HTML Purifier - Standards compliant HTML filter written in PHP

  •        73

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important.

http://htmlpurifier.org
https://github.com/ezyang/htmlpurifier

Tags
Implementation
License
Platform

   




Related Projects

Bluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS


bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.

HtmlSanitizer - Cleans HTML to avoid XSS attacks


HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style.

Sanitize.js - Sanitize.js is a whitelist-based HTML sanitizer.


Sanitize.js is a whitelist-based HTML sanitizer. Given a list of acceptable elements and attributes, Sanitize.js will remove all unacceptable HTML from a DOM node. Using a simple configuration syntax, you can tell Sanitize to allow certain elements, certain attributes within those elements, and even certain URL protocols within attributes that contain URLs. Any HTML elements or attributes that you don't explicitly allow will be removed.

Sanitize.js - Sanitize.js is a whitelist-based HTML sanitizer.


Sanitize.js is a whitelist-based HTML sanitizer.


sanitize - Whitelist-based Ruby HTML sanitizer.


Whitelist-based Ruby HTML sanitizer.

(X)HTML Markup Sanitizer


The XHTML Markup Sanitizer takes untrusted (X)HTML and massages it into real, trusted XHTML. It's particularly useful with content management systems where users are in control of markup, but you want to target XHTML1.1.

NodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node


Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them. Tutorial Guide explaining how each of the OWASP Top 10 vulnerabilities can manifest in Node.js web apps and how to prevent it.

owasp-mstg - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing and reverse engineering


This is the official GitHub Repository of the OWASP Mobile Security Testing Guide (MSTG). The MSTG is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the controls listed in the OWASP Mobile Application Verification Standard (MASVS). You can also read the MSTG on Gitbook or download it as an e-book. The MSTG is not complete yet. You can however get intermediate builds in multiple formats.

sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis


Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis

xss-filters - Secure XSS Filters


In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework


Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.##Why Should I use Sleepy Puppy?## Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.

OWASP Joomla Vulnerability Scanner Project


Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

loofah - HTML/XML manipulation and sanitization based on Nokogiri


HTML/XML manipulation and sanitization based on Nokogiri

JSanity - A secure-by-default, performance, cross-browser client-side HTML sanitization library


A secure-by-default, performant, cross-browser client-side HTML sanitization library.2/18/2016: @kh9n has completed a significant refactoring.

KayRa


KayRa is a Web Application Security Auditing Tool designed to test the security of websites by analyzing web pages. Some of the tests include: SQL Injection, XSS, Form behaviour with bad data. All tests carried out will be based on the OWASP guide.

parse5 - HTML parsing/serialization toolset for Node


HTML parsing/serialization toolset for Node.js. WHATWG HTML Living Standard (aka HTML5)-compliant.parse5 provides nearly everything you may need when dealing with HTML. It's the fastest spec-compliant HTML parser for Node to date. It parses HTML the way the latest version of your browser does. It has proven itself reliable in such projects as jsdom, Angular2, Polymer and many more.

bleach - An easy, HTML5, whitelisting HTML sanitizer.


An easy, HTML5, whitelisting HTML sanitizer.

Caja-HTML-Sanitizer - Bundles Google Caja's HTML Sanitizer within a npm installable node.js module


I don't have time to maintain this repo, and have long forgotten how any of it works. If anyone would like to take on ownership, please let me know.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.