Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 38 lines (23 sloc) 1.399 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
All code licensed under the GPL (any version)
http://www.gnu.org/licenses/gpl.html


***WARNING***
DO NOT USE THIS CODE IN PRODUCTION FOR XSS FILTERING. IT'S QUITE OLD AND CERTAINLY
VERY INSECURE. (The last update of this branch was Oct 2001!)

As of 2010 the most updated/comprehensive XSS filter is: http://htmlpurifier.org/


I've put this up for posterity and also from a request by the WP team to relicense
the code as GPL (instead of GPL 2.0)


Biographical note: I originally whipped this up during a couple summer days after
graduating from USC mostly as an exercise to learn Cold Fusion 4.0 - I wrote a tag
filter/balancer I believe after a conversation w/ mathowie. balanceTags was written
first in PHP and then transcoded to CF. (incredibly painful)

A few months later, Michel asked/let me know he was using it in b2.

I'm amazed any of it remains in production, but I believe descendants of this code
continue to live on both in Metafilter and WordPress.

See:
http://core.trac.wordpress.org/browser/trunk/wp-includes/formatting.php#L977

That's humbling, amazing, and more than a bit scary. And of course, that's how the
sausage gets made.

(also perhaps of interest, I wrote this stack-based parser w/o having taken a compilers
class or having much understanding of Lex or YACC. I was sure there was a better way to
do it, but no one's bothered to rewrite it, so who knows)


.l
Something went wrong with that request. Please try again.