htmLawed 1.1.20

htmLawed is a PHP script to process text with HTML markup to make it more compliant with HTML standards and administrative policies. It works by making HTML well-formed with balanced and properly nested tags, neutralizing code that may be used for cross-site scripting (XSS) attacks, allowing only specified HTML tags and attributes and URL protocols through black- or white-lists. It can also tidy/pretty-print HTML, make relative URLs absolute, check for spam, etc. It is small (single file of ~50 kb), fast, highly customizable, extensible and well-documented, and a simple alternative to the HTML Tidy application.

Tags php-class php html security markup-filter filter html5 xss
License GNU LGPLv3
State stable

Recent Releases

1.1.2010 Jun 2015 18:17 security: Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard 'allowfullscreen' attribute of 'iframe.'
1.1.1919 Jan 2015 19:26 minor bugfix: Fix for a bug in cleaning of soft-hyphens in URL values, etc.
1.1.1802 Aug 2014 14:07 minor bugfix: Fix for a potential security vulnerability arising from specially encoded text with serial opening tags.