Open Letter to Gareth Heyes: Regex html Sanitisation Doesn't Work
Image by bertboerland via Flickr
Dear Gareth Heyes,
I thank you for your response that claims Regex html Sanitisation can work.
As such, htmlReg and your article title falls outside the context of my original article. I do, however, applaud the concept of using the browser DOM. While I cannot comment on the efficacy of client side filtering for cross-site scripting (XSS), the use of a DOM is a reliable strategy to bypass parsing problems. A similar approach accounts for the success of htmlPurifier. Obviously, I do not begrudge some minimal use of regular expressions on pre-parsed normalised input.