kses - PHP HTML/XHTML filter / News: Recent posts

kses 0.2.2 out now

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks. It is used by popular programs such as WordPress and Geeklog.

The 0.2.2 release adds a second object-oriented kses version for PHP 5, the use of isset() avoids PHP notice warnings, the chr(173) handling is changed to help Asian users, and the handling of closing HTML elements is improved.

Posted by Ulf Harnhammar 2005-02-07

kses 0.2.1 out now

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks.

The 0.2.1 release adds a new object-oriented version of kses, three new attribute value checks (minlen, minval and valueless), a work-around for an Opera "feature" that treats chr(173) as whitespace, and some other minor changes.

Posted by Ulf Harnhammar 2003-09-29

kses 0.2.0 out now

kses is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. kses can be used to avoid Cross-Site Scripting (XSS), Buffer Overflows and Denial of Service attacks.

Version 0.2.0 is out now. It supports attribute value checks (maxlen and maxval), white listing of allowed URL protocols, XHTML, removal of Netscape 4's JavaScript entities and it also has some bug fixes.

Posted by Ulf Harnhammar 2003-07-25

kses 0.1.0 out now

kses is an HTML filter written in PHP. It filters all HTML elements and attributes that are not allowed - no matter how strange or tricky the HTML code is. This is helpful to stop XSS (Cross-site Scripting) security holes, among other things.

Version 0.1.0 of the program is out now. It's the first public release.

Posted by Ulf Harnhammar 2003-06-09