Add warning comments to header/meta includes.

[htmlpurifier-web.git] / index.xhtml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" [
  <!ENTITY % htmlpurifier.current SYSTEM "current.ent"> %htmlpurifier.current;
]>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      xmlns:xc="urn:xhtml-compiler"
      xmlns:rss="urn:xhtml-compiler:RSSGenerator"
      xmlns:svn="urn:xhtml-compiler:Subversion"
      svn:head-url="$HeadURL$"
      svn:revision="$Revision$"
      xc:rss-from-svn="yes"
      xml:lang="en" lang="en">
<head>
<title>HTML Purifier - Filter your HTML the standards-compliant way!</title>
<xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
<link rel="stylesheet" href="index.css" type="text/css" />
<meta name="description"
      content="HTML filter that guards against XSS and ensures standards-compliant output." />
<meta name="keywords"
      content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, w3c, XSS, PHP, security, library, open source, LGPL, whitelist" />
<link rel="alternate" type="application/rss+xml"
      title="News - HTML Purifier" href="news.rss"
      rss:for="news-container"
      rss:description="Recent news and updates on HTML Purifier" />
<script defer="defer" type="text/javascript" src="del.icio.us.js" xc:absolute="src"></script>
<script defer="defer" type="text/javascript" src="switch2post.js" xc:absolute="src"></script>
</head>
<body>

<div id="branding">
  <h1>
    <span class="html">HTML</span>
    <span class="purifier">Purifier</span>
  </h1>
  <blockquote>
    <p>
      Standards-Compliant HTML Filtering
    </p>
  </blockquote>
</div>

<div id="navigation">
  <h2>Navigation</h2>
  <ol>
    <li><a href="#News">News</a></li>
    <li><a href="#Plugins">Plugins</a></li>
    <li><a href="#Demo">Demo</a></li>
    <li><strong><a href="#Download">Download</a></strong></li>
    <li><a href="#Resources">Resources</a></li>
    <li><a href="http://htmlpurifier.org/phorum/">Forum</a></li>
    <li><a href="#Contact">Contact</a></li>
  </ol>
</div>

<div id="summary">
  <h2>Summary</h2>
  <div id="summary-safe">
    <h3>Safe</h3>
    <p>
      HTML Purifier defeats XSS with an audited whitelist
    </p>
  </div>
  <div id="summary-clean">
    <h3>Clean</h3>
    <p>
      HTML Purifier ensures standards-compliant output
    </p>
  </div>
  <div id="summary-open">
    <h3>Open</h3>
    <p>
      HTML Purifier is open-source and highly customizable
    </p>
  </div>
</div>

<div id="intro">
  <p><strong>HTML Purifier</strong> is a standards-compliant 
  <abbr>HTML</abbr> filter library written in 
  <abbr>PHP</abbr>. HTML Purifier will not only remove all malicious 
  code (better known as <abbr>XSS</abbr>) with a thoroughly audited, 
  secure <em>yet</em> permissive <strong><a 
  href="live/smoketests/printDefinition.php">whitelist</a></strong>,
  it will also make sure your documents are 
  <strong>standards compliant</strong>, something only achievable with a 
  comprehensive knowledge of <abbr>W3C</abbr>'s specifications. 
  Tired of using BBCode due to the current landscape of deficient or 
  insecure <abbr>HTML</abbr> filters? Have a 
  <strong><acronym>WYSIWYG</acronym></strong> editor but never been able to use it? Looking 
  for high-quality, standards-compliant, open-source components for that 
  application you're building? HTML Purifier is for you!</p> 
  
  <blockquote class="fancy">
  <div class="quote">
      I'd just like to say we use HTML Purifier in <a href="http://www.iris.ac/">IRIS</a> for
      filtering emails against XSS attacks and we've been more than impressed.
  </div>
  <div class="origin">&mdash; Chris Corbyn, <em>Senior IRIS Developer</em></div>
  </blockquote>
  
  <div id="intro-download">
    <h2>Download</h2>
    <div id="download-files">
      <div id="download-php4" class="dl-box">
        <a href="&url.dl.zip;">HTML Purifier &htmlpurifier.current.version;</a>
        <span class="file-type">zip</span>
      </div>
      <div id="download-php5" class="dl-box">
        <a href="&url.dl-strict.zip;">HTML Purifier &htmlpurifier.current.version; for PHP 5</a>
        <span class="file-type">zip</span>
      </div>
    </div>
    <div id="download-others">
      <a href="#Download">Other downloads</a>
    </div>
  </div>
  
