Tom Boutell is a seasoned technology leader and CTO with 11 years of hands-on engineering and security-focused open-source work, based in Philadelphia. He leads Apostrophe Technologies and drives the apostrophecms ecosystem, blending product-minded architecture with pragmatic engineering. Notably, he has contributed significant security hardening to the widely used sanitize-html library—closing iframe validation, script injection, scheme-based exploits, and DoS vectors to reduce XSS risk. Tom pairs executive technical leadership with active code-level involvement, ensuring the platforms he oversees remain robust and safe for end users.
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
Role in this project:
Security Engineer
Contributions:89 reviews, 63 commits, 119 PRs in 3 years 4 months
Contributions summary:Tom primarily focused on enhancing the security of the `sanitize-html` library. Their contributions involved addressing vulnerabilities related to iframe validation bypasses and script tag manipulation. Furthermore, the user implemented safeguards against scheme-based exploits and DoS attacks, demonstrating a proactive approach to security hardening. These changes focused on preventing potential cross-site scripting (XSS) and other malicious attacks that could compromise the library's integrity.
Contributions:1 PR, 1 push, 14 comments in 3 years
open-graphnodejsgraphapostrophecms
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Tom Boutell - Chief Technology Officer at Apostrophe