Projects / kses


kses is an HTML/XHTML security filter that removes all unwanted HTML elements and attributes, no matter how malformed the HTML input you give it. It also does several checks on attribute values. It can be used to avoid cross-site scripting (XSS), buffer overflows, and denial of service attacks. It is used by popular programs such as WordPress and Geeklog.

Operating Systems

Recent releases

  •  07 Feb 2005 07:53

    Release Notes: This release added a second object-oriented kses version for PHP 5, uses isset() to avoid PHP notice warnings, changed chr(173) handling to help Asian users, and improved the handling of closing HTML elements.

    •  29 Sep 2003 16:13

      Release Notes: This release adds a new object-oriented version of kses, three new attribute value checks (minlen, minval, and valueless), a work-around for an Opera "feature" that treats chr(173) as whitespace, and some other minor changes.

      •  25 Jul 2003 13:19

        Release Notes: This release adds attribute value checks (maxlen and maxval), whitelisting of allowed URL protocols, XHTML, removal of Netscape 4's Javascript entities, and various bugfixes.

        •  09 Jun 2003 16:19

          No changes have been submitted for this release.


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.