safehtml@pixelapes: — Pixel-Apes Oct 21 2004

Concerned about XSS (cross-site scripting)? This looks like it might be a useful little PHP HTML scrubber to santitize inputs. Written by some Russian coders, cool.

According to Freshmeat, it’s BSD licensed.

safehtml@pixelapes: — Pixel-Apes

SafeHTML v.1.2.0

SafeHTML is anti-XSS HTML parser, written in PHP.

Table of contents:
About this project
Authors and copyrights
Contacts

About this project

This parser strips down all potentially dangerous content within HTML:

  • opening tag without its closing tag 
  • closing tag without its opening tag 
  • any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”,
    “iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”,
    “link”, “meta”, “style”, “title”, “blink”, “xml” etc.
  • any of these attributes: on*, data*, dynsrc
  • javascript:/vbscript:/about: etc. protocols
  • /behavior etc. in styles
  • any other active content

It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.


SOME ADVERTISEMENTS THAT MIGHT BE RELATED TO THIS CONTENT


Leave a Reply



sell diamonds