SafeHTML
--------
Version 1.2.0.
http://pixel-apes.com/safehtml
--------
This parser strips down all potentially dangerous content within HTML:
* opening tag without its closing tag
* closing tag without its opening tag
* any of these tags: "base", "basefont", "head", "html", "body", "applet", "object",
"iframe", "frame", "frameset", "script", "layer", "ilayer", "embed", "bgsound",
"link", "meta", "style", "title", "blink", "xml" etc.
* any of these attributes: on*, data*, dynsrc
* javascript:/vbscript:/about: etc. protocols
* expression/behavior etc. in styles
* any other active content
It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.
If you found any bugs in this parser, please inform me -- ICQ:551593 or mailto:[email protected]
Please, subscribe to http://pixel-apes.com/safehtml/feed/rss feed in order to receive notices
when SAFEHTML will be updated.
-- Roman Ivanov.
-- Pixel-Apes ( http://pixel-apes.com ).
-- JetStyle ( http://jetstyle.ru/ ).
--------
Version history:
--------
1.2.0.
* "id" and "name" attributes added to dangerous attributes list, because malefactor can broke legal javascript by spoofing ID or NAME of some element.
* New method parse() allows to do all parsing process in two lines of code. Examples also updated.
* New array, closeParagraph, contains list of block-level elements. When we open such elemet, we should close paragraph before. . It allows SafeHTML to produce more XHTML compliant code.
* Added "webcal" to white list of protocols for those who uses calendar programs (Mozilla/iCal/etc).
* Now SafeHTML strips down table elements when we are not inside table.
* Now SafeHTML correctly closes unclosed "li" tags: before opening "li" of the same nesting level.
1.1.0.
* New "dangerous" protocols: hcp, ms-help, help, disk, vnd.ms.radio, opera, res, resource, chrome, mocha, livescript.
* <XML> tag was moved from "tags for deletion" to "tags for deletion with content".
* New "dangerous" CSS instruction "include-source" (NN4 specific).
* New array, Attributes, contains list of attributes for removal. If you need to remove "id" or "name" attribute,
just add it to this array.
* Now it is possible to choose between white-list and black-list filtering of protocols. Defaults are "white-list".
This list is: "http", "https", "ftp", "telnet", "news", "nntp", "gopher", "mailto", "file".
* For speed purposes, we now filter protocols only from these attributes: src, href, action, lowsrc, dynsrc,
background, codebase.
* Opera6 XSS bug ([\xC0][\xBC]script>alert(1)[\xC0][\xBC]/script> [UTF-8] workarounded.
1.0.4.
New "dangerous" tag: plaintext.
1.0.3.
Added array of elements that can have no closing tag.
1.0.2.
Bug fix: <img src="javascript:alert(1);"> attack.
Thanks to shmel.
1.0.1.
Bug fix: safehtml hangs on <style></style></style> code.
Thanks to lj user=electrocat.
1.0.0.
First public release
没有合适的资源?快使用搜索试试~ 我知道了~
基于PHP的Wikka高速可伸缩性软件.zip
共464个文件
php:223个
txt:70个
gif:68个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 2 浏览量
2023-07-23
00:32:21
上传
评论
收藏 1.37MB ZIP 举报
温馨提示
基于PHP的Wikka高速可伸缩性软件.zip
资源推荐
资源详情
资源评论
收起资源包目录
基于PHP的Wikka高速可伸缩性软件.zip (464个子文件)
BUGS 2KB
css-gen.cfg 0B
CHANGES 18KB
interwiki.conf 4KB
COPYING 18KB
COPYING 1KB
light.css 22KB
kubrick.css 20KB
wikka.css 19KB
wikkaedit.css 3KB
xml.css 2KB
xml.css 2KB
xml.css 2KB
print.css 412B
print.css 412B
print.css 412B
wizard.gif 11KB
dvdvideo.gif 5KB
header_tab.gif 4KB
header_logo.gif 4KB
bkg.gif 1KB
find.gif 988B
email.gif 938B
lock.gif 915B
h4.gif 879B
h2.gif 878B
h5.gif 878B
h1.gif 877B
h3.gif 875B
sort_desc.gif 869B
ext.gif 864B
ext.gif 864B
ext.gif 864B
comment.gif 864B
header_tl.gif 836B
ext_simple.gif 834B
ext_simple.gif 834B
ext_simple.gif 834B
header_br.gif 546B
body_back.gif 526B
doc.gif 474B
header_tr.gif 466B
user.gif 460B
user.gif 460B
user.gif 460B
formatting_rules.gif 422B
highlight.gif 386B
key-point_br.gif 386B
menu_br.gif 384B
shortcuts.gif 365B
forecolor.gif 342B
table.gif 287B
image.gif 194B
search.gif 191B
link.gif 175B
sourcecode.gif 149B
mail.gif 133B
mail.gif 133B
mail.gif 133B
key.gif 132B
indent.gif 112B
numlist.gif 111B
rawhtml.gif 110B
outdent.gif 110B
bullist.gif 108B
menu_tr.gif 107B
key-point_tr.gif 107B
key-point_tl.gif 103B
key-point_bl.gif 102B
comments.gif 101B
sort_asc.gif 97B
key-point_back.gif 94B
menu_back.gif 94B
rightfloat.gif 90B
underline.gif 90B
leftfloat.gif 90B
strike.gif 89B
italic.gif 79B
monospace.gif 79B
bold.gif 76B
submenu.gif 73B
justifycenter.gif 70B
hr.gif 63B
separator.gif 57B
.htaccess 1KB
.htaccess 91B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
.htaccess 58B
共 464 条
- 1
- 2
- 3
- 4
- 5
资源评论
助力毕业
- 粉丝: 2177
- 资源: 5130
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功