翻訳と辞書 Words near each other ・ HTL Buses ・ HTLINGUAL ・ HTLV-III ・ HTM ・ HTM Personenvervoer ・ HTM Skytrac ・ HTMF Mahajanga ・ HTMi ・ HTML ・ HTML Application ・ HTML attribute ・ HTML Components ・ HTML editor ・ HTML element ・ HTML email ・ HTML sanitization ・ HTML scripting ・ HTML Tidy ・ HTML Working Group ・ HTML+TIME ・ HTML-Kit ・ HTML5 ・ HTML5 Audio ・ HTML5 File API ・ HTML5 in mobile devices ・ HTML5 Shiv ・ HTML5 video ・ HTML5test ・ HTMLayout ・ HTMLBars Dictionary Lists mini英和辞書 mini和英辞書 Webster 1913 Latin-English FOLDOC Wikipedia English ウィキペディア

翻訳と辞書　辞書検索 [ 開発暫定版 ] スポンサード リンク HTML sanitization ： ウィキペディア英語版 HTML sanitization HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe" and desired. HTML sanitization can be used to protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user. Basic tags for changing fonts are often allowed, such as <b>, <i>, <u>, <em>, and <strong> while more advanced tags such as <script>, <object>, <embed>, and <link> are removed by the sanitization process. Also potentially dangerous attributes such as the onclick attribute are removed in order to prevent malicious code from being injected. Sanitization is typically performed by using either a whitelist or a blacklist approach. An item left off a whitelist, makes the sanitization produce HTML code that lacks safe elements. If an item is left off a blacklist, a vulnerability will be present in the sanitized HTML output. New unsafe HTML features, introduced after a blacklist has been defined, causes the blacklist to become out of date. Further sanitization can be performed based on rules which specify what operation is to be performed on the subject tags. Typical operations include removal of the tag itself while preserving the content, preserving only the textual content of a tag or forcing certain values on attributes.〔https://github.com/Vereyon/HtmlRuleSanitizer〕 == Implementations == In PHP, HTML sanitization can be performed using the strip_tags() function at the risk of removing all textual content following an unclosed less-than symbol or angle bracket.〔(【引用サイトリンク】title=strip_tags )〕 The HTML Purifier library is another popular option for PHP applications.〔http://www.htmlpurifier.org〕 In Java (and .NET), sanitization can be achieved by using the OWASP Java HTML Sanitizer Project.〔https://www.owasp.org/index.php/OWASP_Java_HTML_Sanitizer_Project〕 In .NET, a number of sanitizers use the Html Agility Pack, an HTML parser.〔http://htmlagilitypack.codeplex.com/〕〔http://eksith.wordpress.com/2011/06/14/whitelist-santize-htmlagilitypack/〕〔https://github.com/Vereyon/HtmlRuleSanitizer〕 抄文引用元・出典: フリー百科事典『 ウィキペディア（Wikipedia）』 ■ウィキペディアで「HTML sanitization」の詳細全文を読む スポンサード リンク 翻訳と辞書 : 翻訳のためのインターネットリソース Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.