Secure HTML parser and filter (xss, browser detection, dtd, css parser)

Name:	Secure HTML parser and filter Support forum
Base name:	`secure-html-filter`
Description:	Parse and filter insecure HTML tags and CSS styles
Related top rated classes:	xss, browser detection, dtd, css parser
Version:	`-`
Required PHP version:	`4`
License:	BSD License
All time users:	439 users
All time rank:	3829
Week users:	7 users
Week rank:	1164

	Screenshots		Author		Groups		Detailed description		Freshmeat project

	User ratings		Dependencies		Applications		Files

Screenshots

Screenshot of the Web user interface to test the secure HTML filter class

File	Role	Description
`secure_html_filter.gif`	Screen	Screenshot of the Web user interface to test the secure HTML filter class

Author

Name:	Manuel Lemos `<e-mail contact>`
Published packages:	30 Browse this author's classes
Country:	Portugal - PHP jobs in Portugal
Home page:	`http://www.ManuelLemos.net/`
Age:	41
All time rank:	1
Week rank:	1

Groups

	HTML	HTML generation and processing	View top rated classes
	Security	Security protection and attack detection	View top rated classes

This package can be used to parse and filter insecure HTML tags and CSS styles.

It comes with a general purpose markup parser class that can parse any type of markup documents like HTML, XML and DTD files.

There are several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in an useful way.

The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes.

The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks.

The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document.

The HTML links filter class can extract the links contained in an HTML document.

The DTD parser and CSS parser are utility classes used by the other classes.

Freshmeat project

Project record:	`secure-php-html-parser-and-filter`
Popularity score:	124.8
Vitality score:	1.53

User ratings

There are not enough user ratings to display for this class.

Packages needed by this class

Class	Dependency	Why it is needed
Forms generation and validation	Conditional	Used in the secure_html_filter.php Web interface test script
Generic XML parser class	Conditional	It is neeeded to parse the xssAttacks.xml file with tested XSS attack vectors definitions
File cache class	Conditional	It is necessary to manage parsed DTD cache files

Applications that use this class

No application links were specified for this class.

If you know an application of this package, send a message to the author to add a link here.

Files

File	Role	Description
`test_safe_html_filter.php`	Example	Example script that demonstrates how to parse and filter and HTML document file
`markup_filter_safe_html.php`	Class	Secure HTML filter class
`documentation`
`markup_filter_safe_html_class.html`	Doc.	Documentation of the filter HTML safe class
`css_parser.php`	Class	CSS stylesheet parser class
`documentation`
`markup_parser_class.html`	Doc.	Documentation of the main markup parser class
`dtd_parser.php`	Class	DTD parser class
`markup_filter_get_html_links.php`	Class	HTML parser class to extract links from pages
`markup_filter_validator.php`	Class	Filter class that validates HTML against a DTD
`markup_parser.php`	Class	Main markup parser class
`secure_html_filter.php`	Example	Script with forms to test the secure HTML filter classes
`test/expect`
`entities.txt`	Data	Unit test expected results
`entitiesinunsafeurl.txt`	Data	Entities in unsafe URL test parsing output
`quoteseparatingunsafeattribute.txt`	Data	Quotes separating unsafe attribute test parsing output
`safehtmlfilter.txt`	Data	Test expected output
`simple.txt`	Data	Unit test expected results
`track_lines.txt`	Data	Unit test expected results
`unfinishedquotedtagattribute.txt`	Data	Unit test expected results
`unfinishedquotedtagattributevalue.txt`	Data	Unit test expected results
`unfinishedtag.txt`	Data	Unit test expected results
`unfinishedtagattribute.txt`	Data	Unit test expected results
`unfinishedtagattributevalue.txt`	Data	Unit test expected results
`unfinishedtagend.txt`	Data	Unit test expected results
`unicodestylevalues.txt`	Data	Test expected output
`test/generated`
`.cvsignore`	Data	Dummy file to force the distribution of this directory
`test/sample`
`simple.html`	Data	HTML document used in the example scripts
`xssAttacks.xml`	Data	Definitions for the XSS attack vectors from ha.ckers.org
`test`
`test.php`	Test	Markup parser unit test suite
`test_css_parser.php`	Example	CSS parser test script
`test_get_html_links.php`	Example	Example script that demonstrates how to extract links from HTML pages
`test_markup_parser.php`	Example	Example script that demonstrates how to parse any markup document into token elements
`test_xss_attacks.php`	Test	Script that tests the results of the safe HTML filter class against the XSS attack vectors from ha.ckers.org

Download all files: secure-html-filter.tar.gz secure-html-filter.zip
NOTICE: if you are using a download manager program like 'GetRight', please Login before trying to download this archive.

Copyright (c) Icontem 1999-2009	PHP Classes	- PHP Class Scripts
	PHP Book Reviews	- Reviews of books and other products

Class: Secure HTML parser and filter