Tag Archives: security

PottyMouth moved to BitBucket

I’ve moved PottyMouth to BitBucket.org, where you can keep up to date with PottyMouth releases, subscribe to feeds, request features, and contribute patches. (It’s also on PyPi.)

In the last few months, I’ve fixed a bunch of poor design decisions on my part around encoding and repr() within PottyMouth, and added new syntax suggested by users. The latest version is 1.2.0.

HttpOnly cookies in Python & Pylons

Thanks to Jeff Atwood for posting about the benefits of the HttpOnly flag on cookies. Support for HttpOnly cookies has now been added to Python 2.6′s Cookie module, and Paste’s WSGIResponse. Pylons applications can now use the HttpOnly flag to protect cookies, significantly raising the bar against XSS attacks on users of those applications.

Latest versions of Firefox, Opera, and Internet Explorer already support HttpOnly. Now all that’s left is for Apple to fix CFNetwork to support HttpOnly and then WebKit/Safari will be able to support it too.

PottyMouth ported to Ruby

I’ve ported PottyMouth 1.0.2, my library for transforming completely unstructured and untrusted text to valid, nice-looking, completely safe XHTML, from Python to Ruby 1.9. If you’re a Ruby user or fan, let me know what you think. This is part of a larger project to learn and evaluate Ruby. I’ll be posting my findings soon, so subscribe if you’re curious why I used Ruby 1.9, or if you’re interested in reading my thoughts on Ruby.