SafeHTML is anti-XSS HTML parser, written in PHP.

written and distributed under the BSD License

About this project

This parser strips down all potentially dangerous content within HTML:

  • opening tag without its closing tag 
  • closing tag without its opening tag 
  • any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”,
    “iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”,
    “link”, “meta”, “style”, “title”, “blink”, “xml” etc.
  • any of these attributes: on*, data*, dynsrc
  • javascript:/vbscript:/about: etc. protocols
  • expression/behavior etc. in styles
  • any other active content

It also tries to convert code to XHTML valid, but htmltidy is far better solution for this task.

Authors and copyrights

Author: Roman Ivanov.
Copyrights: © 2004–2005, Roman Ivanov
© 2004–2005, Pixel-Apes
© 2004–2005, JetStyle


If you found any bugs in this parser, please inform us — Bugtracker.

Please, subscribe to rss feed in order to receive notices
when SafeHTML will be updated.

Show Files (2 files)

Read comments (2 comments)