Publish "Contribute" documentation.
[htmlpurifier-web.git] / index.xhtml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
3 "">
4 <html
5 xmlns=""
6 xmlns:xi=""
7 xmlns:xc="urn:xhtml-compiler"
8 xmlns:news="urn:xhtml-compiler:News"
9 xc:rss-from-git="yes"
10 xml:lang="en">
11 <head>
12 <title>HTML Purifier - Filter your HTML the standards-compliant way!</title>
13 <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
14 <meta name="description"
15 content="HTML filter that guards against XSS and ensures standards-compliant output." />
16 <meta name="keywords"
17 content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, XSS, PHP, security, library, open source, LGPL, whitelist" />
18 <!-- See news.xhtml for definition -->
19 <link rel="alternate" type="application/rss+xml" title="News - HTML Purifier" href="news.rss" />
20 <script defer="defer" type="text/javascript" src="" xc:absolute="src"></script>
21 <!-- OpenID for Edward Z. Yang -->
22 <link rel="openid.server" href="" />
23 <link rel="openid.delegate" href="" />
24 <!-- Google OpenSearch -->
25 <link rel="search" href="opensearchdescription.xml"
26 type="application/opensearchdescription+xml"
27 title="HTML Purifier" />
28 </head>
29 <body>
31 <div id="branding">
32 <h1>
33 <span class="html">HTML</span>
34 <span class="purifier">Purifier</span>
35 </h1>
36 <blockquote>
37 <p>
38 Standards-Compliant HTML Filtering
39 </p>
40 </blockquote>
41 </div>
43 <xi:include href="common-navigation.xml" xpointer="xpointer(/*/node())" />
45 <div id="main">
46 <div id="content">
48 <div id="summary">
49 <h2>Summary</h2>
50 <div id="summary-safe">
51 <h3>Safe</h3>
52 <p>
53 HTML Purifier defeats XSS with an audited whitelist
54 </p>
55 </div>
56 <div id="summary-clean">
57 <h3>Clean</h3>
58 <p>
59 HTML Purifier ensures standards-compliant output
60 </p>
61 </div>
62 <div id="summary-open">
63 <h3>Open</h3>
64 <p>
65 HTML Purifier is open-source and highly customizable
66 </p>
67 </div>
68 </div>
70 <div id="intro">
71 <div class="warning" style="margin-left:0; margin-right:0;">
72 <strong>The most recent release is a security update.</strong> Please upgrade
73 to HTML Purifier 3.1.1 or 2.1.5 as soon as possible.
74 </div>
76 <p><strong>HTML Purifier</strong> is a standards-compliant
77 <abbr>HTML</abbr> filter library written in
78 <abbr>PHP</abbr>. HTML Purifier will not only remove all malicious
79 code (better known as <abbr>XSS</abbr>) with a thoroughly audited,
80 secure <em>yet</em> permissive <strong><a
81 href="live/smoketests/printDefinition.php">whitelist</a></strong>,
82 it will also make sure your documents are
83 <strong>standards compliant</strong>, something only achievable with a
84 comprehensive knowledge of <abbr>W3C</abbr>'s specifications.
85 Tired of using BBCode due to the current landscape of deficient or
86 insecure <abbr>HTML</abbr> filters? Have a
87 <strong><acronym>WYSIWYG</acronym></strong> editor but never been able to use it? Looking
88 for high-quality, standards-compliant, open-source components for that
89 application you're building? HTML Purifier is for you!</p>
91 <blockquote class="fancy">
92 <div class="quote">
93 I'd just like to say we use HTML Purifier in <a href="">IRIS</a> for
94 filtering emails against XSS attacks and we've been more than impressed.
95 </div>
96 <div class="origin">&mdash; Chris Corbyn, <em>Senior IRIS Developer</em></div>
97 </blockquote>
99 <xi:include href="download-box.xml" xpointer="xpointer(/*/node())" />
101 </div>
103 <div id="BackgroundContainer">
104 <h2 id="Background" class="clear">Background</h2>
106 <p>There are a number of open-source <abbr>HTML</abbr> filtering solutions out
107 there on the web already. What sets HTML Purifier apart from them?
