Forums / Suggestions / htmLawed to filter/purify user input

"Please Note:
  • At the specific request of Ibexa we are changing this projects name to "Exponential" or "Exponential (CMS)" effective as of August, 11th 2025.
  • This project is not associated with the original eZ Publish software or its original developer, eZ Systems or Ibexa".

htmLawed to filter/purify user input

« 
Previous topic
|
Suggestions
|
Next topic
 »
Author Message

S P

Tuesday 15 January 2008 5:03:10 pm

Developers might be interested in <i>htmLawed</i>, a 45-kb, single-file, non-OOP, GPLv3-licensed script with low basal memory usage (0.5 MB) to filter illegal/disallowed HTML (tags, attributes, etc.) from user input. It also reduces XSS vulnerabilities, balances tags, etc.

See http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php for more and for online demos.

Xavier Dutoit

Thursday 07 February 2008 3:41:31 am

This is an extension that does that (based on another library)

http://projects.ez.no/xmlwash

http://www.sydesy.com

S P

Monday 11 February 2008 2:01:45 pm

htmLawed has much more features than xmlwash like transformation of tags or attributes, restrictions on attributes, character entity checks and transformations, proper nesting of HTML elements, etc.

Also see <a href="http://htmlpurifier.org/comparison.html#HTML_Safe">this page</a>.

Xavier Dutoit

Wednesday 20 February 2008 2:36:41 pm

Oops, my bad, I thought it was a genuine question and not a plug for your product, thanks to have corrected me by pasting the list of feature without reading my answer ;)

Your program is the best, of course.

X+

http://www.sydesy.com

S P

Sunday 24 February 2008 12:37:01 pm

Mr. Dutoit,

I don't know why you are being so cynical and sarcastic. I was only informing about a simple, open-sourced script with a broad range of capabilities that would be of interest to eZ users.

You have a wrong attitude, one that doesn't befit a forum moderator.

This is my last post here, so feel free to remove this thread or close my account.

Xavier Dutoit

Monday 25 February 2008 10:55:29 pm

Hi,

The xmlwash extension is just a wrapper around another external library, hence when you compared it to your library providing a long list of your extra features, I thought you just replied randomly (still not convinced you looked long at it before judging what features one had and the other didn't).

Beside that, that's probably a few lines modification to integrate your library into it, and it seems indeed to handle some things better. If one is willing to dig into it, feel free ;)

As for my tone, I was trying to be more ironic than cynical ;) I suspect I read your post while having the "pleasure" to browse a forum full of random posts promoting various soft.

Sorry, it looks I throw the stone in the wrong direction. And that's not because I've been un needingly aggressive that I should hide it by deleting this thread.

X+

http://www.sydesy.com