Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Filter_Html & Zend_Validate_Html Component Proposal

Proposed Component Name Zend_Filter_Html & Zend_Validate_Html
Developer Notes http://framework.zend.com/wiki/display/ZFDEV/Zend_Filter_Html & Zend_Validate_Html
Proposers Thomas Weidner
Zend Liaison TBD
Revision 1.0 - 6 December 2009: Initial Draft. (wiki revision: 6)

Table of Contents

1. Overview

Zend_Filter_Html is a component which filters a given input to be HTML conform.
Zend_Validate_Html is it's cousine which validates if a given input is HTML conform.

2. References

  • See here for problems of actual ZF usage: Blog Post

3. Component Requirements, Constraints, and Acceptance Criteria

Zend_Filter_Html:

  • This component will convert any input to conform HTML
  • This component will prevent XSS attacks
  • This component will produce 100% valid HTML output
  • This component will use adapters to allow foreign libraries to be used

Zend_Validate_Html:

  • This component will validate if input is 100% valid HTML
  • This compontnt will use adapters to allow foreign libraries to be used

4. Dependencies on Other Framework Components

  • Zend_Filter
  • Zend_Validator

5. Theory of Operation

Actually Zend Framework does not have a component which really prevents XSS attacks.

Zend_Filter_Html filters given input, so it conforms the HTML standard. It prevents XSS attacks. Therefor it makes usage of Tidy to get a standard conform HTML output, and it uses HTMLPurifier to prevent any attacks.

Zend_Validate_Html validates is a given input conforms the HTML standard.

6. Milestones / Tasks

  • Milestone 1: [DONE] Proposal finished
  • Milestone 2: Proposal accepted
  • Milestone 3: Working implementation
  • Milestone 4: Unit tests
  • Milestone 5: Documentation
  • Milestone 6: Moved to core

7. Class Index

  • Zend_Filter_Html
  • Zend_Filter_Html_HtmlAbstract
  • Zend_Filter_Html_Tidy
  • Zend_Filter_Html_HtmlPurifier
  • Zend_Validate_Html
  • Zend_Validate_Html_HtmlAbstract
  • Zend_Validate_Html_Tidy

8. Use Cases

UC-01

Filtering XSS attacks:

UC-02

Validating HTML:

9. Class Skeletons

]]></ac:plain-text-body></ac:macro>

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.