Kses based HTML checking
If you like this post, please subscribe to our RSS feed to read our new posts every day.
Kses are a set of PHP scripts written by Ulf which
removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks
I have modified the original kses distribution scripts to allow the checking of allowed HTML tags. This code will fill in incomplete or incorrectly nested HTML/XHTML tags as well. I am working towards coding an HTML filter and validator and this is the first step. Future enhancements include checking and correction of validitity according to the doc-type mentioned in the HEAD etc. For now, here is the link to the modified kses.php file.
For WordPress users, you can simply download this file, rename it to kses.php and upload it to the wp-includes directory of your WordPress installation. For all other uses, please follow the directions inside the kses distribution or your application.
(No Ratings Yet)
Loading ...
Visitors who read this post, also read:
Related posts from the past
- W o r d p r e s s >> H a c k s >> / >> j a m i e t a l b o t . c o m
- WordPress 1.2 One Click Backup
- Updated Three Strikes Spam Protection Plugin Version 1.1 Beta
- New and Free Blogging website, no banners or popups
- CSS for code: Wrap long lines
- How to: Offsets and Paging
- XHTML syndication
- Adding Your Plugin to WP Extend Plugins With a Mac
- PHP Markdown 1.0
- Listing Your Plugin at the WordPress.org Plugin Directory
Comments RSS
Obviously Powered by 
$allowed = array(
’strong’ => array(),
‘em’ => array(),
‘u’ => array(),
‘a’ => array(’href’=>array(’maxlen’=>100), ‘title’=>1, ‘target’=>1),
‘image’ => array(’style’=>1, ’src’=>array(’maxlen’=>100), ‘border’=>array(’maxval’=>5), ‘alt’=>1, ‘title’=>1, ‘hspace’=>array(’maxval’=>10), ‘vspace’=>array(’maxval’=>10), ‘width’=>array(’maxval’=>400), ‘height’=>array(’maxval’=>800), ‘align’=>1),
‘p’ => array(’align’ => 1, ‘dir’ => 1),
‘font’ => array(’size’=>array(’maxval’=>20), ‘color’=>1, ’style’=>1),
‘br’ => array(),
‘table’ => array(’width’=>array(’maxval’=>400), ‘cellpadding’=>1, ‘cellspacing’=>1, ‘border’=>array(’maxval’=>5), ‘align’=>1, ’style’=>1),
‘tbody’ => array(),
‘tr’ => array(),
‘td’ => array(),
‘ol’ => array(),
‘ul’ => array(),
‘li’ => array(),
‘blockquote’ => array()
);
[Reply]
Ali (1 comments.) — 08/7/2006 @ 4:57 am