Publisher review:NeatHtml is a highly-portable open source website component that displays untrusted content securely, efficiently, and accessibly. NeatHtml™ is a highly-portable open source website component that displays untrusted content securely, efficiently, and accessibly. Untrusted content is any content that is not trusted by the website owner. Typical examples include blog comments, forum posts, or user pages on social networking sites.
NeatHtml uses an “accept only known good” (whitelist) approach to security to help prevent attacks which are not yet known. It focuses on preventing Cross-Site Scripting (XSS) attacks but can also prevent phishing attacks and remove automated Cross-Site Request Forgery (CSRF) attacks.
In this context, phishing attacks are attacks which try to display untrusted content where the user would trust it, and automated CSRF attacks are CSRF attacks that do not require any user action beyond viewing the untrusted content. NeatHtml consists of the NeatHtml.js JavaScript library and a small server-side component. NeatHtml.js should work with any browser that supports both JavaScript 1.3 and a few DOM APIs. It has been tested against Internet Explorer 6 and 7, Firefox 1.5 and 2.0, Opera 9.21, Netscape 7.2, Mac Safari 1.2, 1.3 and 2.0, and Konqueror 3.4.0-5 and 3.5.7.
The server-side component is approximately 400 lines of ASP.NET code. It runs under Mono, .NET 1.1, and .NET 2.0, but should be easy to port to other web development platforms (e.g. Java or PHP).
To facilitate porting and testing, NeatHtml includes a JavaScript test framework and a demo page which uses the test framework and demonstrates the capabilities of NeatHtml. NeatHtml is licensed under the Lesser General Public License (LGPL), a business-friendly open source license. NeatHtml is currently available for download as a mature development snapshot. It primarily needs independent testing, and minor security fixes before an official release. Features
- Uses a whitelist approach to help prevent attacks that take advantage of currently unknown security holes.
- XSS prevention is done using client-side script to reduce the load on the server.
- Allows many common HTML constructs, including most inline styles.
- Integrates easily with existing applications.
- Works under Mono, .NET 1.1, and .NET 2.0, and can be easily ported to other development platforms.
NeatHtml is a Flash script for WYSIWYG Editors scripts design by brettle.com.
It runs on following operating system: Windows / Linux / Mac OS / BSD / Solaris.
Operating system:Windows / Linux / Mac OS / BSD / Solaris