108 Aren't all of these choices <q>secure</q>?</p>
110 <p>When it comes to <abbr>HTML</abbr>, <strong>attention to
111 detail</strong> is key. Does it perform its filtering off a
112 whitelist rather than an out-of-date blacklist? Does it filter every
113 attribute in the document? Does it actually understand <abbr>HTML</abbr>?</p>
115 <p><strong>Know thy enemy.</strong> Hackers have a huge arsenal of
116 <abbr>XSS</abbr> vectors hidden within the depths of the
117 <abbr>HTML</abbr> specification. HTML Purifier is
118 effective because it decomposes the whole document
119 into tokens and removing
120 non-whitelisted elements, checking the well-formedness and nesting of tags, and
121 validating all attributes according to their <abbr>RFC</abbr>s.
122 HTML Purifier's comprehensive algorithms are complemented by a
123 <strong>breadth of knowledge</strong>, ensuring that richly formatted
124 documents pass through unstripped.</p>
126 <p>To my knowledge, there is nothing else in the wild that offers
127 protection from <abbr>XSS</abbr>, standards-compliance, and
128 corrective processing of poorly formed <abbr>HTML</abbr>.
129 But don't take my word for it:
130 do your research and try out the <a href="demo.php">demo</a>.</p>
132 <p>To find out more, you can read the
133 <a href="comparison.html"><strong>Comparison</strong></a>
134 for a analysis of HTML Purifier and the other major filters.</p>
136 <blockquote class="fancy">
137 <div class="quote">
138 [Y]ou save my day by allowing me not to write another damned HTML parser.
139 </div>
140 <div class="origin">
141 &mdash; Joseph Halter, <em>Technical Director at Akira Web</em>
142 </div>
143 </blockquote>
144 </div>
146 <div id="NewsContainer">
147 <h2 id="News">Recent News</h2>
149 <div class="news" news:source="news" news:limit="1" news:header="h3" />
152 <a href="news.html">Read earlier news...</a>
153 </p>
154 </div>
156 <h2 id="Plugins" class="clear">Plugins</h2>
158 <p>HTML Purifier is a great library to integrate with existing
159 <abbr>CMS</abbr>es and other applications or <acronym>WYSIWYG</acronym>
160 editors. Currently, we have plugins for these applications:</p>
162 <ul>
163 <li><a href=",127035">Phorum</a> (in use at our very own forums!)</li>
164 <li><a href="">MODx</a></li>
165 <li><a href="">Drupal</a> by Bart Jansens</li>
166 <li><a href="">Wordpress</a> by John Godley</li>
167 <li><a href=",com_mtree/task,viewlink/link_id,4094/Itemid,35/">Joomla</a> by Double D</li>
168 <li><a href="">CodeIgniter</a> by Andy Mathijs</li>
169 </ul>
172 HTML Purifier is also now in print! Martin Brampton's new book
173 <a href="">PHP 5 CMS Framework Development</a>
174 includes a discussion of using HTML Purifier in your content management
175 system. Go check it out!
176 </p>
179 <strong>Notice:</strong>
180 Any plugin provided by a third party has not been vetted by us: use
181 them at your own risk. If you are having a problem with the plugin,
182 please consult the plugin author before asking for help here (we'll
183 be more than happy to help, but it might be a problem with the
184 plugin rather than HTML Purifier.)
185 </p>
187 <blockquote class="fancy">
188 <div class="quote">
189 This plugin is on top of my favorite list[.] I am going to heavily
190 depend on it since my clients insist on having <acronym>WYSIWYG</acronym> and I insist on
191 having pages that validate and are semantically sound.
