post-page

Kses based HTML checking

1
response
by
 
on
April 23rd, 2004
in
Code, Cool Scripts, Weblog Add-Ons

Kses are a set of PHP scripts written by Ulf which

removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks

I have modified the original kses distribution scripts to allow the checking of allowed HTML tags. This code will fill in incomplete or incorrectly nested HTML/XHTML tags as well. I am working towards coding an HTML filter and validator and this is the first step. Future enhancements include checking and correction of validitity according to the doc-type mentioned in the HEAD etc. For now, here is the link to the modified kses.php file.
For WordPress users, you can simply download this file, rename it to kses.php and upload it to the wp-includes directory of your WordPress installation. For all other uses, please follow the directions inside the kses distribution or your application.

heading
heading
One
Response

 

Comments

  1. Ali says:

    $allowed = array(
    ‘strong’ => array(),
    ’em’ => array(),
    ‘u’ => array(),
    ‘a’ => array(‘href’=>array(‘maxlen’=>100), ‘title’=>1, ‘target’=>1),
    ‘image’ => array(‘style’=>1, ‘src’=>array(‘maxlen’=>100), ‘border’=>array(‘maxval’=>5), ‘alt’=>1, ‘title’=>1, ‘hspace’=>array(‘maxval’=>10), ‘vspace’=>array(‘maxval’=>10), ‘width’=>array(‘maxval’=>400), ‘height’=>array(‘maxval’=>800), ‘align’=>1),
    ‘p’ => array(‘align’ => 1, ‘dir’ => 1),
    ‘font’ => array(‘size’=>array(‘maxval’=>20), ‘color’=>1, ‘style’=>1),
    ‘br’ => array(),
    ‘table’ => array(‘width’=>array(‘maxval’=>400), ‘cellpadding’=>1, ‘cellspacing’=>1, ‘border’=>array(‘maxval’=>5), ‘align’=>1, ‘style’=>1),
    ‘tbody’ => array(),
    ‘tr’ => array(),
    ‘td’ => array(),
    ‘ol’ => array(),
    ‘ul’ => array(),
    ‘li’ => array(),
    ‘blockquote’ => array()
    );



Obviously Powered by WordPress. © 2003-2013

css.php