HTML Purifier - Standards compliant HTML filter written in PHP

  •        49

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

http://htmlpurifier.org
https://github.com/ezyang/htmlpurifier

Tags
Implementation
License
Platform

   




Related Projects

Bluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS


bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.

html-sanitizer-poc


Proof of concept for OWASP HTML Sanitizer for XSS prevention - https://code.google.com/p/owasp-java-html-sanitizer/

html-cleaner - Html cleaner - Whitelist based html sanitizer grails plugin


Html cleaner - Whitelist based html sanitizer grails plugin

elgg-htmlpurifier - HTML sanitization and filtering for Elgg using HTML Purifier


HTML sanitization and filtering for Elgg using HTML Purifier



connect-xss - Connect XSS Middleware that uses Caja html sanitizer


Connect XSS Middleware that uses Caja html sanitizer

insane - :pouting_cat: Lean and configurable whitelist-oriented HTML sanitizer


:pouting_cat: Lean and configurable whitelist-oriented HTML sanitizer

Sanitize.js - Sanitize.js is a whitelist-based HTML sanitizer.


Sanitize.js is a whitelist-based HTML sanitizer.

cl-sanitize - Whitelist-based Common Lisp HTML sanitizer


Whitelist-based Common Lisp HTML sanitizer

sanitize - Whitelist-based Ruby HTML sanitizer.


Whitelist-based Ruby HTML sanitizer.

rails-html-sanitizer


In Rails 4.2 and above this gem will be responsible for sanitizing HTML fragments in Rails applications, i.e. in the sanitize, sanitize_css, strip_tags and strip_links methods.Rails Html Sanitizer is only intended to be used with Rails applications. If you need similar functionality in non Rails apps consider using Loofah directly (that's what handles sanitization under the hood).

perl-HTML-StripScripts-Parser - HTML::StripScripts::Parser - XSS filter using HTML::Parser


HTML::StripScripts::Parser - XSS filter using HTML::Parser

(X)HTML Markup Sanitizer


The XHTML Markup Sanitizer takes untrusted (X)HTML and massages it into real, trusted XHTML. It's particularly useful with content management systems where users are in control of markup, but you want to target XHTML1.1.

html-laundry - HTML::Parser-based snippet cleaner and sanitizer


HTML::Parser-based snippet cleaner and sanitizer

sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis


Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis

Caja-HTML-Sanitizer - Bundles Google Caja's HTML Sanitizer within a npm installable node.js module


Bundles Google Caja's HTML Sanitizer within a npm installable node.js module

HTML-Sanitizer - Release history of HTML-Sanitizer


Release history of HTML-Sanitizer

ocaml-html-sanitizer - HTML and CSS sanitizer Erlang port and a command-line utility in OCaml


HTML and CSS sanitizer Erlang port and a command-line utility in OCaml

OWASP-Xenotix-XSS-Exploit-Framework


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reco

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework


Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.##Why Should I use Sleepy Puppy?## Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.