Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/voku/anti-xss

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP
https://github.com/voku/anti-xss

[!]: "php": ">=7.0" v2

f80bd84993faa2951036d3414c816303c5c63113 authored about 7 years ago by Lars Moelleken <[email protected]>
[!]: "php": ">=7.0"

1122f0b38140f9d9ceeff1214378b4c1dc6896ef authored about 7 years ago by Lars Moelleken <[email protected]>
Update .travis.yml

10ae436578ed19c7141f8fbae6cc14c200b6b659 authored about 7 years ago by Lars Moelleken <[email protected]>
Update .travis.yml

80b3d2ba08f1cdf896416cac72fbed4983cc2faa authored about 7 years ago by Lars Moelleken <[email protected]>
Merge remote-tracking branch 'origin/master'

0ba88e1a1c67befc13d176172c5877768d6ddee7 authored over 7 years ago by Lars Moelleken <[email protected]>
[+]: add some more tests

-> https://raw.githubusercontent.com/vanilla/htmlawed/master/tests/fixtures/valid/safe.html

b3d6b5165d6badc293a8dd2a195fd03b2e3cb7c1 authored over 7 years ago by Lars Moelleken <[email protected]>
Update README.md

653656f4e7fb3934ea851e4e4f1e308838033319 authored over 7 years ago by Lars Moelleken <[email protected]>
[+]: add some more tests

-> http://sebastian-lekies.de/slides/appsec2017.pdf

f4616366cd0077fd65bf0c8f5689d2930fca5d50 authored over 7 years ago by Lars Moelleken <[email protected]>
[+]: optimize "_do_never_allowed()"

ed60f88e576f4c82729737d57c2b6a2a614fd181 authored over 7 years ago by Lars Moelleken <[email protected]>
[+]: use new version of "Portable-UTF8" (voku/portable-utf8)

5cbf80ec747604a5c8c737ae9ef1f23c7469d5dc authored over 7 years ago by Lars Moelleken <[email protected]>
[*]: use "error_reporting(E_ALL)" for tests

861c7a27e4c0f771f3bc34314d4e07b801329cac authored over 7 years ago by Lars Moelleken <[email protected]>
[+]: fix typo in the "$entitiesSecurity"-fallback-array

6b5b5a6bc443cb7a1126e6bef1bb8b644bf680cf authored over 7 years ago by Lars Moelleken <[email protected]>
[!!!]: prevent UTF-7 charset attacks + optimize "style"-attribute processing

-> https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet

9de3db9520285f73bdf7f265abd5a8655e9545bf authored over 7 years ago by Lars Moelleken <[email protected]>
[+]: fix for HHVM v2

c5ef94790d9ed8654f1bccfeb6b397cf1fb87d88 authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: fix for HHVM

0149820c6e4a93d12def804718f2e00ad2198a20 authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: fix for PHP < 5.4 v2.1

0071081701ceb1ffda8cb8dd9f110d8227cfa9c1 authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: fix for PHP < 5.4 v2

0af8da5c4d29e1980fc661f737d22cbc19d0fbd6 authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: fix for PHP < 5.4

fd8458a0197c8aa9523c9062d5f1852a53f0fd78 authored almost 8 years ago by Lars Moelleken <[email protected]>
Merge remote-tracking branch 'origin/master'

8786c83ccc9db2ad00b83115dc0d326f1c70bb25 authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: fix #23 - "xss_clean removes '+'"

-> and extra check for e.g.:

'<scri + pt>' => '',
'<scri pt>' => '',
'<scri\' \'pt>' => '',...

e7a5975c074befc4065b298d32b9cef25f4ee7bb authored almost 8 years ago by Lars Moelleken <[email protected]>
Update README.md

60bc05887630387d5020443a493bc2311be80070 authored almost 8 years ago by Lars Moelleken <[email protected]>
Add Beerpay's badge

a9ff9eecead976ceed85d1163eb1dc569f5a1a13 authored almost 8 years ago by Lars Moelleken <[email protected]>
Merge pull request #20 from c-harris/master

bumped phpunit allowed version

e58090bf53c4f1553b9655fc69c9c82951cfc1c8 authored almost 8 years ago by Lars Moelleken <[email protected]>
bumped phpunit allowed version

44f49e89a34fe01925d03a6e31ccd565744ead45 authored almost 8 years ago by c-harris <[email protected]>
[!!!]: fix "data URI"-xss

