SafeHTML 1.3.7 review
DownloadSafeHTML is an anti-XSS HTML parser, written in PHP. This parser strips down all potentially dangerous content within HTML: · o
|
|
SafeHTML is an anti-XSS HTML parser, written in PHP.
This parser strips down all potentially dangerous content within HTML:
opening tag without its closing tag
closing tag without its opening tag
any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”, “iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”, “link”, “meta”, “style”, “title”, “blink”, “xml” etc.
any of these attributes: on*, data*, dynsrc
javascript:/vbscript:/about: etc. protocols
expression/behavior etc. in styles
any other active content
SafeHTML also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.
What's New in This Release:
This release adds a whitelist of "namespaced" attributes.
It has more accurate UTF-7 decoding and minor improvements.
SafeHTML 1.3.7 search tags