safehtml@pixelapes: — Pixel-Apes

Concerned about XSS (cross-site scripting)? This looks like it might be a useful little PHP HTML scrubber to santitize inputs. Written by some Russian coders, cool.

According to Freshmeat, it’s BSD licensed.

SafeHTML v.1.2.0

SafeHTML is anti-XSS HTML parser, written in PHP.

Table of contents:
About this project
Authors and copyrights
Contacts

About this project

This parser strips down all potentially dangerous content within HTML:

opening tag without its closing tag

closing tag without its opening tag

any of these tags: â€œbaseâ€, â€œbasefontâ€, â€œheadâ€, â€œhtmlâ€, â€œbodyâ€, â€œappletâ€, â€œobjectâ€,
â€œiframeâ€, â€œframeâ€, â€œframesetâ€, â€œscriptâ€, â€œlayerâ€, â€œilayerâ€, â€œembedâ€, â€œbgsoundâ€,
â€œlinkâ€, â€œmetaâ€, â€œstyleâ€, â€œtitleâ€, â€œblinkâ€, â€œxmlâ€ etc.

any of these attributes: on*, data*, dynsrc

javascript:/vbscript:/about: etc. protocols

/behavior etc. in styles

any other active content

It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.

Link to share this: https://gabrielserafini.com/blog/2004/10/21/safehtmlpixelapes-pixel-apes/

Gabriel

safehtml@pixelapes: — Pixel-Apes

Leave a ReplyCancel reply

safehtml@pixelapes: — Pixel-Apes

Like it? Share it:

You may also like:

Leave a ReplyCancel reply