Login   Register  
PHP Classes
elePHPant
Icontem

Secure HTML parser and filter: Parse and filter insecure HTML tags and CSS styles

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Info   View files Example   Demos   Screenshots Screenshots   View files View files (37)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings  
2010-10-07 (3 years ago) RSS 2.0 feedNot enough user ratingsTotal: 1,511 All time: 2,394 This week: 1,492Up
Version License PHP version Categories  
secure-html-filter 1.0.0BSD License4HTML, Security, Parsers
Description Author  

This package can be used to parse and filter insecure HTML tags and CSS styles.

It comes with a general purpose markup parser class that can parse any type of markup documents like HTML, XML and DTD files.

There are several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in an useful way.

The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes.

The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks.

The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document.

The HTML links filter class can extract the links contained in an HTML document.

The DTD parser and CSS parser are utility classes used by the other classes.

Picture of Manuel Lemos
Name: Manuel Lemos <contact>
Classes: 38 packages by
Country: Portugal Portugal
Age: 45
All time rank: 1
Week rank: 1 Equal

  HTML and CSS filterExternal page  
Screenshots  
  • secure_html_filter.gif
  Files folder image Files  
File Role Description
Files folder imagedocumentation (6 files)
Files folder imagetest (1 file, 3 directories)
Accessible without login Plain text file test_safe_html_filter.php Example Example script that demonstrates how to parse and filter and HTML document file
Plain text file markup_filter_safe_html.php Class Secure HTML filter class
Plain text file css_parser.php Class CSS stylesheet parser class
Plain text file dtd_parser.php Class DTD parser class
Plain text file markup_filter_get_html_links.php Class HTML parser class to extract links from pages
Plain text file markup_filter_no_follow_html_links.php Class No follow HTML links filter class
Plain text file markup_filter_validator.php Class Filter class that validates HTML against a DTD
Plain text file markup_parser.php Class Main markup parser class
Accessible without login Plain text file secure_html_filter.php Example Script with forms to test the secure HTML filter classes
Accessible without login Plain text file test_css_parser.php Example CSS parser test script
Accessible without login Plain text file test_get_html_links.php Example Example script that demonstrates how to extract links from HTML pages
Accessible without login Plain text file test_markup_parser.php Example Example script that demonstrates how to parse any markup document into token elements
Accessible without login Plain text file test_xss_attacks.php Test Script that tests the results of the safe HTML filter class against the XSS attack vectors from ha.ckers.org

  Files folder image Files  /  documentation  
File Role Description
  Accessible without login Plain text file css_parser_class.html Doc. Documentation of the CSS parser class
  Accessible without login HTML file dtd_parser_class.html Doc. Documentation of the DTD parser class
  Accessible without login HTML file markup_filter_get_html_links_class.html Doc. Documentation of the filter get HTML links class
  Accessible without login HTML file markup_filter_safe_html_class.html Doc. Documentation of the filter HTML safe class
  Accessible without login HTML file markup_filter_validator_class.html Doc. Documentation of the filter validator class
  Accessible without login HTML file markup_parser_class.html Doc. Documentation of the main markup parser class

  Files folder image Files  /  test  
File Role Description
Files folder imageexpect (14 files)
Files folder imagegenerated (1 file)
Files folder imagesample (2 files)
  Accessible without login Plain text file test.php Test Markup parser unit test suite

  Files folder image Files  /  test  /  expect  
File Role Description
  Accessible without login Plain text file entities.txt Data Unit test expected results
  Accessible without login Plain text file entitiesinunsafeurl.txt Data Entities in unsafe URL test parsing output
  Accessible without login Plain text file quoteseparatingunsafeattribute.txt Data Quotes separating unsafe attribute test parsing output
  Accessible without login Plain text file safehtmlfilter.txt Data Test expected output
  Accessible without login Plain text file selectors.txt Data CSS selectors parsing output
  Accessible without login Plain text file simple.txt Data Unit test expected results
  Accessible without login Plain text file track_lines.txt Data Unit test expected results
  Accessible without login Plain text file unfinishedquotedtagattribute.txt Data Unit test expected results
  Accessible without login Plain text file unfinishedquotedtagattributevalue.txt Data Unit test expected results
  Accessible without login Plain text file unfinishedtag.txt Data Unit test expected results
  Accessible without login Plain text file unfinishedtagattribute.txt Data Unit test expected results
  Accessible without login Plain text file unfinishedtagattributevalue.txt Data Unit test expected results
  Accessible without login Plain text file unfinishedtagend.txt Data Unit test expected results
  Accessible without login Plain text file unicodestylevalues.txt Data Test expected output

  Files folder image Files  /  test  /  generated  
File Role Description
  Accessible without login Plain text file .cvsignore Data Dummy file to force the distribution of this directory

  Files folder image Files  /  test  /  sample  
File Role Description
  Accessible without login Plain text file simple.html Data HTML document used in the example scripts
  Accessible without login Plain text file xssAttacks.xml Data Definitions for the XSS attack vectors from ha.ckers.org

Downloadsecure-html-filter-2010-10-07.zip 121KB
Downloadsecure-html-filter-2010-10-07.tar.gz 100KB
Install with ComposerInstall with Composer
Needed packages  
Class DownloadWhy it is needed Dependency
Forms generation and validation Download .zip .tar.gz Used in the secure_html_filter.php Web interface test script Conditional
Generic XML parser class Download .zip .tar.gz It is neeeded to parse the xssAttacks.xml file with tested XSS attack vectors definitions Conditional
File cache class Download .zip .tar.gz It is necessary to manage parsed DTD cache files Conditional
 Version Control Reuses Unique User Downloads Download Rankings  
 0%1Total:1,511All time:2,394
 This week:0This week:1,492Up
 User Comments (1)