safehtml@pixelapes: — Pixel-Apes

safehtml@pixelapes: — Pixel-Apes

Concerned about XSS (cross-site scripting)? This looks like it might be a useful little PHP HTML scrubber to santitize inputs. Written by some Russian coders, cool.

According to Freshmeat, it’s BSD licensed.

safehtml@pixelapes: — Pixel-Apes

SafeHTML v.1.2.0

SafeHTML is anti-XSS HTML parser, written in PHP.

Table of contents:
About this project
Authors and copyrights
Contacts

About this project

This parser strips down all potentially dangerous content within HTML:

  • opening tag without its closing tag 
  • closing tag without its opening tag 
  • any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”,
    “iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”,
    “link”, “meta”, “style”, “title”, “blink”, “xml” etc.
  • any of these attributes: on*, data*, dynsrc
  • javascript:/vbscript:/about: etc. protocols
  • /behavior etc. in styles
  • any other active content

It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.

Leave a Reply

sell diamonds