</div>

<div id="content">

<h2 id="Background">Background</h2>

<p>There are a number of open-source <abbr>HTML</abbr> filtering solutions out
there on the web already
(i.e. <acronym>PEAR</acronym>'s
<a href="http://pear.php.net/package/HTML_Safe">HTML_Safe</a>,
<a href="http://sourceforge.net/projects/kses">kses</a>
and
<a href="http://simon.incutio.com/archive/2003/02/23/safeHtmlChecker">
SafeHtmlChecker.class.php</a>).  What sets HTML Purifier apart from them?
Aren't all of these choices <q>secure</q>?</p>

<p>When it comes to <abbr>HTML</abbr>, <strong>attention to 
detail</strong> is key. Does the library demonstrate an in-depth 
knowledge of the <abbr>DTD</abbr> that defines 
<abbr>HTML</abbr>? Does it perform its filtering off a robust 
whitelist rather than a usually out-dated blacklist? Does it go through 
the care to check every single attribute in the document for validity? 
Does it actually understand tag markup, or pay lip-service with a series 
of deficient regexes and str_replace's?</p> 

<p>Somewhere along the way, all of HTML Purifier's predecessors fall 
flat. HTML_Safe dooms itself to attacks of the future by using a 
blacklist. Configurable filters like kses and PHP Input Filter still 
cannot validate the contents inside attributes. With all these gaps in 
coverage, none of the usual libraries come close to achieving 
<strong>standards-compliance</strong>. There is a user-unfriendly, 
draconic <abbr>XML</abbr>-based filter called Safe HTML Checker, 
but even it forgets that <code>&lt;a&gt;</code> tags cannot be nested 
within each other!</p> 

<p><strong>Know thy enemy.</strong> Wily hackers have a huge arsenal of 
<abbr>XSS</abbr> hidden within the depths of the 
<abbr>HTML</abbr> specification. HTML Purifier takes its 
effectiveness from the fact that it will decompose the whole document 
into tokens, and rigorously process the tokens by removing 
non-whitelisted elements, transforming bad practice tags like font into 
span, properly checking the nesting of tags and their children and 
validating all attributes according to their <abbr>RFC</abbr>s. 
HTML Purifier's comprehensive algorithms are complemented by a 
<strong>breadth of knowledge</strong>, ensuring that richly formatted 
documents pass through unstripped.</p> 

<p>To my knowledge, there is nothing else in the wild that offers 
protection from <abbr>XSS</abbr>, standards-compliance, and the
corrective processing of poorly formed <abbr>HTML</abbr>
simultaneously. Don't take my word for it though: 
do your research. Investigate the other libraries, and decide for 
yourself who you would prefer to be the <strong>gatekeeper</strong> to 
your system.</p> 

<p>To find out more, you can read the
<a href="comparison.html"><strong>Comparison</strong></a>
for a play-by-play analysis of the major filter libraries currently
out there.</p>

<blockquote class="fancy">
<div class="quote">
    [Y]ou save my day by allowing me not to write another damned HTML parser.
</div>
<div class="origin">
    &mdash; Joseph Halter, <em>Technical Director at Akira Web</em>
</div>
</blockquote>


<h2 id="News">News</h2>

<div id="news-container" class="news">

<div class="item" id="news-1.6.1-released">
    <h3 class="title">HTML Purifier 1.6.1 released</h3>
    <div class="date">Sun, 05 May 2007 18:14:11 EDT</div>
    
    <div class="body">
    <p>The 1.6.1 release, code-named <q>Ach! We missed something! Run!</q>, completes
    HTML Purifier's roster of attribute transformations. It also implements
    a number of minor features (such as better font transformations, smarter
    <abbr>HTML</abbr> parsing, the <abbr>CSS</abbr> property 'white-space'
    and <abbr>XHTML</abbr> 1.1), a few bug
    fixes (most notably fixed <code>__autoload</code> compatibility issues)
    and a ton
    of refactoring. 1.6 was for things that absolutely could not wait: this
    release, developed in a more leisurely pace, fills in the gaps.</p>
    