697142eb3cd99e06bc0b0779eaa746a63ed718de authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: add "isXssFound()" -> so we can check if there was xss-attack v2

2bac006af1a970e59ddb39391afb5f241ed98421 authored almost 8 years ago by Lars Moelleken <[email protected]>
[+]: add "isXssFound()" -> so we can check if there was xss-attack

1accec362f277253823cebc9da531387143cb8f1 authored almost 8 years ago by Lars Moelleken <[email protected]>
[*]: add more examples into docs v2

86c2675096eb8dac7b4ff41c6c52cd7a341c0ded authored about 8 years ago by Lars Moelleken <[email protected]>
[*]: add more examples into docs

54760492a10f2b0208d910b49db6e49b4b397f48 authored about 8 years ago by Lars Moelleken <[email protected]>
Merge pull request #17 from voku/analysis-87Gwy3

Apply fixes from StyleCI

7397375ba49535517657b946291652ffd6f4f433 authored about 8 years ago by Lars Moelleken <[email protected]>
Apply fixes from StyleCI

eb0380c0647e21c6f043e4f1efd2a88ced926721 authored about 8 years ago by Lars Moelleken <[email protected]>
[~]: try to optimize "_entity_decode()"

108409ad9371d379d3a83dd36dafab2a3d789549 authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: fix #15

-> we need "UTF8::urldecode()" only for XSS strings, for non-XSS strings we only use "UTF8:rawur...

b1095d227a7d5cb60d4b5abdcb3eec6a09a33316 authored about 8 years ago by Lars Moelleken <[email protected]>
Merge pull request #14 from voku/analysis-zDMok9

Applied fixes from StyleCI

2dec0e062900ce9e765af06c11f0d87f19b74bce authored about 8 years ago by Lars Moelleken <[email protected]>
Applied fixes from StyleCI

9defc8c49e3be5be9ca9a1d1bb79af06f193a4b7 authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: add more tests from OWASP

-> https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

a0f895ae4a33390c78db17ad6f9eec97b0b14e53 authored about 8 years ago by Lars Moelleken <[email protected]>
[~]: small optimization + tests

de875a1ef4fa39d3c337730350ac3c29259c992f authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: add tests from "iamcal/lib_filter" v3

-> https://github.com/iamcal/lib_filter/blob/master/t/01_basics.t

441c3435ea8f71580f607ee5e4407a7c195e999a authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: add tests from "iamcal/lib_filter" v2

-> https://github.com/iamcal/lib_filter/blob/master/t/01_basics.t

e9bab2a760f13c3d9f342133ae903a2acb48ae29 authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: add tests from "iamcal/lib_filter"

-> https://github.com/iamcal/lib_filter/blob/master/t/01_basics.t

5ca7dc8f8326fea1fdd40c58f362414657356cde authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: fix tests with new version of "UTF8::urldecode()"

... use "urldecode()" so that something like '<script + >' will be converted to ''

b52c5174dff1825d3c72dafb18923a8358654d33 authored about 8 years ago by Lars Moelleken <[email protected]>
[+]: add one more test

-> http://security.stackexchange.com/questions/59143/xss-in-html-meta-tag

1f5f8df92169c47fd58fd88b54d76a7d8abf56d4 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: add one more test

-> http://blog.innerht.ml/internet-explorer-has-a-url-problem/

0b316259618a58fb763c0df15fcba26e0e3ca732 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: edit test-config for "travis-ci"

a118f82165a0b043c1c4a8879a8d0aa7e50b8d87 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: revert (missing test-file)

-> deleted from my anti-virus software ...

a9fab7adafa844aac13f65a5c9d6bb5dbc46557a authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: add some more test for "img"-tags

742bca45ce10519a1deffda57772ffc0078a15f7 authored over 8 years ago by Lars Moelleken <[email protected]>
[*]: fix typo

013d51c97cf8d19a832b493e54c1f5f45fd60172 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: move "_evil_attributes" into class property

[+]: use fluent api for public-methods
[+]: fixed "setReplacement()" via "_initNeverAllowedStr()"

6f9656e3764eed8b0ed0078a67a0fb53af94bf49 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: use new version of "portable-utf8" (3.0)

bb0f924d22e55003d272d4041e83f1140b7c87ed authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added the option "$_stripe_4byte_chars"

-> so if you can't upgrade your MySQL encoding to "utf8mb4", then you need this option -> to pre...

