News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ZendCasts.com:
Writing Custom Zend Filters with HTMLPurifier
June 06, 2011 @ 11:07:13

On the ZendCasts.com site there's a new screencast showing you how to create custom Zend filters with HTMLPurifier, the standards-compliant tool that can remove potential issues from your HTML as well as restructure it to be more along the lines of the W3C specifications.

He shows how to set up the HTMLPurifier tool into your Zend Framework application so you can use it as a filter on your view's output. He sets it up as a new filter, ZC_Filter_HTMLPurifier, and creates the basic filtering interface library to make it work.

You can find out more about using filters in Zend Framework applications in this section of the manual.

0 comments voice your opinion now!
zendframework screencast filter htmlpurifier tutorial


Padraic Brady's Blog:
CodeIgniter 2.0.2 Cross-Site Scripting (XSS) Fixes And Recommendations
May 10, 2011 @ 11:12:55

Padraic Brady has a new post looking at a cross-site scripting issue he came across when working with CodeIgniter 2.0.2 and some fixes and recommendations he has about correcting the situation.

EllisLabs' news release for CodeIgniter 2.0.2 makes mention of "a small vulnerability". This small vulnerability is mentioned no where else (not even the actual changelog for 2.0.2). In reality, I reported seven distinct vulnerabilities across two classes. These vulnerabilities might allow an attacker to inject arbitrary HTML, CSS or Javascript, i.e. Cross-Site Scripting (XSS) into an application's output.

He gives a list of four recommendations that CodeIgniter 2.0.2 users can take to creating (or updating) their applications including using HTMLPurifier when you need sanitization and ensuring that views and templates from third parties are clear of XSS issues.

0 comments voice your opinion now!
crosssitescripting xss codeigniter filter htmlpurifier


Juozas Kaziukenas' Blog:
HTML filtering and XSS protection
March 23, 2009 @ 10:21:49

Juozas Kaziukenas has an example of how to keep you and your application's data safe from prying eyes by filtering input with the HTML_Purifier package.

It's really hard to decide what data is acceptable, especially when user has permission to insert HTML content through form. [...] However, problem can be solved, and quite easily. Almost a year ago I was reading some random blog when I find out about HTML Purifier. Basically, it's library which can filter and fix any HTML.

He gives an example - running a web scraping tool against a site with malformed HTML. By running it through the HTML_Purifier package first, the errors were corrected and the "more correct" HTML source could be parsed easily. The package also helps to protect from XSS attacks via a whole set of filters included by default.

0 comments voice your opinion now!
html filtering xss protection htmlpurifier package


Padraic Brady's Blog:
Zend Framework Blog Tutorial - Part 8 Create/Add Blog Entries (HTMLPurifier)
May 14, 2008 @ 09:34:34

Padraic Brady has posted part eight of his series guiding you through his construction of Zend Framework-based blogging software:

In Part 8 of the ongoing saga describing how to build a real world blog application using the Zend Framework we finally reach the point at which we concentrate on blog entries. At the end of this Part, we will be able to create and edit entries in preparation for Part 9 when we will explore displaying them to the world!

In this part, he shows how to add in the Entry controller with an Add action inside (and what code goes in them). He makes a Zend_Form extended form and throws in some validation, a use of HTMLPurifier and the code to push these entries into your database.

0 comments voice your opinion now!
zendframework application entry zendform htmlpurifier database


Padraic Brady's Blog:
HTMLPurifer 3.1.0 Release Candidate Available
April 23, 2008 @ 09:31:40

Padraic Brady has noted that the latest release candidate of the HTMLPurifier software has been posted for download:

HTMLPurifer is possibly the most understated underpublicised quality library in PHP today. I consider it a fundamental standard library that is automatically included in every PHP web application I start these days.

This latest release candidate (their first!) includes updates on two major features - the use of autoloading and a change to the way you use the filters. Check out a demo of it in action or just download this latest release and try it out for yourself.

0 comments voice your opinion now!
htmlpurifier candidate release download demo filter autoload


Mindloop Blog:
Htmlpurifier and the CodeIgniter framework
July 11, 2007 @ 12:40:00

From the Mindloop blog today, there's a quick new tutorial on getting HtmlPurifier to work happily with the CodeIgniter framework.

HtmlPurifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant. [...] Although Codeigniter comes with it's own XSS filtering method, I prefer the use of the HtmlPurifier.

Installation is simple, involving only a four step process (including the download) and using it is just as easy. It's (basically) just a matter of loading the library and calling the purify method to output the corrected HTML.

0 comments voice your opinion now!
htmlpurifier codeigniter framework html filter install htmlpurifier codeigniter framework html filter install



Community Events





Don't see your event here?
Let us know!


podcast community list deployment language laravel opinion bugfix tips series symfony framework interview voicesoftheelephpant introduction library api release package install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework