Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Filter_Html & Zend_Validate_Html Component Proposal

Proposed Component Name Zend_Filter_Html & Zend_Validate_Html
Developer Notes & Zend_Validate_Html
Proposers Thomas Weidner
Zend Liaison TBD
Revision 1.0 - 6 December 2009: Initial Draft. (wiki revision: 3)

Table of Contents

1. Overview

Zend_Filter_Html is a component which filters a given input to be HTML conform.
Zend_Validate_Html is it's cousine which validates if a given input is HTML conform.

2. References

3. Component Requirements, Constraints, and Acceptance Criteria


  • This component will convert any input to conform HTML
  • This component will prevent XSS attacks
  • This component will produce 100% valid HTML output


  • This component will validate if input is 100% valid HTML

4. Dependencies on Other Framework Components

  • Zend_Filter
  • Zend_Validator

5. Theory of Operation

Actually Zend Framework does not have a component which really prevents XSS attacks.

Zend_Filter_Html filters given input, so it conforms the HTML standard. It prevents XSS attacks. Therefor it makes usage of Tidy to get a standard conform HTML output, and it uses HTMLPurifier to prevent any attacks.

Zend_Validate_Html validates is a given input conforms the HTML standard.

6. Milestones / Tasks

  • Milestone 1: [DONE] Proposal finished
  • Milestone 2: Proposal accepted
  • Milestone 3: Working implementation
  • Milestone 4: Unit tests
  • Milestone 5: Documentation
  • Milestone 6: Moved to core

7. Class Index

  • Zend_Filter_Html
  • Zend_Validate_Html

8. Use Cases


Filtering XSS attacks:


Validating HTML:

9. Class Skeletons


Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.