ce6693708760c6e6be3b26912da7992507ed8c47 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some more tests

14759f0be68e9cf8a221dff866e8aaf41824a50d authored over 8 years ago by Lars Moelleken <[email protected]>
[*]: fixed code-comment

480620321e265adf4d2a763994a5c965d6eabe27 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added also "&#039;" as fallback

7f108dece99f64123837d4326897a0accb108d3c authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added also "&#x27;" as fallback

f6febc6bdc0607ae1386ebb969cb95fc5e95e251 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: use "assertSame" instead of "assertEquals"

0ca7118cf46db623ec243da9624d7f187193b3af authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some more tests

1200459a100b85bb482bd25237740e2e7e323639 authored over 8 years ago by Lars Moelleken <[email protected]>
[*]: edit "git"-branch-alias

79e174965a74ab2f7556c6706ebd3525d090d3f2 authored over 8 years ago by Lars Moelleken <[email protected]>
[!]: BC -> less protected methods

b533b9dabe01d82b74990323332ca9dcace9e13c authored over 8 years ago by Lars Moelleken <[email protected]>
[!]: BC -> don't try to check images

[!]: BC -> less public methods

40f0b00f8f6e48328e16a7bd3d585f0b94bf3f50 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: fixed "Cleaner produces invalid markup" #12

d4c9a93197b89b51b1aca616fda574017e29ed0d authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some more tests v2.1

78527dcd454490d345af03668edc2bfadc2afd05 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some more tests v2

9805a60a033288772d350d7939f00afc3afb6a14 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some more tests

bed811b675de34aa375a267a39b9c82c816914b1 authored over 8 years ago by Lars Moelleken <[email protected]>
[~]: move test-files helper into "fixtures"

0cd09249711a3825eeee77d8c00be43c1780ce81 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some more XSS tests

61fe75ec52eb263d7ce67363ce3c1e5a50655b3b authored over 8 years ago by Lars Moelleken <[email protected]>
Update README.md

6447ac3390216e9d5b87de8e1e549a52445eac3d authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: use new version of "Portable-UTF-8" with emoji support ...

72862ac11fc068f87ce89b78da81358b2ab61540 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: added some new test from "DOMPurify"

-> https://github.com/cure53/DOMPurify/blob/master/test/fixtures/expect.js

d338b14e7a4ba620c863cca41525aba909c16883 authored over 8 years ago by Lars Moelleken <[email protected]>
[+]: use some new event handlers supported by modern browsers

-> http://pastebin.com/raw/WwcBmz5J

d759006f10ef22439099b1e031190ef9eaec8ff9 authored over 8 years ago by Lars Moelleken <[email protected]>
[*]: added one more test ...

8edf32ce54a59a84d181c8465c488d887855b2ca authored over 8 years ago by Lars Moelleken <[email protected]>
[~]: use new "portable-utf8"-version

f442e9853fbb099e019068e414f1667a0d4e1000 authored almost 9 years ago by Lars Moelleken <[email protected]>
[+]: return save input-types without any filter

3c35a07ff7e58a12ee036a04a3a5a3b8b0f15e2d authored almost 9 years ago by Lars Moelleken <[email protected]>
[*]: edit style from "README"

0a7bd3240bfebe6cf9dfeb9fda88ce8b32264cfb authored almost 9 years ago by Lars Moelleken <[email protected]>
Merge remote-tracking branch 'origin/master'

* origin/master:
Update README.md

72a15118f5afa0132668e373ef660f259246df81 authored almost 9 years ago by Lars Moelleken <[email protected]>
[+]: fixed "travis-ci" build

b5e466e934a120275beb17d5c7bd76b98ecc7c2e authored almost 9 years ago by Lars Moelleken <[email protected]>
Update README.md

24fb56f6f0f5b05f1eb22d22d62b061f720edfa8 authored almost 9 years ago by Lars Moelleken <[email protected]>
[+]: use new version of "portable-utf8"

e38c23a641b6a4cd42baee89ae7fd0194f7d4832 authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: added some more tests ... from CodeIgniter

-> https://github.com/bcit-ci/CodeIgniter/blob/71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c/tests/co...

