SafeHTML 1.3.7 review

Download
by rbytes.net on

SafeHTML is an anti-XSS HTML parser, written in PHP. This parser strips down all potentially dangerous content within HTML: · o

License: BSD License
File size: 15K
Developer: Roman Ivanov
0 stars award from rbytes.net

SafeHTML is an anti-XSS HTML parser, written in PHP.

This parser strips down all potentially dangerous content within HTML:

opening tag without its closing tag
closing tag without its opening tag
any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”, “iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”, “link”, “meta”, “style”, “title”, “blink”, “xml” etc.
any of these attributes: on*, data*, dynsrc
javascript:/vbscript:/about: etc. protocols
expression/behavior etc. in styles
any other active content

SafeHTML also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.

What's New in This Release:
This release adds a whitelist of "namespaced" attributes.
It has more accurate UTF-7 decoding and minor improvements.

SafeHTML 1.3.7 keywords