Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

38 lines (23 sloc) 1.399 kB
All code licensed under the GPL (any version)
http://www.gnu.org/licenses/gpl.html
***WARNING***
DO NOT USE THIS CODE IN PRODUCTION FOR XSS FILTERING. IT'S QUITE OLD AND CERTAINLY
VERY INSECURE. (The last update of this branch was Oct 2001!)
As of 2010 the most updated/comprehensive XSS filter is: http://htmlpurifier.org/
I've put this up for posterity and also from a request by the WP team to relicense
the code as GPL (instead of GPL 2.0)
Biographical note: I originally whipped this up during a couple summer days after
graduating from USC mostly as an exercise to learn Cold Fusion 4.0 - I wrote a tag
filter/balancer I believe after a conversation w/ mathowie. balanceTags was written
first in PHP and then transcoded to CF. (incredibly painful)
A few months later, Michel asked/let me know he was using it in b2.
I'm amazed any of it remains in production, but I believe descendants of this code
continue to live on both in Metafilter and WordPress.
See:
http://core.trac.wordpress.org/browser/trunk/wp-includes/formatting.php#L977
That's humbling, amazing, and more than a bit scary. And of course, that's how the
sausage gets made.
(also perhaps of interest, I wrote this stack-based parser w/o having taken a compilers
class or having much understanding of Lex or YACC. I was sure there was a better way to
do it, but no one's bothered to rewrite it, so who knows)
.l
Jump to Line
Something went wrong with that request. Please try again.