Filter out unwanted PHP / Javascript / HTML tags.
This class can filter input of stray or malicious PHP, Javascript or HTML tags and to prevent cross-site scripting (XSS) attacks. It should be used to filter input supplied by the user, such as an HTML code entered in form fields.
I have tried to make this class as easy as possible to use. You have control over the filter process unlike other alternatives, and can input a string or an entire array to be cleaned (such as $_POST).
By : animachine
** 1.2.0 features MUCH better XSS prevention **
Interactive Demo:
http://cyberai.com/inputfilter/
Readme File:
http://cyberai.com/inputfilter/readme.txt
PHPClasses Project Page: (view files online)
http://cyberai.users.phpclasses.org/browse/package/2189.html
Freshmeat Project Page:
http://freshmeat.net/projects/inputfilter/
= = =
Example usage using string input:
<?php
// include class file
require("class.inputfilter.php");
// setup user-defined arrays
$tags = array("em", "br");
$attributes = array("title", "selected");
// create customised filter object
$myFilter = new InputFilter($tags, $attributes, 0, 0); // more info on constructor in readme
$before = 'I <em TITLE="some text" foo selected>hope</em> this <stron<strong>g>works</stron</strong>g>, <br>dont you?';
$after = $myFilter->process($before);
?>
$after: I <em TITLE="some text" selected="selected">hope</em> this works, <br />dont you?
Click to
Download File| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Miscellaneous Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
This whitepaper provides areas to consider when evaluating any software configuration management solution. It addresses how the IBM solutions (Rational ClearCase and Rational ClearQuest) meet the needs and requirements of both project leaders and developers to provide successful Software Change and Configuration Management.
FREE! Go There Now!
|
|
|
|
As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change.
FREE! Go There Now!
|
|
|
|
Discover how IBM Rational AppScan Standard Edition can help you detext vulnerabilities in your web applications in the Web Application Security eKit. IBM Rational AppScan is a leading suite of automated web application security solutions that scan and test for common Web application vulnerabilities. The new Web Application Security eKit provides you with valuable resources, including white papers, demos, and additional information on the benefits of testing your Web applications.
FREE! Go There Now!
|
|
|
|
Learn from the best! Find out how developers use Rational ClearCase to be more flexible, innovative and deliver higher quality code in the Rational ClearCase Power Users eKit. This complimentary eKit provides a collection of materials, like articles, whitepapers, and demos that can help you become a power user of Rational ClearCase.
FREE! Go There Now!
|
|
|
|
Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager.
FREE! Go There Now!
|
|
|
|
Get a free trial download of the latest version of IBM Rational Tester for SOA Quality V7.0.1, a functional and regression testing tool that enables the creation, comprehension, modification and execution of testing GUI-less Web services.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of IBM Rational Business Developer V7.1. Rational Business Developer offers rapid and simplified development of business applications and services through Enterprise Generation Language (EGL) tools, generating Java or mainframe solutions while shielding developers from technical complexities.
FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference, featuring Paul Boustany and Mark Krasovich, to speak to the experts about becoming a Rational ClearCase power user. Get a chance to ask your questions and learn tips and tricks for using Rational ClearCase in Agile development
FREE! Go There Now!
|
|
|
|
CakePHP is a stable production-ready, rapid-development aid for building Web sites in PHP. This "Cook up Web sites fast with CakePHP" series shows you how to build an online product catalog using CakePHP.
FREE! Go There Now!
|
|
|
|
Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
