HTMLPurifier
Date 2007-09-18 04:00:24 | Category: PHP
|
WYSIWYG Editors require "allow HTML" for the system. But it must invite "Script Insertion" attacks easily.
kentauls told me HTMLPurifier. http://htmlpurifier.org/
It looks great especially smoketest for XSS. You should know HTMLPurifier can work with PHP5 only though the documentation tells us that it can work with PHP>=4.3.2.
Anyway, I've included this library into Protector.
You can try "postcommon_post_htmlpurify4guest.php" as protector's filter plugin.
But, it is just a sample. I'll modify my modules can use HTMLPurifier as necessary by config.
HTMLPurifier allows us "WYSIWYG forum" etc.
|
|