Forum List Message List New Topic
inazo
[Misc] How secure is HTML Purifier?
February 20, 2007 05:09AM

Hello,

Sorry for my lower english skill, i'm french ...

But i have one question about HTML PURIFIER. What is it percent of security ? So in informatic nothing have 100% of security level. But i think we can up web site to 98% if security with HTML PURIFIER and other tools for other "break" in php code.

To finish with HTML PURIFIER are we 100% protect versus XSS ?

Thanks for HTML PURIFIER it's a really good tools.

Alexandre, Joly.

Edited 1 time(s). Last edit at 04/02/2007 06:31AM by Ambush Commander.

Reply Quote
Ambush Commander
Re: Percent of security ?
February 20, 2007 06:55PM

To date, there have not been any XSS vulnerabilities discovered in HTML Purifier. I personally will vouch that HTML Purifier is extremely safe: while I'm not so arrogant to say 100%, it's very close, due to the rigorous procedures it takes with HTML.

Donc, il est tr

Reply Quote
inazo
Re: Percent of security ?
February 21, 2007 02:52AM

Thanks for your answer. Really it's a good tools. Your french is not bad ^^.

Alexandre Joly.

Reply Quote
Newer Topic Older Topic
Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with < and >.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines: 

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with: 

.htmlpurifier-help {display:none;}

Message: