Secure HTML parser and filter: Parse and filter insecure HTML tags and CSS styles

Recommend this page to a friend!

Download .zip

Info

Example

Demos

Screenshots

View files (37)

Download .zip

Reputation

Support forum (1)

Blog (1)

Links

Ratings				Unique User Downloads		Download Rankings
87%				Total: 1,910		All time: 2,057 This week: 164

Version		License		PHP version		Categories
`secure-html-filter` 1.0.0		BSD License		4		HTML, Security, Parsers

Description

Author

This package can be used to parse and filter insecure HTML tags and CSS styles.

It comes with a general purpose markup parser class that can parse any type of markup documents like HTML, XML and DTD files.

There are several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in an useful way.

The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes.

The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks.

The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document.

The HTML links filter class can extract the links contained in an HTML document.

The DTD parser and CSS parser are utility classes used by the other classes.

Manuel Lemos

Performance

Level

Name:	Manuel Lemos is available for providing paid consulting. Contact Manuel Lemos .
Classes:	43 packages by Manuel Lemos
Country:	Portugal
Age:	53
All time rank:	1
Week rank:	5	2 in Portugal

Level 3

HTML and CSS filter

Open in a separate window

Screenshots

Files

File	Role	Description
`documentation` (6 files)
`test` (1 file, 3 directories)
`test_safe_html_filter.php`	Example	Example script that demonstrates how to parse and filter and HTML document file
`markup_filter_safe_html.php`	Class	Secure HTML filter class
`css_parser.php`	Class	CSS stylesheet parser class
`dtd_parser.php`	Class	DTD parser class
`markup_filter_get_html_links.php`	Class	HTML parser class to extract links from pages
`markup_filter_no_follow_html_links.php`	Class	No follow HTML links filter class
`markup_filter_validator.php`	Class	Filter class that validates HTML against a DTD
`markup_parser.php`	Class	Main markup parser class
`secure_html_filter.php`	Example	Script with forms to test the secure HTML filter classes
`test_css_parser.php`	Example	CSS parser test script
`test_get_html_links.php`	Example	Example script that demonstrates how to extract links from HTML pages
`test_markup_parser.php`	Example	Example script that demonstrates how to parse any markup document into token elements
`test_xss_attacks.php`	Test	Script that tests the results of the safe HTML filter class against the XSS attack vectors from ha.ckers.org

Files

documentation

File	Role	Description
`css_parser_class.html`	Doc.	Documentation of the CSS parser class
`dtd_parser_class.html`	Doc.	Documentation of the DTD parser class
`markup_filter_get_html_links_class.html`	Doc.	Documentation of the filter get HTML links class
`markup_filter_safe_html_class.html`	Doc.	Documentation of the filter HTML safe class
`markup_filter_validator_class.html`	Doc.	Documentation of the filter validator class
`markup_parser_class.html`	Doc.	Documentation of the main markup parser class

Files

test

File	Role	Description
`expect` (14 files)
`generated` (1 file)
`sample` (2 files)
`test.php`	Test	Markup parser unit test suite

Files

test

expect

File	Role	Description
`entities.txt`	Data	Unit test expected results
`entitiesinunsafeurl.txt`	Data	Entities in unsafe URL test parsing output
`quoteseparatingunsafeattribute.txt`	Data	Quotes separating unsafe attribute test parsing output
`safehtmlfilter.txt`	Data	Test expected output
`selectors.txt`	Data	CSS selectors parsing output
`simple.txt`	Data	Unit test expected results
`track_lines.txt`	Data	Unit test expected results
`unfinishedquotedtagattribute.txt`	Data	Unit test expected results
`unfinishedquotedtagattributevalue.txt`	Data	Unit test expected results
`unfinishedtag.txt`	Data	Unit test expected results
`unfinishedtagattribute.txt`	Data	Unit test expected results
`unfinishedtagattributevalue.txt`	Data	Unit test expected results
`unfinishedtagend.txt`	Data	Unit test expected results
`unicodestylevalues.txt`	Data	Test expected output

Files

test

generated

File	Role	Description
`.cvsignore`	Data	Dummy file to force the distribution of this directory

Files

test

sample

File	Role	Description
`simple.html`	Data	HTML document used in the example scripts
`xssAttacks.xml`	Data	Definitions for the XSS attack vectors from ha.ckers.org

	secure-html-filter-2010-10-07.zip 122KB
	secure-html-filter-2010-10-07.tar.gz
	Install with Composer

Needed packages

Class	Download	Why it is needed	Dependency
PHP Forms Class with HTML Generator and JavaScript Validation	.zip .tar.gz	Used in the secure_html_filter.php Web interface test script	Conditional
Generic XML parser class	.zip .tar.gz	It is neeeded to parse the xssAttacks.xml file with tested XSS attack vectors definitions	Conditional
File cache class	.zip .tar.gz	It is necessary to manage parsed DTD cache files	Conditional

Version Control

Reuses

Unique User Downloads

Download Rankings

Total:	1,910
This week:	0

All time:	2,057
This week:	164

User Ratings

User Comments (1)

	All time
Utility:	100%
Consistency:	100%
Documentation:	90%
Examples:	95%
Tests:	85%
Videos:	-
Overall:	87%
Rank:	3

As always another top quality class from well known PHP guru!...
12 years ago (max costa)

82%

Applications that use this package

No pages of applications that use this class were specified.

If you know an application of this package, send a message to the author to add a link here.

Other classes that need this package

Class	Why it is needed	Dependency
PHP Markdown Parser	Convert parsed Markdown tags to HTML	Conditional

Pages that reference this package


What are the best ways to prevent XSS attacks in PHP? Now, if you really need to accept HTML formatted user input, like you need to let the user enter an HTML formatted text, you need a really powerful HTML parser that recognizes dangerous HTML or malformed tags that could be used to make JavaScript code execute when the HTML is displayed...

Latest pages that reference packages

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.