PHP Classes

CSP Filter: Filter HTML based on Content Security Policy

Recommend this page to a friend!
     
  Info   View files Files   Install with Composer Install with Composer   Download Download   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not enough user ratingsTotal: 539 All time: 5,587 This week: 455Up
Version License PHP version Categories
cspfilter 0.25Custom (specified...5.0HTML, PHP 5, Security
Description 

Author

This class can be used to filter HTML based on Content Security Policy.

It takes a DOM Document object loaded with the structure of an HTML document and process it to find violations of the Content Security Policy definition.

The class changes the document structure to filter and enforce the policy definitions, so the application can serve a compliant HTML document.

Innovation Award
PHP Programming Innovation award nominee
April 2009
Number 9
When displaying HTML content submitted to a site by untrusted users, you need to be careful to not allow cross-site scripting and cross-site request forgery security exploits that can be performed by specially crafted HTML and Javascript.

Mozilla foundation people have defined a Content Security Policy that defines which HTML elements can be or not be included in a page.

This class can filter untrusted HTML using Mozilla Content Security Policy rules.

Manuel Lemos
Picture of Michael A. Peters
Name: Michael A. Peters <contact>
Classes: 6 packages by
Country: United States United States
Age: 51
All time rank: 882118 in United States United States
Week rank: 164 Up23 in United States United States Up
Innovation award
Innovation award
Nominee: 2x

Details

There are several files associated with this release. 1) cspfilter_class.php -- The class file, and the only file you need to include -- the class in your own projects. 2) license.txt -- Common Public License v 1.0 -- The license this software is distributed under. 3) README.html -- An introduction to the class, why I wrote it, what it -- does and how to use it. 4) index.php -- Passes README.html through the class for demonstrative -- purposes 5) testimage.jpg -- An image that demonstrates image source filtering -- Used by README.html (and thus index.php) -- If testimage.jpg is not available, any image will work, -- name it testimage.jpg 6) testscript.js -- JavaScript that demonstrates script source filtering -- Used by README.html (and thus index.php) 7) ifobtest.php -- php file that demonstrates iframe/object source filtering -- Used by README.html (and thus index.php) 8) dom_script_test.php -- Creates a test area where you can dynamically specify policy -- rules and feed input to be passed through the output filter. -- Linked to in README.html (and thus index.php) 9) READMETXT.txt -- This file NOTES For best use of the examples, put all those files in a directory in a php enabled web server. Then create the following symlinks in that dir: ln -s index.php index.phps ln -s cspfilter_class.php cspfilter_class.phps ln -s dom_script_test.php dom_script_test.phps If your web server is configured to follow symlinks and process .phps files as application/x-httpd-php-source then you can view the source to those files (linked in the files) as pretty syntax highlighted php source.

  Files folder image Files (9)  
File Role Description
Plain text file cspfilter_class.php Class The class file
Accessible without login Plain text file dom_script_test.php Example Class Playground
Accessible without login Plain text file ifobtest.php Aux. Example iframe/object
Accessible without login Plain text file index.php Example Example Script
Accessible without login Plain text file license.txt Lic. CPL License
Accessible without login HTML file README.html Doc. Documentation
Accessible without login Plain text file READMETXT.txt Doc. Setting up examples
Accessible without login Image file testimage.jpg Photo Example Image
Accessible without login Plain text file testscript.js Data Example JS

The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page.
Install with Composer Install with Composer
Downloadcspfilter-2010-02-18.zip 51KB
Downloadcspfilter-2010-02-18.tar.gz 51KB
Install with ComposerInstall with Composer
Needed packages  
Class DownloadWhy it is needed Dependency
IDNA Convert Download .zip .tar.gz convert to punycode Optional
 Version Control Unique User Downloads Download Rankings  
 0%
Total:539
This week:0
All time:5,587
This week:455Up