Forums / Suggestions / htmLawed to filter/purify user input

htmLawed to filter/purify user input

« 
Previous topic
|
Suggestions
|
Next topic
 »
Author Message

S P

Tuesday 15 January 2008 5:03:10 pm

Developers might be interested in <i>htmLawed</i>, a 45-kb, single-file, non-OOP, GPLv3-licensed script with low basal memory usage (0.5 MB) to filter illegal/disallowed HTML (tags, attributes, etc.) from user input. It also reduces XSS vulnerabilities, balances tags, etc.

See http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php for more and for online demos.

Xavier Dutoit

Thursday 07 February 2008 3:41:31 am

This is an extension that does that (based on another library)

http://projects.ez.no/xmlwash

http://www.sydesy.com

S P

Monday 11 February 2008 2:01:45 pm

htmLawed has much more features than xmlwash like transformation of tags or attributes, restrictions on attributes, character entity checks and transformations, proper nesting of HTML elements, etc.

Also see <a href="http://htmlpurifier.org/comparison.html#HTML_Safe">this page</a>.

Xavier Dutoit

Wednesday 20 February 2008 2:36:41 pm

Oops, my bad, I thought it was a genuine question and not a plug for your product, thanks to have corrected me by pasting the list of feature without reading my answer ;)

Your program is the best, of course.

X+

http://www.sydesy.com

S P

Sunday 24 February 2008 12:37:01 pm

Mr. Dutoit,

I don't know why you are being so cynical and sarcastic. I was only informing about a simple, open-sourced script with a broad range of capabilities that would be of interest to eZ users.

You have a wrong attitude, one that doesn't befit a forum moderator.

This is my last post here, so feel free to remove this thread or close my account.

Xavier Dutoit

Monday 25 February 2008 10:55:29 pm

Hi,

The xmlwash extension is just a wrapper around another external library, hence when you compared it to your library providing a long list of your extra features, I thought you just replied randomly (still not convinced you looked long at it before judging what features one had and the other didn't).

Beside that, that's probably a few lines modification to integrate your library into it, and it seems indeed to handle some things better. If one is willing to dig into it, feel free ;)

As for my tone, I was trying to be more ironic than cynical ;) I suspect I read your post while having the "pleasure" to browse a forum full of random posts promoting various soft.

Sorry, it looks I throw the stone in the wrong direction. And that's not because I've been un needingly aggressive that I should hide it by deleting this thread.

X+

http://www.sydesy.com

eZ debug

Timing: Jan 18 2025 00:59:06
Script start
Timing: Jan 18 2025 00:59:06
Module start 'content'
Timing: Jan 18 2025 00:59:06
Module end 'content'
Timing: Jan 18 2025 00:59:06
Script end

Main resources:

Total runtime0.1471 sec
Peak memory usage4,096.0000 KB
Database Queries141

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0053 587.8125180.8281
Module start 'content' 0.00530.0049 768.640697.7891
Module end 'content' 0.01030.1367 866.4297527.8828
Script end 0.1470  1,394.3125 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00342.3147200.0002
Check MTime0.00140.9344200.0001
Mysql Total
Database connection0.00050.361010.0005
Mysqli_queries0.101468.97941410.0007
Looping result0.00140.92891390.0000
Template Total0.136492.810.1364
Template load0.00080.564310.0008
Template processing0.135692.205410.1356
Override
Cache load0.00060.397210.0006
Sytem overhead
Fetch class attribute can translate value0.00070.444710.0007
XML
Image XML parsing0.00020.166710.0002
General
dbfile0.00624.2149200.0003
String conversion0.00000.002630.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 1
 Number of unique templates used: 1

Time used to render debug report: 0.0002 secs