kses
kses is an HTML/XHTML security filter that removes all unwanted HTML elements and attributes, no matter how malformed the HTML input you give it. It also does several checks on attribute values. It can be used to avoid cross-site scripting (XSS), buffer overflows, and denial of service attacks. It is used by popular programs such as WordPress and Geeklog.
| Tags | Software Development Libraries Security Internet Web Dynamic Content |
|---|---|
| Licenses | GPL |
| Operating Systems | OS Independent |
| Implementation | PHP |
Recent releases
- 06 Feb 2005 23:53
Changes: This release added a second object-oriented kses version for PHP 5, uses isset() to avoid PHP notice warnings, changed chr(173) handling to help Asian users, and improved the handling of closing HTML elements.
- 29 Sep 2003 09:13
Changes: This release adds a new object-oriented version of kses, three new attribute value checks (minlen, minval, and valueless), a work-around for an Opera "feature" that treats chr(173) as whitespace, and some other minor changes.
- 25 Jul 2003 06:19
Changes: This release adds attribute value checks (maxlen and maxval), whitelisting of allowed URL protocols, XHTML, removal of Netscape 4's Javascript entities, and various bugfixes.
- 09 Jun 2003 09:19
No changes have been submitted for this release.
