Modified kses with 'colon' and 'lone <' bugs fixed
Status: Inactive
Brought to you by:
metaur
Menu
▾
▴
#1 Modified kses with 'colon' and 'lone <' bugs fixed
Slightly modified version of Kses 0.2.2 with improved speed, fixed bugs like the colon bug, and extra features. This version is being used a forthcoming release of LabWiki software (bioinformatics.org/phplabware).
Changes:
* File-size reduced ~50% to 9 kb - smaller variable names; small functions instead coded inline
* Expanded allowed protocols so attributes in style, like "border: 1px", are possible; only safe values added (see feedvalidator.org/docs/warning/DangerousStyleAttr.html)
* Option to replace unallowed tags (and contents) with entitified values, instead of being removed altogether
* Lowercase entities of type &#Xnn; for XML compliance
Testing:
* File test.php accompanies
Logged In: YES
user_id=1065794
Originator: YES
Also:
* Attributes declared only once in output
* Lowercased tag and attribute names in output
* Valueless attributes get values for XHTML compliance
* Tags like '<img src="x"/>' without space before closing '/>' are corrected and not made empty
File Added: kses_labwiki_12Jul07.zip
Logged In: YES
user_id=1065794
Originator: YES
File Added: kses_labwiki_12Jul07.zip
Logged In: YES
user_id=1065794
Originator: YES
Labwiki-modified kses 0.2.2, of 16 July 2007: Further kses modification adds better checking of entities. Following go unfiltered, others are made non-entities (like '&this;' to '&this;')
* XHTML-specific named entities (like '˜')
* numerical entities in decimal or hexadecimal form valued < 65535, but not in character ranges (hex) 7F-84, 86-9F, or FDD0-FDDF
File Added: kses_labwiki_16Jul07.zip
Labwiki-modified kses 0.2.2, of 16 July 2007
Logged In: YES
user_id=1065794
Originator: YES
Labwiki-modified kses 0.2.2, v1.1 of 14 August 2007, adds these extra features:
* option to balance tags for HTML well-formedness
* now there is no need to modify code that called the older kses() function as the new kses() will correctly identify the arguments passed to it
File Added: kses_labwiki_1.1_14Aug07.zip
Logged In: YES
user_id=1065794
Originator: YES
File Added: kses_labwiki_1.1_14Aug07.zip
Labwiki-modified kses 0.2.2, v1.1 of 14 Aug 2007
Logged In: YES
user_id=1065794
Originator: YES
File Added: kses_labwiki_1.1_14Aug07.zip
Logged In: YES
user_id=1065794
Originator: YES
15 August 2007 release:
* optional support to allow CDATA sections and comments
File Added: kses_labwiki_1.1_15Aug07.zip
Labwiki-modified kses 0.2.2, v1.1 of 15 Aug 2007
Logged In: YES
user_id=1065794
Originator: YES
16 August 2007 release:
* optional support for unique ID attribute values, with option to remove or prefix them
File Added: kses_labwiki_1.1_16Aug07.zip
Labwiki-modified kses 0.2.2, v1.1 of 16 Aug 2007
Logged In: YES
user_id=1065794
Originator: YES
File Added: test.htm
Logged In: YES
user_id=1065794
Originator: YES
Minor fixes/improvements
File Added: kses_labwiki_1.1_17Aug07.zip
Labwiki-modified kses 0.2.2, v1.1 of 17 Aug 2007
Logged In: YES
user_id=1065794
Originator: YES
File Added: kses_labwiki_1.1_17Aug07.zip
Logged In: YES
user_id=1065794
Originator: YES
File Added: test.htm
Web page with test results - comparison with original Kses
Logged In: YES
user_id=1065794
Originator: YES
File Added: test.htm
Logged In: YES
user_id=1065794
Originator: YES
File Added: kses_labwiki_1.1_18Aug07.zip
Labwiki-modified kses 0.2.2, v1.1 of 18 Aug 2007
Logged In: YES
user_id=879989
Originator: NO
Thanks for your work =)
Logged In: YES
user_id=1891715
Originator: NO
thanks so much for the work :)
Logged In: YES
user_id=1065794
Originator: YES
Further releases of this modified kses will be available as 'htmLawed' from http://bioinformatics.org/phplabware/internal_utilities/htmLawed 10/30/07 onwards.
htmLawed will remain 'kses-compatible' and will have these features:
Key: * security feature, ^ standard compliance, ~ requires setting right options, ` different from Kses)
* HTML in input may be highly ill-written; htmLawed will make it secure and standard-compliant
* output can be used in HTML 4, XHTML 1.0, XHTML 1.1, or even generic XML documents ^~`
* options to restrict elements ^~`
* proper closure of empty elements like 'img' ^`
* deprecated elements like 'u' can be transformed ^~`
* HTML comments and 'CDATA' sections can be permitted ^~`
* 'script' elements can be permitted ~
* options to restrict attributes ^~`
* removal of invalid attributes ^`
* element and attribute names are lower-cased ^
* provides required attributes, like 'action' for 'form', when missing ^`
* deprecated attributes can be transformed ^~`
* attributes declared only once ^`
* options to *restrict attribute values* ^~`
* a value is declared for `empty` (`minimized`) attributes like 'checked' ^
* attributes with potentially dangerous values (that can cause buffer overflows and denial of service attacks) can be removed after checking their lengths or values *~
* unique 'id' attribute values can be ensured ^~`
* attribute values are enclosed in double-quotes ^
* standard attribute values are lower-cased (like 'type="password"') ^`
* attribute-specific URL protocol/scheme restriction *~`
* dynamic expressions in 'style' values can be disabled *~`
* non-numeric, named character entities not in the HTML standard are neutralized ^`
* hexadecimal numeric entities may be made decimal ones, or vice versa ^~`
* HTML-specific named character entities can be converted to numeric ones for generic XML use ^~`
* removes null characters from input *
* neutralizes potentially dangerous proprietary Netscape *Javascript entities* *
* removes soft-hyphen character (code-point '173' or '#xad') in attribute values -- a vulnerability in some versions of the Opera browser *
* invalid characters not allowed in HTML or XML are removed ^`
* characters from Microsoft applications like 'Word' that are discouraged in HTML or XML can be replaced with good ones ^~`
* entities for characters not allowed or discouraged in HTML or XML are neutralized ^`
* appropriately neutralizes '<', '&', '"', and '>' characters ^*`
* understands improperly spaced tag content (like, spread over more than a line) and properly spaces them `
* can balance tags for well-formedness ^~`
* can permit only validly nested tags ^~`
* fast, non-OOP code of ~45 kb incurring peak basal memory usage of ~0.5 MB
* *compatible with pre-exisiting code using 'Kses'
* optional anti-spam measures such as addition of 'rel="nofollow"' and link-disabling ~`
* optionally makes relative URLs absolute, and vice versa ~`
* independent of character encoding of input and does not affect it
* won't change formatting of element content by affecting line-breaks, spaces or tabs outside tags but normalizes white spaces in tag content
Greeting. Happiness lies in the joy of achievement and the thrill of creative effort. Help me! I can not find sites on the: Human hair extension glue in kit. I found only this - <a href="http://bwmonumental.spellcaster.com.br/Members/Extensions/hair-extension-100-human-hair">hair extension 100 human hair</a>. Most other structures are divisive, resulting the warmth can moult them physically served, also from serious own textures and particularly by appealing tarantula to choose only. Ariel and alana are both normal and mount to wear psychology, but pearl leads to receive the gel through to the ethnicity. With respect :confused:, Meryl from Eritrea.