    <p>As usual, see <a
    href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/1.6.1/NEWS">News</a>
    for a complete changelog.</p>
    </div>
</div>

<div class="item" id="news-updated-pear">
    <h3 class="title">Updated <acronym>PEAR</acronym> package</h3>
    <div class="date">Mon, 30 April 2007 17:49:00 EDT</div>
    
    <div class="body">
    <p>Recently, a packaging problem with the <acronym>PEAR</acronym>
    version of HTML Purifier was pointed out to me by David Schmierer. This
    bug would cause HTML Purifier to fail converting <abbr>HTML</abbr> entities such
    as &amp;nbsp;. The 1.6.0 release was amended accordingly and re-released.
    If you are using the <acronym>PEAR</acronym> release, use:</p>
    <pre>pear install --force hp/HTMLPurifier</pre>
    <p>...to force an update. Users who manually downloaded the library
    and installed do <em>not</em> have to do anything.</p>
    </div>
</div>

<div class="item" id="news-relocated">
    <h3 class="title">We have relocated</h3>
    <div class="date">Sun, 22 April 2007 17:35:59 EDT</div>
    
    <div class="body">
    <p>We have relocated from <code>hp.jpsband.org</code> to 
    <code>htmlpurifier.org</code>. Please update your links and bookmarks
    accordingly. Permanent redirects are in place, so old links will
    continue to work for a while. However, some pages have changed
    locations in the shuffle:</p>
    <ul>
        <li><code>live/docs/examples/demo.php</code> is now <a href="demo.php">demo.php</a></li>
        <li><code>live/docs/</code> is now <a href="docs/">docs/</a></li>
        <li><code>v/viewvc.cgi/</code> is now <a href="viewvc.cgi">viewvc.cgi/</a></li>
    </ul>
    <p>Also, <acronym>PEAR</acronym> users will need to uninstall their
    old copy of HTML Purifier, remove the old channel, and then discover
    and install at the new domain. This set of commands should do the
    trick:</p>
<pre>
pear uninstall hp/HTMLPurifier
pear channel-delete hp.jpsband.org
pear channel-discover htmlpurifier.org
pear install hp/HTMLPurifier
</pre>
    <p>Thank you all for your cooperation. If there are any blips, please
    report them to the <a
    href="http://htmlpurifier.org/phorum/list.php?2">general forums</a> or
    my new email address,
    <a href="mailto:admin@htmlpurifier.org">admin@htmlpurifier.org</a></p>
    </div>
</div>

<div class="item" id="news-svn-and-misc">
    <h3 class="title"><abbr>SVN</abbr> viewer and migration</h3>
    <div class="date">Tue, 17 April 2007 20:08:11 EDT</div>
    
    <div class="body">
    <p><a href="http://htmlpurifier.org/viewvc.cgi/htmlpurifier/trunk/">ViewVC</a>
    for viewing our <abbr>SVN</abbr> repository and <abbr>RSS</abbr> changelog feeds for most of our
    <abbr>HTML</abbr> pages (for example, the changelog for this page
    is at <a href="index.rss">index.rss</a>) were rolled out a few weeks
    ago. Feel free to check them out.</p>
    <p>Also, I've purchased the <code>htmlpurifier.org</code> domain
    so this website will be migrating to that address soon. I'm not in any
    particular hurry to get the migration done, but I hope to see some
    other changes in the website as well when the move is made. <code>;-)</code></p>
    </div>
</div>

<div class="item" id="news-pro-php-podcast">
    <h3 class="title">Pro:PHP Podcast mention</h3>
    <div class="date">Mon, 09 April 2007 23:23:44 EDT</div>
    
    <div class="body">
    <p>I'd like to thank
    <a href="http://podcast.phparch.com/main/index.php/main">Pro::PHP</a>
    podcast for mentioning HTML Purifier on their
    <a href="http://podcast.phparch.com/main/index.php/episodes:20070405">April
    5, 2007 show</a>. I've always been a fan of their informative
    podcasts, and was delighted to discover that
    they had decided to include HTML Purifier on the program list
    (even though it was at the very end). 
    </p>
    
    <p>Against my better judgment, I have a few clarifications I'd like
    to make about the podcast:</p>
    
