Monday, January 14th, 2008p>HTML Purifier 3.0 has been released.
What is HTML Purifier?
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C’s specifications.
What’s new in 3.0?
Release 3.0.0 is the first release of 2008 and also HTML Purifier’s first
PHP 5 only release.
The 2.1 series will still
be supported for bug and security fixes,
but will not get new features. This release a number of
improvements in CSS handling, including the filter
HTML Purifier with
CSSTidy for cleaning style sheets
(see the source code file for more information on usage), contains
experimental support for
proprietary CSS properties with %CSS.Proprietary, case-insensitive
CSS properties, and more lenient hexadecimal color codes. Also, all code
has been upgraded to full PHP 5 and is
E_STRICTclean for all versions of PHP 5 (including the
5.0 series, which previously had parse-time errors).
You can run a live demo to see it at work.
Posted by Dion Almaer at 6:08 am