HTMLawed
a highly customizable PHP script to sanitize / make (X)HTML secure against XSS attacks, so users can edit HTML without risk of your site getting compromised by evildoers.
Install / Use
/learn @kesar/HTMLawedREADME
HTMLawed is ...
... a single-file, 45 kb PHP script that makes input text more secure, HTML standards-compliant, and suitable in general from the viewpoint of a web-page administrator, for use in the body of HTML, XHTML or XML documents. A simple HTMLTidy alternative, the htmLawed filter, processor, purifier, sanitizer, beautifier, etc., is highly customizable.
It ensures that HTML tags are balanced and properly nested tags, neutralizes code that may be used for cross-site scripting (XSS) attacks, limits allowed HTML elements, attributes, or URL protocols, tidies the code, and so forth.
As such is may serve as an alternative to HTMLtidy in a sanitation context.
This repository is ...
... a derivative, which closely tracks the original
Links
- The Original: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/
- The SF site where the official Original Releases are available (no cvs/svn/... repository there, though, just releases): http://sourceforge.net/projects/htmlawed/
- HTMLawed against RSnake's XSS attack vectors: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm
Related Skills
node-connect
346.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
107.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
346.8kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
346.8kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
