Padraic Brady has a new post on his blog talking about a new proposal he's made for the Zend Framework about filtering and sanitizing HTML content.
For a while now, I've been keen to build a HTML Sanitisation solution for PHP. Where else would I end up putting it other than in Zend Framework? As I've explored in past articles [1] [2], HTML Sanitisation in PHP is a very inconsistent practice. [...] Isn't it possible to create a sanitiser that is both secure by default and performs well?
He talks about his Wibble tool that's become the base of his idea for a filtering feature built into the framework. It mainly uses the PHP DOM functionality and HTML Tidy for speed and parsing and was benchmarked as performing better than the HTMLPurifier tool. If you're interested, check out his proposal for its inclusion in the Zend Framework 2.0.