192 </div>
193 <div class="origin">
194 &mdash; David Molliere, <em>MODx Marketing &amp; Design Team</em>
195 </div>
196 </blockquote>
198 <p>Plugins for other major applications gladly accepted!</p>
201 <h2 id="Users">Users</h2>
203 <p>Here are some open-source applications that use HTML Purifier:</p>
205 <table>
206 <tr><td><a href="">Aliro</a></td><td><a href="">3.1.0</a></td></tr>
207 <tr><td><a href="">Jibberbook</a></td><td><a href="">3.1.0</a></td></tr>
208 <tr><td><a href="">Mia</a></td><td><a href="">3.1.0</a></td></tr>
209 <tr><td><a href="">Kohana</a></td><td><a href="">3.1.0</a></td></tr>
210 <tr><td><a href="">Midgard</a></td><td>via PEAR</td></tr>
211 <tr><td><a href="">BitWeaver</a></td><td><a href="">via PEAR</a>, see <a href="">install_checks.php</a></td></tr>
212 <tr><td><a href="">Project Babel</a></td><td>via PEAR and Midgard</td></tr>
213 <tr><td><a href="">PHP Atompub Server</a></td><td><a href="">via download</a></td></tr>
214 </table>
216 <p>If I've forgotten anyone, drop me a line with a link to both
217 your application and the use of HTML Purifier in your code repository,
218 and I'll add your application to this list.</p>
220 <h3>Hall of Limbo: PHP4</h3>
222 <p>The following applications are using HTML Purifier 2.1, for PHP4 compatibility.
223 While this is fine, I would much rather they go PHP5!</p>
225 <table>
226 <tr><td>There are currently no applications using an up-to-date version of HTML Purifier 2.1.</td></tr>
227 </table>
230 <h3>Hall of the Past</h3>
232 <p>The following projects package HTML Purifier with their software, but are
233 not up-to-date. They are putting their userbase at risk of security attacks
234 by not keeping HTML Purifier updated. If you're a user or developer for these projects, please
235 raise your voice and help to get them fixed!</p>
237 <table>
238 <tr><td><!--<a href="">-->WPIDS<!--</a>--></td><td><a href="">3.0.0</a></td></tr>
239 <tr><td><!--<a href="">-->NoseRub<!--</a>--></td><td><a href="">3.0.0</a></td></tr>
240 <tr><td><!--<a href="">-->Lilina News Aggregator<!--</a>--></td><td><a href="">2.1.3</a></td></tr>
241 <tr><td><!--<a href="">-->TikiWiki<!--</a>--></td><td><a href="">2.1.3</a></td></tr>
242 <tr><td><!--<a href="">-->XOOPS Cube BRASIL<!--</a>--></td><td><a href="">2.1.3</a></td></tr>
243 <tr><td>Lichen Webmail</td><td><a href="">2.0.1</a>, see <a href="">ticket #79</a></td></tr>
244 <tr><td>PHProjekt</td><td><a href=";content-type=text%2Fplain;cvsroot=phprojekt5">1.6.0</a></td></tr>
245 <tr><td>XDForum</td><td><a href="">1.3.2</a></td></tr>
246 </table>
248 <h2 id="Propaganda">Spread the Word!</h2>
250 <p>Help spread awareness about HTML Purifier by:</p>
252 <ul>
253 <li><a
254 href=";noui&amp;url=;title=HTML%20Purifier%20-%20Filter%20your%20HTML%20the%20standards-compliant%20way!"
255 id="delicious">Bookmarking this website</a> on your <strong></strong> account, and/or</li>
256 <li>
257 <div>Including this little <strong>label</strong> on your website:
258 <a href=""><img
259 src="live/art/powered.png"
260 alt="Powered by HTML Purifier" border="0" /></a>, with this code:
261 </div>
262 <pre class="long">&lt;a href=&quot;;&gt;&lt;img
263 src=&quot;;
264 alt=&quot;Powered by HTML Purifier&quot; border=&quot;0&quot; /&gt;&lt;/a&gt;</pre>
265 </li>
266 </ul>
268 </div>
269 </div>
271 </body>
272 </html>