Several tools (mostly classes) give PHP applications the ability to strip bad HTML, enforce XHTML compliance, and more. These tools include Cyberai InputFilter, Deric Rethans filter, HTML Filter for PHP, HTML_Safe, kses, and Safe HTML checker. This comparison shows some of the important differences.
HTML Filters Configuration Form Fields Additional Class / Tool License Tags Attributes Whitelist Blacklist Dynamic All Single XSS SQL Injection Logic Max Len / Value Compliance Cyberai InputFilter GPL Yes Yes Yes Yes Yes Yes Yes Yes Yes No No Tags, Attributes Deric Rethans filter PHP (Yes) (Yes) (Yes) Yes No Yes No No Yes No No HTML Filter for PHP LGPL Yes Yes Yes No No No Yes No No No No Validation? HTML_Safe BSD Yes Yes Yes Yes No No Yes No No No No Tags kses GPL Yes Yes Yes No Yes No Yes No No No Yes Attributes Safe HTML checker ? Yes Yes Yes No No No Yes No No No No Tags
Configuration
Tags and Attributes includes the ability to specify which tags and attributes are allowed (whitelist) or disallowed (blacklist).
Dynamic represents the ability to dynamically configure which tags / attributes are allowed
Form fields – can the tool process all form fields and / or a single field. Though all forms fields is convenient, it may be necessary not to process specific field (e.g. Fields that contain html special characters text)
Additional
XSS – includes features for blocking cross site scripting attacks
SQL Injection – includes features for blocking SQL injection attacks
Logic – includes features for validating fields (e.g. email address, URL, etc.)
Max Len / Value – supports checking attribute values for minimum/maximum length and minimum/maximum value, to protect against Buffer Overflows and Denial of Service attacks against WWW clients and various servers
Compliance – enforces W3C / XHTML compliance with tags (requires open and close), attributes (requires double quotes)
Comparison of PHP HTML Filter ToolsPosted on Saturday, October 15, 2005 @ 02:10:47 CDT in General Sorry, Comments are not available for this article.
|