HTML Purifier 3.0: For PHP5 Only, More CSS
Version 3.0.0 of HTML Purifier, a PHP library for purifying HTML has just been released with numerous new features.
The major change relates to the handling of style instructions. The new version of the library ignores case in CSS property handling, and it offers experimental support for a number of proprietary CSS extensions. The PHP "HTMLPurifier_Filter_ExtractStyleBlocks" class can filter style segments out of the HTML code and pass them in to the external CSSTidy tool for validation and purifying.
Version 3.0.0 is also the first HTML Purifier release to support PHP 5 only. It is suitable for any PHP 5 version and uses the "E_STRICT" setting for error reporting. The developers will continue to maintain the Purifier 2.1.x branch for PHP 4 developers until PHP 4 officially reaches deprecated status.
HTML Purifier is mainly suitable for handling HTML code entered by users, such as in Web forums. The library uses a configurable whitelist of desirable HTML elements to restrict output on websites. At the same time, Purifier prevents attacks relying on cross-site scripting (XSS) and ensures standards conform HTML. A demo page gives visitors a first impression of the features.
HTML Purifier is released under the LGPL Version 2.1 or newer. A tarball with the source code and an installation how-to for PHP Extension and Application Repository (PEAR) are available from the project's download page.