Secure PHP HTML parser and filter is a PHP package that can be used to parse and filter out insecure HTML tags and CSS styles. It comes with a general purpose markup parser class that can parse any type of markup documents similar to HTML, XML, and DTD files. It also includes several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in a useful way. The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes. The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks. The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document. The HTML links filter class can extract the links contained in an HTML document. The DTD parser and CSS parser are utility classes used by the other classes.
allowHTML is a PHP class that can be used to filter insecure HTML by following OWASP AntiSamy rules. It can parse HTML documents using DOM document objects and then remove unsafe tags, attributes, and CSS parameters. It uses a configurable whitelist to determine which tags, attributes, and CSS style parameters are allowed. The class may also apply filtering rules defined in a separate AntiSamy XML rules file.