Posted by Ambush Commander on 08/18/06 19:52

HTMLPurifier is a new PHP library that filters HTML so that not only is
XSS thwarted, but the resulting HTML is standards-compliant! It's
licensed under LGPL, and is currently undergoing beta testing (beta
meaning that validation routines for a few shorthand CSS properties and
deprecated HTML properties are missing, but everything else is there).

The main difference from HTMLPurifier is that while older packages like
kses and HTML_Safe attempt to blacklist XSS, HTMLPurifier employs a
whitelist approach, breaking down an HTML document and rigorously
testing everything, whether it be a color declaration or an external
URI.

Try it out first: http://hp.jpsband.org/live/docs/examples/demo.php
Then grab a copy here: http://hp.jpsband.org/

• Next in forum: Re: can't get php to read ini file.
• Prev in forum: Re: Problem with Date in Email Header
• Thread view: HTMLPurifier - Standard Compliant HTML Filtering

[Reply to this message]