do this, but
for future use it's still good to close this breach. This is where I'd like
some help. I thought it might be a good idea to implement a html sanitizer
here that only allows a few different ways of formatting. However, since I
don't have any experience with this I thought asking for help was in order.

One thought was to implement something like this:
http://stackoverflow.com/questions/699468/python-html-sanitizer-scrubber-filterDoes
any of you have experience with implementing a html sanitizer in
Python
(maybe even the one I though of) and could you then recommend me what to use
or how to attack this problem? I added a bug report for this, if you'd like
to have a look at it it can be found under
https://bugs.launchpad.net/systers/+bug/402121 Any other thoughts are of
course appreciated as well.


Thanks,
Anna