htmLawed to filter/purify user input

« 
Previous topic
|
Suggestions
|
Next topic
 »
Author Message

S P

Tuesday 15 January 2008 5:03:10 pm

Developers might be interested in <i>htmLawed</i>, a 45-kb, single-file, non-OOP, GPLv3-licensed script with low basal memory usage (0.5 MB) to filter illegal/disallowed HTML (tags, attributes, etc.) from user input. It also reduces XSS vulnerabilities, balances tags, etc.

See http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php for more and for online demos.

Xavier Dutoit

Thursday 07 February 2008 3:41:31 am

This is an extension that does that (based on another library)

http://projects.ez.no/xmlwash

http://www.sydesy.com

S P

Monday 11 February 2008 2:01:45 pm

htmLawed has much more features than xmlwash like transformation of tags or attributes, restrictions on attributes, character entity checks and transformations, proper nesting of HTML elements, etc.

Also see <a href="http://htmlpurifier.org/comparison.html#HTML_Safe">this page</a>.

Xavier Dutoit

Wednesday 20 February 2008 2:36:41 pm

Oops, my bad, I thought it was a genuine question and not a plug for your product, thanks to have corrected me by pasting the list of feature without reading my answer ;)

Your program is the best, of course.

X+

http://www.sydesy.com

S P

Sunday 24 February 2008 12:37:01 pm

Mr. Dutoit,

I don't know why you are being so cynical and sarcastic. I was only informing about a simple, open-sourced script with a broad range of capabilities that would be of interest to eZ users.

You have a wrong attitude, one that doesn't befit a forum moderator.

This is my last post here, so feel free to remove this thread or close my account.

Xavier Dutoit

Monday 25 February 2008 10:55:29 pm

Hi,

The xmlwash extension is just a wrapper around another external library, hence when you compared it to your library providing a long list of your extra features, I thought you just replied randomly (still not convinced you looked long at it before judging what features one had and the other didn't).

Beside that, that's probably a few lines modification to integrate your library into it, and it seems indeed to handle some things better. If one is willing to dig into it, feel free ;)

As for my tone, I was trying to be more ironic than cynical ;) I suspect I read your post while having the "pleasure" to browse a forum full of random posts promoting various soft.

Sorry, it looks I throw the stone in the wrong direction. And that's not because I've been un needingly aggressive that I should hide it by deleting this thread.

X+

http://www.sydesy.com
Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing: Jan 18 2025 04:17:58
Script start
Timing: Jan 18 2025 04:17:58
Module start 'layout'
Timing: Jan 18 2025 04:17:58
Module start 'content'
Timing: Jan 18 2025 04:17:59
Module end 'content'
Timing: Jan 18 2025 04:17:59
Script end

Main resources:

Total runtime0.9309 sec
Peak memory usage4,096.0000 KB
Database Queries66

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0047 588.0313152.6406
Module start 'layout' 0.00470.0027 740.671939.4609
Module start 'content' 0.00740.9222 780.1328561.5156
Module end 'content' 0.92970.0012 1,341.648416.4688
Script end 0.9309  1,358.1172 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00320.3424160.0002
Check MTime0.00130.1420160.0001
Mysql Total
Database connection0.00060.067810.0006
Mysqli_queries0.871293.5839660.0132
Looping result0.00070.0757640.0000
Template Total0.900496.720.4502
Template load0.00260.277820.0013
Template processing0.897896.446520.4489
Template load and register function0.00020.021010.0002
states
state_id_array0.00100.106310.0010
state_identifier_array0.00110.119720.0006
Override
Cache load0.00220.2329300.0001
Sytem overhead
Fetch class attribute can translate value0.00100.110820.0005
Fetch class attribute name0.00180.197170.0003
XML
Image XML parsing0.00140.152320.0007
class_abstraction
Instantiating content class attribute0.00000.002690.0000
General
dbfile0.00070.0767160.0000
String conversion0.00000.000740.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
6content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
6content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
3content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
1print_pagelayout.tpl<No override>extension/community/design/community/templates/print_pagelayout.tplEdit templateOverride template
 Number of times templates used: 17
 Number of unique templates used: 5

Time used to render debug report: 0.0001 secs