[wp-hackers] HTML Purifier

Andy Skelton skeltoac at gmail.com
Tue Feb 13 21:16:30 GMT 2007


On 2/13/07, Matt Mullenweg <m at mullenweg.com> wrote:
> Andy Skelton wrote:
> > I would love to replace KSES.
>
> Why? We've never found a single vulnerability in the code, which is
> several years old.

It has never failed to filter malicious code but several times I have
wanted to accomplish more than malicious code filtering, e.g. friendly
attribute pattern whitelisting for trusted sites, and found KSES
lacking in flexibility.

Nothing beats KSES for size and speed at the one thing it does best; I
just wanted it to do more.

Andy


More information about the wp-hackers mailing list