    <ul>
        <li>While HTML Purifier can use Tidy, it's completely optional.
        Tidy is exploited for pretty-printed <abbr>HTML</abbr>.</li>
        <li>We do use the <abbr>XSS</abbr> cheatsheet for
        <a href="live/smoketests/xssAttacks.php">testing
        the library</a>, but I actually did not know about the cheat-sheet
        until the library was well under development.</li>
        <li>Yes, the top domain is actually a school band website that
        I'm borrowing hosting from. I'm playing around with getting
        a dedicated domain at htmlpurifier.org.</li>
    </ul>
    
    <p>Once again, thanks for mentioning the library, perhaps someday
    I'll do a screencast going through some of HTML Purifier's major
    features.</p>
    </div>
</div>

<div class="item" id="news-1.6.0-released">
    <h3 class="title">HTML Purifier 1.6.0 released</h3>
    <div class="date">Sun, 01 April 2007 23:40:59 EDT</div>
    
    <div class="body">
    <p>Sorry, no April Fool's joke this year. To compensate, we have
    the 1.6.0 <q>Long Overdue</q> release. This version contains support
    for a number of deprecated attributes HTML Purifier should have
    had from the very beginning, including the name, bgcolor, border,
    width and height attributes. The <abbr>CSS</abbr> property 'height',
    rel and rev attributes and ID blacklist regexps are also available.
    In addition, HTML Purifier will give a friendly error message
    when you try to enable an element or attribute that doesn't exist.</p>
    
    <p>All in all, this is a fairly compact release, but it does 
    address some common requests brought up in the Forums, so I suggest
    you upgrade anyway. You can check <a
    href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/1.6.0/NEWS">News</a>
    for a complete changelog, but there's not much else.</p>
    </div>
</div>

</div> <!-- end news-container -->

<h2 id="Plugins">Plugins</h2>

<p>HTML Purifier is a great library to integrate with existing
<abbr>CMS</abbr>es and other applications or <acronym>WYSIWYG</acronym>
editors.  Currently, we have plugins for:</p>

<ul>
    <li><a href="http://bart.motd.be/projects/html-purifier-drupal-module">Drupal HTML Purifier Module</a> (beta) by Bart Jansens</li>
    <li><a href="http://htmlpurifier.org/svnroot/htmlpurifier/trunk/plugins/modx.txt">MODx Content Management System</a></li>
</ul>

<blockquote class="fancy">
<div class="quote">
    This plugin is on top of my favorite list[.] I am going to heavily
    depend on it since my clients insist on having <acronym>WYSIWYG</acronym> and I insist on
    having pages that validate and are semantically sound.
</div>
<div class="origin">
    &mdash; David Molliere, <em>MODx Marketing &amp; Design Team</em>
</div>
</blockquote>

<p>Plugins for other major applications gladly accepted!</p>


<h2 id="Demo">Demo</h2>

<p>Enter your <abbr>HTML</abbr> and see how it will be filtered!</p>
<form id="filter" action="demo.php?post" method="post">
    <fieldset>
    <legend>HTML Purifier Input</legend>
    <textarea name="html" cols="50" rows="10" id="html"></textarea>
    <div><abbr>XHTML</abbr> 1.0 Strict output? <input type="checkbox" value="1" name="strict" /></div>
    <div>
        <input type="submit" value="Submit" name="submit" class="button" />
    </div>
    </fieldset>
</form>

