ZF-2343: Safe HTML project

Issue Type: Improvement Created: 2007-12-20T15:53:39.000+0000 Last Updated: 2009-01-10T11:02:26.000+0000 Status: Closed Fix version(s): - 1.8.0 (30/Apr/09)

Reporter: Darby Felton (darby) Assignee: Ralph Schindler (ralph) Tags: - Zend_Filter

Related issues: - ZF-3293



HTML produced by Zend Framework components should be safe for publishing by removing all potentially harmful content, such as Javascript.

We should start by testing the current algorithm of Zend_Filter_StripTags against various attack vectors.


This issue may affect other components, such as Zend_View and friends.


Posted by Wil Sinclair (wil) on 2008-04-18T13:11:53.000+0000

This doesn't appear to have been fixed in 1.5.0. Please update if this is not correct.

Posted by Wil Sinclair (wil) on 2008-04-18T17:11:46.000+0000

Please evaluate and categorize/assign as necessary.

Posted by Kamil Nowakowski (kamiln) on 2008-04-27T02:16:12.000+0000

You can look also at

Posted by Wil Sinclair (wil) on 2008-06-09T13:29:42.000+0000

Reassigning for prioritization.

Posted by Ralph Schindler (ralph) on 2009-01-10T11:02:26.000+0000

This is a massive undertaking and should come in the form of a component proposal.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.