Concerned about XSS (cross-site scripting)? This looks like it might be a useful little PHP HTML scrubber to santitize inputs. Written by some Russian coders, cool.
According to Freshmeat, it’s BSD licensed.
safehtml@pixelapes: — Pixel-Apes
SafeHTML v.1.2.0
SafeHTML is anti-XSS HTML parser, written in PHP.
Table of contents:
About this project
Authors and copyrights
ContactsAbout this project
This parser strips down all potentially dangerous content within HTML:
- opening tag without its closing tag
- closing tag without its opening tag
- any of these tags: “baseâ€, “basefontâ€, “headâ€, “htmlâ€, “bodyâ€, “appletâ€, “objectâ€,
“iframeâ€, “frameâ€, “framesetâ€, “scriptâ€, “layerâ€, “ilayerâ€, “embedâ€, “bgsoundâ€,
“linkâ€, “metaâ€, “styleâ€, “titleâ€, “blinkâ€, “xml†etc.- any of these attributes: on*, data*, dynsrc
- javascript:/vbscript:/about: etc. protocols
>>- /behavior etc. in styles
- any other active content
It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.
Link to share this: https://www.gabrielserafini.com/blog/2004/10/21/safehtmlpixelapes-pixel-apes/