I'm building a webmail, which must be able to display html emails. But how to prevent xss and similiar attacks, while not loosing html formatting?
In gmail, when I receive some emails from, lets say, twitter, they are nicely formatted. I'm after something like this.
Html5 supports sandbox attribute for iframes, which seems to solve my problem, but it's badly supported. I need a solution which works in MODERN browsers, but which doesn't become insecure in old browsers. It is acceptable for this NOT TO WORK at all in old browsers, but it cannot become insecure. It should work in IE9 and above.
What are my options?
Aucun commentaire:
Enregistrer un commentaire