ZF-2343: Safe HTML project


HTML produced by Zend Framework components should be safe for publishing by removing all potentially harmful content, such as Javascript.

We should start by testing the current algorithm of {{Zend_Filter_StripTags}} against various attack vectors.


This issue may affect other components, such as Zend_View and friends.


This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

Please evaluate and categorize/assign as necessary.

You can look also at

Reassigning for prioritization.

This is a massive undertaking and should come in the form of a component proposal.