PHP Classes
elePHPant
Icontem

CSP Filter: Filter HTML based on Content Security Policy

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Info   View files View files (9)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings  
2010-02-18 (5 years ago) RSS 2.0 feedNot enough user ratingsTotal: 511 All time: 5,341 This week: 1,052Up
Version License PHP version Categories  
cspfilter 0.25Custom (specified...5.0HTML, PHP 5, Security
Description Author  

This class can be used to filter HTML based on Content Security Policy.

It takes a DOM Document object loaded with the structure of an HTML document and process it to find violations of the Content Security Policy definition.

The class changes the document structure to filter and enforce the policy definitions, so the application can serve a compliant HTML document.

Innovation Award  
PHP Programming Innovation award nominee
April 2009
Number 9
When displaying HTML content submitted to a site by untrusted users, you need to be careful to not allow cross-site scripting and cross-site request forgery security exploits that can be performed by specially crafted HTML and Javascript.

Mozilla foundation people have defined a Content Security Policy that defines which HTML elements can be or not be included in a page.

This class can filter untrusted HTML using Mozilla Content Security Policy rules.

Manuel Lemos
Picture of Michael A. Peters
Name: Michael A. Peters <contact>
Classes: 6 packages by
Country: United States United States
Age: 42
All time rank: 877112 in United States United States
Week rank: 577 Up67 in United States United States Up
Innovation award
Innovation award
Nominee: 2x

Details provided by the author  
There are several files associated with this release.

1) cspfilter_class.php
--   The class file, and the only file you need to include
--   the class in your own projects.

2) license.txt
--   Common Public License v 1.0
--   The license this software is distributed under.

3) README.html
--   An introduction to the class, why I wrote it, what it
--   does and how to use it.

4) index.php
--   Passes README.html through the class for demonstrative
--   purposes

5) testimage.jpg
--   An image that demonstrates image source filtering
--   Used by README.html (and thus index.php)
--    If testimage.jpg is not available, any image will work,
--   name it testimage.jpg

6) testscript.js
--   JavaScript that demonstrates script source filtering
--   Used by README.html (and thus index.php)

7) ifobtest.php
--   php file that demonstrates iframe/object source filtering
--   Used by README.html (and thus index.php)

8) dom_script_test.php
--   Creates a test area where you can dynamically specify policy
--   rules and feed input to be passed through the output filter.
--   Linked to in README.html (and thus index.php)

9) READMETXT.txt
--   This file

NOTES

For best use of the examples, put all those files in a directory in a
php enabled web server. Then create the following symlinks in that dir:

ln -s index.php index.phps
ln -s cspfilter_class.php cspfilter_class.phps
ln -s dom_script_test.php dom_script_test.phps

If your web server is configured to follow symlinks and process .phps
files as application/x-httpd-php-source then you can view the source
to those files (linked in the files) as pretty syntax highlighted
php source.
  Files folder image Files  
File Role Description
Plain text file cspfilter_class.php Class The class file
Accessible without login Plain text file dom_script_test.php Example Class Playground
Accessible without login Plain text file ifobtest.php Aux. Example iframe/object
Accessible without login Plain text file index.php Example Example Script
Accessible without login Plain text file license.txt Lic. CPL License
Accessible without login HTML file README.html Doc. Documentation
Accessible without login Plain text file READMETXT.txt Doc. Setting up examples
Accessible without login Image file testimage.jpg Photo Example Image
Accessible without login Plain text file testscript.js Data Example JS

Downloadcspfilter-2010-02-18.zip 51KB
Downloadcspfilter-2010-02-18.tar.gz 50KB
Install with ComposerInstall with Composer
Needed packages  
Class DownloadWhy it is needed Dependency
IDNA Convert Download .zip .tar.gz convert to punycode Optional
 Version Control Unique User Downloads Download Rankings  
 0%Total:511All time:5,341
 This week:0This week:1,052Up