HTMLPurifier

Date 2007-09-18 04:00:24 | Category: PHP
in englishin japanese
WYSIWYG Editors require "allow HTML" for the system.
But it must invite "Script Insertion" attacks easily.

kentauls told me HTMLPurifier.
http://htmlpurifier.org/

It looks great especially smoketest for XSS.
You should know HTMLPurifier can work with PHP5 only though the documentation tells us that it can work with PHP>=4.3.2.

Anyway, I've included this library into Protector.

You can try "postcommon_post_htmlpurify4guest.php" as protector's filter plugin.

But, it is just a sample.
I'll modify my modules can use HTMLPurifier as necessary by config.

HTMLPurifier allows us "WYSIWYG forum" etc.


You can read more news at PEAK XOOPS.
http://xoops.peak.ne.jp

The URL for this story is:
http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=442