Reputation: 181
HTML purifying in php
I am writing PHP class which have to remove all potentially dangerous elements or bogus html tag (such as bad links) from HTML source.
Usually I would use HTML Purifier library or similar library,
but self-written code is required in this project.
There are two conditions:
- It can not have more than 3kB code
- it should execute really fast
I wrote something that could do the job: http://pihost.pl/purify.php
but i do not know if it is safe enough to use
My question is:
Is there any way to test it properly?
Or maybe someone has quick, small and tested library like this?
Upvotes: 6
Views: 905
Answers (2)
Reputation: 447
This site has a ton of example exploits: http://ha.ckers.org/xss.html
You could try running those through your purifier and see what comes out the other side.
Upvotes: 0
Reputation: 95518
An important thing to consider -- how does your purifier react to broken/malformed HTML? To combat that situation, I would suggest running it through PHP tidy first to clean up the HTML, before you purify it.
If you want a series of tests, you can try checking out the tests that HTMLPurifier uses.
Upvotes: 1
Related Questions
- Sanitizing HTML input
- Alternative of html purifier
- PHP - HTML Purifier - hello w<o>rld/world tutorial striptags
- HTML Purifier - what to purify?
- Remove javascript from user input but still allow html with PHP?
- HTML Purifier to clean event attributes
- PHP Keeping HTML Clean
- HTML Purifier Filter Elements
- PHP HTML sanitizer
- Best way to sanitize content with PHP?