[BioRuby] Clustal ALN writer
Naohisa GOTO
ngoto at gen-info.osaka-u.ac.jp
Tue Jan 12 09:29:57 UTC 2010
Hi,
I'm not sure whether the prefix Bio::Html is suitable or not.
By the way, I'v tried some of your code in
http://github.com/pjotrp/bioruby/blob/color-alignment/
and found potential XSS.
a = Bio::Alignment.new
a.add_seq('ATCCATGG', '<script>alert("a");</script>')
a.add_seq('ATGCATGC', '<script>alert("b");</script>')
a.add_seq('<script>alert("c");</script>', 'c')
simple = Bio::Html::HtmlAlignment.new(a,
:title => '<script>alert("title");</script>')
html = simple.html()
File.open('/tmp/xss.html', 'w') { |w| w.print html }
For sequences, sequence names, and consensus lines,
using CGI.escapeHTML() will always be needed.
For the :title, if script users can set the title, it
should be escaped, but this prevents script programmers
using html tags in the title.
Naohisa Goto
ngoto at gen-info.osaka-u.ac.jp / ng at bioruby.org
On Mon, 11 Jan 2010 15:40:41 +0100
Pjotr Prins <pjotr.public14 at thebird.nl> wrote:
> I have created an colorized HTML alignment file with consensus
> information and amino acids showing evidence of positive selection
> (based on PAML output).
>
> http://thebird.nl/projects/test_color2.html
>
> I did a write up on the implementation at:
>
> http://bioruby.open-bio.org/wiki/BIORUBY_ALNCOLOR
>
> Enjoy,
>
> Pj.
>
>
>
>
More information about the BioRuby
mailing list