HtmlPurifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant.
Although Codeigniter comes with it’s own XSS filtering method $this->input->xss_clean() I prefer the use of the HtmlPurifier because of 2 reasons :
1) HTMLpurifier will make sure that user input is converted to valid xhtml
2) HTMLpurifier is tested against every element on the notorious XSS cheat sheet
Installing htmlPurifier in codeigniter
Since codeigniter is PHP4 and PHP5 compatible we’ll start out by downloading the php4 compatible version of htmlPurifier (http://htmlpurifier.org/download.html)
Once you’ve downloaded and extracted the archive you’ll just have to copy the contents of the /htmlpurifier-2.0.1/library folder into your codeigniter /system/application/libraries folder.
HtmlPurifier comes with an HTMLPurifier.auto.php file that automagically changes your include path to include the neccessary folder. We’ll delete this file and make one small change to HTMLPurifier.php.
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
just below the
line in HTMLPurifier.php and we’re ready to go.
Add this testcontroller and check out the results :