<p>...or try these sample inputs:</p>

<ul>
    <li><a href="demo.php?get&amp;html=%3Cimg+src%3D%22javascript%3Aevil%28%29%3B%22+onload%3D%22evil%28%29%3B%22+%2F%3E">Malicious code removed</a></li>
    <li><a href="demo.php?html=%3Cb%3EBold&amp;submit=Submit">Missing end tags fixed</a></li>
    <li><a href="demo.php?html=%3Cb%3EInline+%3Cdel%3Econtext+%3Cdiv%3ENo+block+allowed%3C%2Fdiv%3E%3C%2Fdel%3E%3C%2Fb%3E&amp;submit=Submit">Illegal nesting fixed</a></li>
    <li><a href="demo.php?html=%3Ccenter%3ECentered%3C%2Fcenter%3E&amp;strict=1&amp;submit=Submit">Deprecated tags converted</a></li>
    <li><a href="demo.php?html=%3Cspan+style%3D%22color%3A%23COW%3Bfloat%3Aaround%3Btext-decoration%3Ablink%3B%22%3EText%3C%2Fspan%3E&amp;submit=Submit"><abbr>CSS</abbr> validated</a></li>
    <li><a href="demo.php?html=%3Ctable%3E%0D%0A++%3Ccaption%3E%0D%0A++++Cool+table%0D%0A++%3C%2Fcaption%3E%0D%0A++%3Ctfoot%3E%0D%0A++++%3Ctr%3E%0D%0A++++++%3Cth%3EI+can+do+so+much%21%3C%2Fth%3E%0D%0A++++%3C%2Ftr%3E%0D%0A++%3C%2Ftfoot%3E%0D%0A++%3Ctr%3E%0D%0A++++%3Ctd+style%3D%22font-size%3A16pt%3B%0D%0A++++++color%3A%23F00%3Bfont-family%3Asans-serif%3B%0D%0A++++++text-align%3Acenter%3B%22%3EWow%3C%2Ftd%3E%0D%0A++%3C%2Ftr%3E%0D%0A%3C%2Ftable%3E&amp;submit=Submit">Rich formatting preserved</a></li>
</ul>

<h2 id="Download">Download</h2>

<p>The current version is
<strong>&htmlpurifier.current.version;</strong>, released on
&htmlpurifier.current.release-date;.  Pick your distribution:</p>

<ul>
<li><a class="download" href="&url.dl.tar.gz;">HTML Purifier &htmlpurifier.current.version; (.tar.gz)</a> [<a href="&url.dl.tar.gz.sig;">sig</a>]</li>
<li><a class="download" href="&url.dl.zip;">HTML Purifier &htmlpurifier.current.version; (.zip)</a> [<a href="&url.dl.zip.sig;">sig</a>]</li>
<li><a class="download" href="&url.dl-strict.tar.gz;">HTML Purifier &htmlpurifier.current.version; PHP5-strict (.tar.gz)</a> [<a href="&url.dl-strict.tar.gz.sig;">sig</a>]</li>
<li><a class="download" href="&url.dl-strict.zip;">HTML Purifier &htmlpurifier.current.version; PHP5-strict (.zip)</a> [<a href="&url.dl-strict.zip.sig;">sig</a>]</li>
</ul>

<p>The <abbr>PHP</abbr>5-strict version is exactly the same
as the regular version with a few tweaks
to prevent it from complaining with
<a href="http://php.net/manual/en/ref.errorfunc.php#e-strict">E_STRICT</a>
warnings.This library is open-source, licensed under the
<a href="http://www.gnu.org/licenses/lgpl.html"><abbr>LGPL</abbr> v2.1+</a>.</p>

<p>HTML Purifier is also available as a <acronym>PEAR</acronym> package.
You can install it by executing:</p>

<pre class="command">pear channel-discover htmlpurifier.org
pear install hp/HTMLPurifier</pre>

<p>You can also grab the latest developmental code from our Subversion
repository.  Simply execute this command:</p>

<pre class="command long">svn co http://htmlpurifier.org/svnroot/htmlpurifier/trunk ./</pre>

<p>...or <a href="http://htmlpurifier.org/svnroot/htmlpurifier/trunk/">browse
anonymously</a> at that address. Previous releases can be obtained by browsing
the <a href="releases/">release directory</a>
or checking code out of the
<a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/">tags/
directory</a>. You can also use
<a href="http://htmlpurifier.org/viewvc.cgi/htmlpurifier/trunk/">ViewVC to view the repository</a>.</p>

<p><acronym>SHA-1</acronym> checksums:</p>

<pre class="long">
5589abda6370b58cc2d538c084b79f4994671f9b htmlpurifier-1.6.1-strict.tar.gz
280832537bbc9aa28763ce1141c5f5a60c8c1048 htmlpurifier-1.6.1-strict.zip
fee6d108a50af5949906478c8c557c383f8893fe htmlpurifier-1.6.1.tar.gz
4391ab11fd62c1ff009ffd1089470ad2dcdc0671 htmlpurifier-1.6.1.zip
</pre>