d4cc98820f0cf65f19ac60109a91b7c1111dd5ab authored about 9 years ago by Lars Moelleken <[email protected]>
[-]: edit "travis.yml" -> "travis/build.sh: line 45: 3340 Segmentation fault (core dumped) php vendor/bin/phpunit -c phpunit.xml"

a796374221d62259caa3dcb5bca4ef213b3bb8b2 authored about 9 years ago by Lars Moelleken <[email protected]>
Merge remote-tracking branch 'origin/master'

* origin/master:
Update README.md
Update README.md
Update README.md

ec5b7e062af33543653834798c2d950164352be2 authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: added more testes from "https://twitter.com/brutelogic"

fbd1011aa48c708ee1c1a93da8c6a0cb86edc879 authored about 9 years ago by Lars Moelleken <[email protected]>
Update README.md

875c4b2c6f2debdae1d65def7e2cde715459df9d authored about 9 years ago by Lars Moelleken <[email protected]>
Update README.md

950708432510172af7fe8b44e575fca61fc5f994 authored about 9 years ago by Lars Moelleken <[email protected]>
Update README.md

e7f8a772a10382f53c9e394dda0dc74aa0839189 authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: added more testes from "http://www.xss-payloads.com/payloads/scripts/imgencoding.js.html"

1b9a003740c46214d0020350e6b65e3fa7eab234 authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: added more testes from "http://www.xss-payloads.com/payloads/scripts/alert.js.html"

737116c9ff9aae9fc19f3a72ef419ec68c90ee64 authored about 9 years ago by Lars Moelleken <[email protected]>
Merge remote-tracking branch 'origin/master'

* origin/master:
Applied fixes from StyleCI

35eca0217fb960707e58141dfbc5577ccafab186 authored about 9 years ago by Lars Moelleken <[email protected]>
[~]: move "php-coveralls" into ".travis.yml"

4459b3caeeda3dbf41c1d58024f2b7c5e1b08354 authored about 9 years ago by Lars Moelleken <[email protected]>
Merge pull request #10 from voku/analysis-86AJlz

Applied fixes from StyleCI

b6c31ef4777375205d9192d43851ca1850aa7d59 authored about 9 years ago by Lars Moelleken <[email protected]>
Applied fixes from StyleCI

0243a5111ffbefbcb98a3b3eb7c0af14054819a4 authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: some testing - added tests from "CodeIgniter" v2.1

c409b2fe6df98dcee87d4ad5f92aa86b325d93f1 authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: some testing - added tests from "CodeIgniter" v2

51b1dcd0be92e3145739605c779ad9f45cf848af authored about 9 years ago by Lars Moelleken <[email protected]>
Revert "[+]: some testing - added tests from "CodeIgniter""

This reverts commit b5f149d299b98f85daed6e9a5564e7f9ececc2ed.

354a494a7191110499432338047a32e190a09d2c authored about 9 years ago by Lars Moelleken <[email protected]>
[+]: some testing - added tests from "CodeIgniter"

b5f149d299b98f85daed6e9a5564e7f9ececc2ed authored about 9 years ago by Lars Moelleken <[email protected]>
Revert "Revert "[+]: added fallback for "get_html_translation_table()"""

This reverts commit 4db502624e4d2794aee37ab4947a0f97ad8e1ae2.

c798f0949371f111ce0447bd0ef974a8fc736aeb authored over 9 years ago by Lars Moelleken <[email protected]>
Revert "[+]: added fallback for "get_html_translation_table()""

This reverts commit 9c50dce98f9b030c8ac7712c86cf67db6c66b1c0.

4db502624e4d2794aee37ab4947a0f97ad8e1ae2 authored over 9 years ago by Lars Moelleken <[email protected]>
[+]: added fallback for "get_html_translation_table()"

9c50dce98f9b030c8ac7712c86cf67db6c66b1c0 authored over 9 years ago by Lars Moelleken <[email protected]>
[+]: use static cache for exploded words (one more test) v2

3b6186fbfe5d393c894ec15b4e4c9cb9e30ddf39 authored over 9 years ago by Lars Moelleken <[email protected]>
Use chunk_split func

http://php.net/chunk_split
Conflicts:
src/voku/helper/AntiXSS.php

622b0ac803e7e73c7add8e560408e03e3b0e0c23 authored over 9 years ago by Alexandr Kondrashov <[email protected]>
[+]: use static cache for exploded words + optimization from @thekondrashov | https://github.com/voku/anti-xss/pull/8

b9ea12bc3670f6605891bccc7af16a578b91e3ed authored over 9 years ago by Lars Moelleken <[email protected]>