phpxsshtmlpurifier

HTML Purifier - How to know if a XSS injection was found?


I'm using HTML Purifier to remove all malicious code from user input. I want to send an alert email when a XSS code is detected (and removed) by HTML Purifier.

The purify() method returns purified HTML. I can't compare the input HTML with the purified HTML to detect changes because HTML Purifier ensures standards-compliant output by transforming HTML.

Is it possible?

Thanks for your help!


Solution

  • Nope, HTML Purifier doesn't support this use-case.