ZF Home Page
Issue Tracker
Code Browser
Wiki Dashboard
on the top right of the page you're viewing.
Page Operations
Browse SpaceAntiSamy HTML filter support
Mentor
Stas Malyshev
Abstract
OWASP AntiSamy Project is a project aimed at creating rule-drive HTML filtering engine, which would allow to sanitize HTML content in order to allow safe HTML editing for public forums.
As there are numerous ways to smuggle potentially harmful active content into HTML, many sites prefer either to disallow it altogether or to invent some ways of private formatting. Those that do allow HTML have to create home-grown filtering engine and are bound to repeat many mistakes that other already discovered and fixed. Thus, my opinion is that generic filtering engine would be beneficial for the users.
OWASP AntiSamy project has Java implementation and rulesets developed, but no PHP implementation. I have contacted the authors and they think it would be very good to have this in Zend Framework.
Project Outline
- Introduce student to ZF community
- Establish contact with OWASP AntiSamy project team
- Submit API proposal
- Get the proposal approved by both Zend and OWASP teams
- Implement filtering according to the rules
- Implement unit tests as necessary to achieve 90% code coverage
- Evaluate filter performance and if necessary, do performance optimizations
- Get Project approved for Core Inclusion