Re: [PHP] Good HTML parser needed
- Date: Thu, 15 May 2008 10:56:34 +0800
- From: "Yi Wang" <wangyi6854@xxxxxxxxx>
- Subject: Re: [PHP] Good HTML parser needed
Can anyone provide some code that can't be stripped by strip_tags?
On 5/15/08, Eric Butera <eric.butera@xxxxxxxxx> wrote:
> On Wed, May 14, 2008 at 11:38 AM, Robert Cummings <robert@xxxxxxxxxxxxx> wrote:
> >
> >
> > On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote:
> > > On Tue, May 13, 2008 at 4:07 AM, James Dempster <letssurf@xxxxxxxxx> wrote:
> > > > http://htmlpurifier.org/
> > > >
> > > > --
> > > > /James
> > > >
> > >
> > > This is the only real solution.
> >
> > That depends... if I'm the webmaster and I want to input arbitrary HTML,
> > then htmlpurifier is unnecessary.
> >
> >
> >
> > Cheers,
> > Rob.
> > --
> > http://www.interjinn.com
> > Application and Templating Framework for PHP
> >
> >
>
>
> OP said "users." Strip tags doesn't bother with tag attributes so
> that is a security hole. Any regex type solution will encounter the
> same set of issues.
>
> Htmlpurifier actually strips down and re-builds your html from the
> ground against a nice whitelist filtering system that you can
> customize to your needs. No nasty tags/attributes will get through
> unless you want them to.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Regards,
Wang Yi
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php