-1

I'm looking to sanitize third party Html to display on my website. Html purifier and Html sanitizer have been mentioned in other posts.

I am wondering what are the differences between the two, and which one should I use ?

On their website, Html purifier gets compared with other tools, but not with Html sanitizer.

Thanks in advance !

Vic Seedoubleyew
  • 9,888
  • 6
  • 55
  • 76
  • http://stackoverflow.com/questions/5512712/sanitizing-html-input – Unamata Sanatarai Apr 13 '14 at 12:37
  • HTML Purifier is a long-standing project to *sanitize* string data. Your link to "Html sanitizer" appears to be a file someone authored for a tutorial (I'm not going to signup to view the file contents of `sanitizer.class.php`). You should use HTML Purifier or htmLawed in practice. – Jared Farrish Apr 13 '14 at 12:50
  • You should also use a [Content Security Policy](http://www.html5rocks.com/en/tutorials/security/content-security-policy/) to prevent anything running that may break out of the sanitizer in future. – SilverlightFox Apr 14 '14 at 09:53
  • Great ! Thanks a lot for the swift answers guys, exactly what I was looking for. – Vic Seedoubleyew Apr 14 '14 at 13:34
  • Thanks also for the link on Content Security Policy, that's really interesting – Vic Seedoubleyew Apr 14 '14 at 13:34
  • I didn't find how to or up vote your answers though – Vic Seedoubleyew Apr 14 '14 at 13:35
  • Welcome to Stack Overflow, Vic. It's because we've all posted as comments rather than "as an answer". :-) If you want to reply, don't forget to use @username and then they'll get an inbox alert. – SilverlightFox Apr 14 '14 at 14:18

1 Answers1

0

I'll post the comments here so you can mark as answer in case it it useful to others.

Credit to @Jared Farrish:

HTML Purifier is a long-standing project to sanitize string data. Your link to "Html sanitizer" appears to be a file someone authored for a tutorial (I'm not going to signup to view the file contents of sanitizer.class.php). You should use HTML Purifier or htmLawed in practice.

In addition, you You should also use a Content Security Policy to prevent anything running that may break out of the sanitizer in future.

Also, you may find the following post useful: Escaping rich text editor output

Community
  • 1
  • 1
SilverlightFox
  • 32,436
  • 11
  • 76
  • 145