XML News from Sunday, August 20, 2006

Ambush Commander has posted a beta of HTMLPurifier 1.0.0, a PHP library for filtering unsafe HTML from incoming data and rendering it standards conformant. This helps prevent cross-site-scripting attacks. "HTML Purifier takes a different approach, one that doesn't use specification-ignorant regexes or narrow blacklists. HTML Purifier will decompose the whole document into tokens, and rigorously process the tokens by: removing non-whitelisted elements, transforming bad practice tags like font into span, properly checking the nesting of tags and their children and validating all attributes according to their RFCs." HTMLPurifier is published under the LGPL.