mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-08 06:48:42 +00:00
Standards compliant HTML filter written in PHP.
http://htmlpurifier.org
70515dd48f
Previously, handleEnd was called for any end tag, except ones that were obviously spurious because there were no parent tags. Now, it is only called for end tags that are "approved." If an injector operates on the end tag, we automatically punt. There may be some optimizations that could be made to this procedure, but for now it's much more consistent. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> |
||
|---|---|---|
| art | ||
| benchmarks | ||
| configdoc | ||
| docs | ||
| extras | ||
| library | ||
| maintenance | ||
| plugins | ||
| smoketests | ||
| tests | ||
| .gitattributes | ||
| .gitignore | ||
| CREDITS | ||
| Doxyfile | ||
| FOCUS | ||
| INSTALL | ||
| INSTALL.fr.utf8 | ||
| LICENSE | ||
| NEWS | ||
| package.php | ||
| phpdoc.ini | ||
| README | ||
| release1-update.php | ||
| release2-tag.php | ||
| svn.php | ||
| test-settings.sample.php | ||
| TODO | ||
| VERSION | ||
| WHATSNEW | ||
| WYSIWYG | ||
README
All about HTML Purifier
HTML Purifier is an HTML filtering solution that uses a unique combination
of robust whitelists and agressive parsing to ensure that not only are
XSS attacks thwarted, but the resulting HTML is standards compliant.
HTML Purifier is oriented towards richly formatted documents from
untrusted sources that require CSS and a full tag-set. This library can
be configured to accept a more restrictive set of tags, but it won't be
as efficient as more bare-bones parsers. It will, however, do the job
right, which may be more important.
Places to go:
* See INSTALL for a quick installation guide
* See docs/ for developer-oriented documentation, code examples and
an in-depth installation guide.
* See WYSIWYG for information on editors like TinyMCE and FCKeditor
HTML Purifier can be found on the web at: http://htmlpurifier.org/