Posted: Sun Aug 13, 2006 8:17 pm
Never seen that. What kind of input did you give it?
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
It seemed to drop this bit:Here is the source code of the purified HTML:
Code: Select all
xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Common Ground</title><meta name="generator" content="WordPress 2.0.2" /><link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.everah.com/news/feed/" /><link rel="alternate" type="text/xml" title="RSS .92" href="http://www.everah.com/news/feed/rss/" /><link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="http://www.everah.com/news/feed/atom/" /><link rel="pingback" href="http://www.everah.com/news/xmlrpc.php" /><link rel="archives" title="July 2006" href="http://www.everah.com/news/2006/07/" /><link rel="archives" title="June 2006" href="http://www.everah.com/news/2006/06/" /><link rel="archives" title="May 2006" href="http://www.everah.com/news/2006/05/" /><link rel="archives" title="April 2006" href="http://www.everah.com/news/2006/04/" /><link rel="archives" title="February 2006" href="http://www.everah.com/news/2006/02/" /><link rel="archives" title="December 2005" href="http://www.everah.com/news/2005/12/" /><link rel="archives" title="November 2005" href="http://www.everah.com/news/2005/11/" /><link rel="archives" title="October 2005" href="http://www.everah.com/news/2005/10/" /><link rel="archives" title="September 2005" href="http://www.everah.com/news/2005/09/" /><link rel="archives" title="July 2005" href="http://www.everah.com/news/2005/07/" /><link rel="archives" title="June 2005" href="http://www.everah.com/news/2005/06/" /><link rel="archives" title="May 2005" href="http://www.everah.com/news/2005/05/" /><link rel="archives" title="April 2005" href="http://www.everah.com/news/2005/04/" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.everah.com/news/xmlrpc.php?rsd" /><meta name="author" content="Everah Media Services Company" /><link rel="stylesheet" type="text/css" href="http://www.everah.com/news/wp-content/themes/everahhh/style.css" title="style" /><div id="headerLogo"> <h1><img src="http://www.everah.com/images/everah_logo_new.jpg" alt="Everah Media Services Company" /></h1> </div> <div id="headerMenu"> <ul><li class="first"><a href="http://www.everah.com/" title="About Us">About Us</a></li> <li><a href="http://www.everah.com/" title="About Us">Products</a></li> <li><a href="http://www.everah.com/" title="About Us">Services</a></li> <li><a href="http://www.everah.com/news/" title="News and Announcements">News</a></li> <li><a href="http://www.everah.com/" title="About Us">Contact Us</a></li> </ul></div>
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html First question, yes. Second question, no (but I could hack it to get that working). For instance, if you tried to send a form through the app, it would get minced up beyond recognition. The objective is for a user to be able to write a snippet of HTML, not unlike what one would do for a forum (except with BBCode) and then the validator fix it up so that it can be shown to the world without fear of XSS. However, I would also like it to be able to read plain old HTML documents, discard parts not in <body>, and then nicely output the stuff inbetween.Is the object of the application to take what you have entered and turn it into something cleaner, but still usable? If so, any manipulation of code should make it so that the code that is output can be popped into an editor, saved and ran. Or am I being too silly in this thought?
I was kinda thinking that. So what you want is to essentially take the contents between <body> and </body> and validate it as well as sanitize it, correct? That seems logical. I would only make one suggestion... let users know that your app will not do anything to the <head> and </head> content. But I love the app. It is a tool that has been needed far too long.Ambush Commander wrote:The objective is for a user to be able to write a snippet of HTML, not unlike what one would do for a forum (except with BBCode) and then the validator fix it up so that it can be shown to the world without fear of XSS. However, I would also like it to be able to read plain old HTML documents, discard parts not in <body>, and then nicely output the stuff inbetween.
Thanks! But it needs more extensive real world testing.But I love the app. It is a tool that has been needed far too long.