Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

CodeWall:
Filtering Faulty HTML Using Purifier Package
Aug 06, 2018 @ 14:22:26

On the CodeWall site there's a tutorial posted showing you how to clean up HTML with the Purifier package, a Composer-installable service provider for Laravel that acts as an interface for the main HTMLPurifier package.

And as every programmer is an artist and makes his/her own copy of CMS to put in the content and publish on a click of a button. Every one of those websites will have a text editor on them, so we can see the result as we write our content.

You can always learn how to integrate a text/html editor on your Laravel installation on one of my posts. We set our own stylesheets for styling various attributes on our content. But for that to work correctly, we need to have a proper HTML code in place.

The tutorial then shows how to install and use the package in your Laravel application. It also includes some advanced steps to publish the configuration file and update its settings (including changes to the allowed HTML tags and allowed CSS properties).

tagged: tutorial laravel htmlpurifier package install configure

Link: https://www.codewall.co.uk/filtering-faulty-html-using-purifier-package/

ZendCasts.com:
Writing Custom Zend Filters with HTMLPurifier
Jun 06, 2011 @ 16:07:13

On the ZendCasts.com site there's a new screencast showing you how to create custom Zend filters with HTMLPurifier, the standards-compliant tool that can remove potential issues from your HTML as well as restructure it to be more along the lines of the W3C specifications.

He shows how to set up the HTMLPurifier tool into your Zend Framework application so you can use it as a filter on your view's output. He sets it up as a new filter, ZC_Filter_HTMLPurifier, and creates the basic filtering interface library to make it work.

You can find out more about using filters in Zend Framework applications in this section of the manual.

tagged: zendframework screencast filter htmlpurifier tutorial

Link:

Padraic Brady's Blog:
CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations
May 10, 2011 @ 16:12:55

Padraic Brady has a new post looking at a cross-site scripting issue he came across when working with CodeIgniter 2.0.2 and some fixes and recommendations he has about correcting the situation.

EllisLabs’ news release for CodeIgniter 2.0.2 makes mention of "a small vulnerability". This small vulnerability is mentioned no where else (not even the actual changelog for 2.0.2). In reality, I reported seven distinct vulnerabilities across two classes. These vulnerabilities might allow an attacker to inject arbitrary HTML, CSS or Javascript, i.e. Cross-Site Scripting (XSS) into an application’s output.

He gives a list of four recommendations that CodeIgniter 2.0.2 users can take to creating (or updating) their applications including using HTMLPurifier when you need sanitization and ensuring that views and templates from third parties are clear of XSS issues.

tagged: crosssitescripting xss codeigniter filter htmlpurifier

Link:

Juozas Kaziukenas' Blog:
HTML filtering and XSS protection
Mar 23, 2009 @ 15:21:49

Juozas Kaziukenas has an example of how to keep you and your application's data safe from prying eyes by filtering input with the HTML_Purifier package.

It’s really hard to decide what data is acceptable, especially when user has permission to insert HTML content through form. [...] However, problem can be solved, and quite easily. Almost a year ago I was reading some random blog when I find out about HTML Purifier. Basically, it’s library which can filter and fix any HTML.

He gives an example - running a web scraping tool against a site with malformed HTML. By running it through the HTML_Purifier package first, the errors were corrected and the "more correct" HTML source could be parsed easily. The package also helps to protect from XSS attacks via a whole set of filters included by default.

tagged: html filtering xss protection htmlpurifier package

Link:

Padraic Brady's Blog:
Zend Framework Blog Tutorial - Part 8: Create/Add Blog Entries (HTMLPurifier)
May 14, 2008 @ 14:34:34

Padraic Brady has posted part eight of his series guiding you through his construction of Zend Framework-based blogging software:

In Part 8 of the ongoing saga describing how to build a real world blog application using the Zend Framework we finally reach the point at which we concentrate on blog entries. At the end of this Part, we will be able to create and edit entries in preparation for Part 9 when we will explore displaying them to the world!

In this part, he shows how to add in the Entry controller with an Add action inside (and what code goes in them). He makes a Zend_Form extended form and throws in some validation, a use of HTMLPurifier and the code to push these entries into your database.

tagged: zendframework application entry zendform htmlpurifier database

Link:

Padraic Brady's Blog:
HTMLPurifer 3.1.0 Release Candidate Available
Apr 23, 2008 @ 14:31:40

Padraic Brady has noted that the latest release candidate of the HTMLPurifier software has been posted for download:

HTMLPurifer is possibly the most understated underpublicised quality library in PHP today. I consider it a fundamental standard library that is automatically included in every PHP web application I start these days.

This latest release candidate (their first!) includes updates on two major features - the use of autoloading and a change to the way you use the filters. Check out a demo of it in action or just download this latest release and try it out for yourself.

tagged: htmlpurifier candidate release download demo filter autoload

Link:

Mindloop Blog:
Htmlpurifier and the CodeIgniter framework
Jul 11, 2007 @ 17:40:00

From the Mindloop blog today, there's a quick new tutorial on getting HtmlPurifier to work happily with the CodeIgniter framework.

HtmlPurifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant. [...] Although Codeigniter comes with it's own XSS filtering method, I prefer the use of the HtmlPurifier.

Installation is simple, involving only a four step process (including the download) and using it is just as easy. It's (basically) just a matter of loading the library and calling the purify method to output the corrected HTML.

tagged: htmlpurifier codeigniter framework html filter install htmlpurifier codeigniter framework html filter install

Link:

Mindloop Blog:
Htmlpurifier and the CodeIgniter framework
Jul 11, 2007 @ 17:40:00

From the Mindloop blog today, there's a quick new tutorial on getting HtmlPurifier to work happily with the CodeIgniter framework.

HtmlPurifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant. [...] Although Codeigniter comes with it's own XSS filtering method, I prefer the use of the HtmlPurifier.

Installation is simple, involving only a four step process (including the download) and using it is just as easy. It's (basically) just a matter of loading the library and calling the purify method to output the corrected HTML.

tagged: htmlpurifier codeigniter framework html filter install htmlpurifier codeigniter framework html filter install

Link:


Trending Topics: