HTML Purifier, just awesome!
Sometimes, I come across software so great I have to email the author. I decided to send an email to the author of HTML Purifier to tell him how useful I think his software is. He responded quickly too and was pleased to hear some positive feedback.
When creating a webpage, I do my best to ensure it validates. This makes me feel like I've done my job right. It is a bit unnerving to have a perfectly validating page, and then to find out a week later there is errors: left, right and centre! These are often the work of a WYSIWYG editor that improperly nests tags, use the <font> element, copied and pasted garbage from Microsoft Word and/or worse.
The most amazing thing I found out about HTML Purifier is that it will convert old deprecated tags into valid markup. Absolutely amazing! I can have an ancient WYSIWYG editor (I'm looking at you osCommerce) and have a littering of <center>s, <font>s and the like instantly converted into validating markup. Now that is something completely awesome in my opinion.
It is also very useful at stopping possible XSS attacks and the like. In a recent project that allows anyone to type into a WYSIWYG editor, I decided to use HTML Purifier to only allow the basics, for example, unordered and ordered lists, paragraph and the line break tag. This completely eliminates any JavaScript XSS worries and Cross Site Request Forgeries (something image elements can be made to do easily).
If you work with PHP, and you want validating XHTML and safety from today's attacks (that should be every web developer) I recommend checking out HTML Purifier.
Comments
Andrew
Posted on Sunday, 20th December 2009 @ 1:47pm.Hey mate,
That's a great find, I always cringe a bit when I see WYSIWYG having to spit out more complex mark-up. I will definately be using this behind ALL user content.
Cheers!
Leave a Comment
Note: Your comment may require approval before it is posted to the site.