Secure HTML parser and filter
| Recommend this page to a friend! |  Stumble It! |
 Bookmark in del.icio.us |
| Author | ||
 |
|
|||||||||||||||||||
This package can be used to parse and filter insecure HTML tags and CSS styles.
It comes with a general purpose markup parser class that can parse any type of markup documents like HTML, XML and DTD files.
There are several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in an useful way.
The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes.
The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks.
The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document.
The HTML links filter class can extract the links contained in an HTML document.
The DTD parser and CSS parser are utility classes used by the other classes.
It comes with a general purpose markup parser class that can parse any type of markup documents like HTML, XML and DTD files.
There are several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in an useful way.
The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes.
The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks.
The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document.
The HTML links filter class can extract the links contained in an HTML document.
The DTD parser and CSS parser are utility classes used by the other classes.
| Classes of Manuel Lemos | > | Secure HTML parser and filter | > | Download .zip .tar.gz | > |  Support forum (1) |
> |  Blog |
> |   Latest changes |
||
|
|||||||||||||||||||||||
| Groups |  Screenshots |
Freshmeat project |  User ratings |
|||||
| Dependencies | Trackback | Applications | Related links |  Files |
||||||
| Groups | ||
 |
HTML | HTML generation and processing | View top rated classes |
|
Security | Security protection and attack detection | View top rated classes |
|
Parsers | Programming language interpreters and format parsers | View top rated classes |
| Screenshots |
||
 |
|
| Freshmeat project | ||
 |
|
| User ratings | ||
| There are not enough user ratings to display for this class. |
| Packages needed by this class | ||
| Class | Dependency | Why it is needed |
|---|---|---|
| Forms generation and validation | Used in the secure_html_filter.php Web interface test script | |
| Generic XML parser class | It is neeeded to parse the xssAttacks.xml file with tested XSS attack vectors definitions | |
| File cache class | It is necessary to manage parsed DTD cache files |
| Trackback links | ||
| Link | Description |
|---|---|
| What are the best ways to prevent XSS attacks in PHP? | Now, if you really need to accept HTML formatted user input, like you need to let the user enter an HTML formatted text, you need a really powerful HTML parser that recognizes dangerous HTML or malformed tags that could be used to make JavaScript code execute when the HTML is displayed... |
| Applications that use this class | ||
No application links were specified for this class.
If you know an application of this package, send a message to the author to add a link here.| Related links | ||
| Link | Description |
|---|---|
| Demo | Try the HTML and CSS filter here |
| Files |
||
| File | Role | Description | ||
|---|---|---|---|---|
| documentation (6 files) |
||||
| test (1 file, 3 directories) |
||||
 test_safe_html_filter.php |
Example | Example script that demonstrates how to parse and filter and HTML document file | ||
| markup_filter_safe_html.php |
Class | Secure HTML filter class | ||
| css_parser.php |
Class | CSS stylesheet parser class | ||
| dtd_parser.php |
Class | DTD parser class | ||
| markup_filter_get_html_links.php |
Class | HTML parser class to extract links from pages | ||
| markup_filter_no_follow_html_links.php |
Class | No follow HTML links filter class | ||
| markup_filter_validator.php |
Class | Filter class that validates HTML against a DTD | ||
| markup_parser.php |
Class | Main markup parser class | ||
| secure_html_filter.php |
Example | Script with forms to test the secure HTML filter classes | ||
| test_css_parser.php |
Example | CSS parser test script | ||
| test_get_html_links.php |
Example | Example script that demonstrates how to extract links from HTML pages | ||
| test_markup_parser.php |
Example | Example script that demonstrates how to parse any markup document into token elements | ||
| test_xss_attacks.php |
Test | Script that tests the results of the safe HTML filter class against the XSS attack vectors from ha.ckers.org | ||
| Files | / | documentation |
||
| File | Role | Description |
|---|---|---|
| css_parser_class.html |
Doc. | Documentation of the CSS parser class |
 dtd_parser_class.html |
Doc. | Documentation of the DTD parser class |
| markup_filter_get_html_links_class.html |
Doc. | Documentation of the filter get HTML links class |
| markup_filter_safe_html_class.html |
Doc. | Documentation of the filter HTML safe class |
| markup_filter_validator_class.html |
Doc. | Documentation of the filter validator class |
| markup_parser_class.html |
Doc. | Documentation of the main markup parser class |
| Files | / | test |
||
| Files | / | test | / | expect |
||
| File | Role | Description |
|---|---|---|
| entities.txt |
Data | Unit test expected results |
| entitiesinunsafeurl.txt |
Data | Entities in unsafe URL test parsing output |
| quoteseparatingunsafeattribute.txt |
Data | Quotes separating unsafe attribute test parsing output |
| safehtmlfilter.txt |
Data | Test expected output |
| selectors.txt |
Data | CSS selectors parsing output |
| simple.txt |
Data | Unit test expected results |
| track_lines.txt |
Data | Unit test expected results |
| unfinishedquotedtagattribute.txt |
Data | Unit test expected results |
| unfinishedquotedtagattributevalue.txt |
Data | Unit test expected results |
| unfinishedtag.txt |
Data | Unit test expected results |
| unfinishedtagattribute.txt |
Data | Unit test expected results |
| unfinishedtagattributevalue.txt |
Data | Unit test expected results |
| unfinishedtagend.txt |
Data | Unit test expected results |
| unicodestylevalues.txt |
Data | Test expected output |
| Files | / | test | / | generated |
||
| File | Role | Description |
|---|---|---|
| .cvsignore |
Data | Dummy file to force the distribution of this directory |
| Files | / | test | / | sample |
||
| File | Role | Description |
|---|---|---|
| simple.html |
Data | HTML document used in the example scripts |
| xssAttacks.xml |
Data | Definitions for the XSS attack vectors from ha.ckers.org |
| Download all files: secure-html-filter.tar.gz secure-html-filter.zip |
For more information send a message to info at phpclasses dot org.
Copyright (c) Icontem 1999-2013