<p>There are also <tt>.sig</tt> files which you can use to cryptographically verify
that the release is from me, Edward Z. Yang.  You can find
my <a href="http://www.thewritingpot.com/gpgpubkey.asc">public key
here (0x869C48DA)</a>.  My key's fingerprint is:
<tt>3FA8 E9A9 7385 B691 A6FC  B3CB A933 BE7D 869C 48DA</tt>.</p>

<p>Verify with these commands:</p>

<pre class="command">gpg --verify <strong>$filename</strong>.sig</pre>

<p>You can be notified of new releases by a low-traffic announce list. Subscribe
here:</p>

<form method="post" action="http://scripts.dreamhost.com/add_list.cgi">
   <input type="hidden" name="list" value="admin@htmlpurifier.org" />
   <input type="hidden" name="domain" value="htmlpurifier.org" />
   <input type="hidden" name="emailit" value="1" />
   <div>Name: <input name="name" /> E-mail: <input name="email" /></div>
   <div><input type="submit" name="submit" value="Suscribe to Announcement List" />
   <input type="submit" name="unsub" value="Unsubscribe" /></div>
</form>

<h2 id="Resources">Resources</h2>
<ul>
    <li><strong><a href="docs/">End-User
        Documentation</a></strong> &mdash; In-depth documents on how to get
        the most out of HTML Purifier.</li>
    <li><del>Mantis Bugtracker &mdash; Found a bug? Report
        it here!</del> Temporarily disabled</li>
    <li><a href="http://htmlpurifier.org/phorum/">Support Forum</a> &mdash; Talk about all things
        HTML Purifier.</li>
    <li><a href="live/smoketests/printDefinition.php">Print
        Definition</a> &mdash; If you want to actually see what HTML Purifier's
        filtering rules are, look no further than to this page. You can even
        experiment with the configuration to see how things respond to different
        directives.</li>
    <li><a href="live/smoketests/xssAttacks.php"><abbr>XSS</abbr>
        Attacks Smoketest</a> &mdash; Tests how well HTML Purifier fares
        against RSnake's famous cheatsheet of <abbr>XSS</abbr> attacks.</li>
    <li><a href="live/TODO">Roadmap</a>
        &mdash; Subject to lots of delays, but it's a glimpse of the future</li>
    <li><a href="live/art/">Artwork</a>
        &mdash; Extra media goodies.</li>
    <li><a href="live/configdoc/plain.html">Configuration
        documentation</a> &mdash; See the <code>INSTALL</code> document on how to
        configure your HTML Purifier installation.</li>
    <li><a href="http://htmlpurifier.org/doxygen/html/">Doxygen-generated
        Documentation</a> &mdash; No class left undocumented!  Cross-referenced
        code!  A must-read for any prospective HTML Purifier hacker.
        (close by, <a href="http://htmlpurifier.org/phpdoc/">PHPDoc-generated
        Documentation.</a>)</li>
</ul>

<h2 id="Propaganda">Spread the Word!</h2>

<p>Help spread awareness about HTML Purifier by:</p>

<ul>
<li><a
href="http://del.icio.us/post?v=4&amp;noui&amp;url=http://htmlpurifier.org/&amp;title=HTML%20Purifier%20-%20Filter%20your%20HTML%20the%20standards-compliant%20way!"
id="delicious">Bookmarking this website</a> on your <strong>del.icio.us</strong> account, and/or</li>
<li>
    <div>Including this little <strong>label</strong> on your website:
    <a href="http://htmlpurifier.org/"><img
    src="live/art/powered.png"
    alt="Powered by HTML Purifier" border="0" /></a>, with this code:
    </div>
    <pre class="long">&lt;a href=&quot;http://htmlpurifier.org/&quot;&gt;&lt;img
src=&quot;http://htmlpurifier.org/live/art/powered.png&quot;
alt=&quot;Powered by HTML Purifier&quot; border=&quot;0&quot; /&gt;&lt;/a&gt;</pre>
</li>
</ul>

<h2 id="Contact">Contact</h2>

<p>You can send me an email at
<a href="mailto:admin@htmlpurifier.org">admin@htmlpurifier.org</a>. 
However, I prefer that you use the forums for asking general support
questions (response time will be the same, I promise!)
Any emails I receive will be considered public: if I think a
solution I thought up to help you would be particularly useful to others,
expect it to show up on the website.</p>

</div>

</body>
</html>