From 41a25cb6b8a29f57d29ff575468bf614bf0306bc Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Wed, 13 Dec 2006 04:14:30 +0000
Subject: [PATCH] [1.3.2] printDefinition.php: added labels, added better
 clarification - Updated TODO

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@609 48356398-32a2-884e-a903-53898d9a118a
---
 NEWS                           |  1 +
 TODO                           |  6 ++++++
 smoketests/printDefinition.php | 37 ++++++++++++++++++++--------------
 3 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/NEWS b/NEWS
index aa909d8f..61104e87 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 
 1.3.2, unknown release date, may be dropped
 (security/bugfix/minor feature release)
+- printDefinition.php: added labels, added better clarification
 
 1.3.1, released 2006-12-06
 ! Added HTMLPurifier.func.php stub for a convenient function to call the library
diff --git a/TODO b/TODO
index b29e320f..5b8620eb 100644
--- a/TODO
+++ b/TODO
@@ -85,6 +85,12 @@ Requested
     contents should be dropped or not (currently, there's code that could do
     something like this if it didn't drop the inner text too.)
  - Accept array input, by iterating and purifying all of the items
+ - More user-friendly warnings when %HTML.Allow* attempts to specify a
+   tag or attribute that is not supported
+ - Allow specifying global attributes on a tag-by-tag basis in
+   %HTML.AllowAttributes
+ - Parse TinyMCE whitelist into our %HTML.Allow whitelists
+ - XSS-attempt detection
 
 Wontfix
  - Non-lossy smart alternate character encoding transformations (unless
diff --git a/smoketests/printDefinition.php b/smoketests/printDefinition.php
index a937ec71..91c15d4c 100644
--- a/smoketests/printDefinition.php
+++ b/smoketests/printDefinition.php
@@ -36,6 +36,7 @@ echo '<?xml version="1.0" encoding="UTF-8" ?>';
     <style type="text/css">
         form table {margin:1em auto;}
         form th {text-align:right;padding-right:1em;}
+        form .c {display:none;}
         .HTMLPurifier_Printer table {border-collapse:collapse;
             border:1px solid #000; width:600px;
             margin:1em auto;font-family:sans-serif;font-size:75%;}
@@ -62,11 +63,9 @@ influences the internal workings of the definition objects.</p>
 
 <p>You can specify an array by typing in a comma-separated
 list of items, HTML Purifier will take care of the rest (including
-transformation into a real array list or a lookup table). If a
-directive can be set to null, that usually means that the feature
-is disabled when it is null (not that, say, no tags are allowed).</p>
+transformation into a real array list or a lookup table).</p>
 
-<form id="edit-config" method="get" action="printDefinition.php">
+<form id="edit-config" name="edit-config" method="get" action="printDefinition.php">
 <table>
 <?php
     $directives = $config->getBatch('HTML');
@@ -91,27 +90,31 @@ is disabled when it is null (not that, say, no tags are allowed).</p>
 <tr>
 <th>
     <a href="http://hp.jpsband.org/live/configdoc/plain.html#<?php echo $directive ?>">
-        %<?php echo $directive; ?>
+        <label for="<?php echo $directive; ?>">%<?php echo $directive; ?></label>
     </a>
 </th>
 <td>
 <?php if (is_bool($value)) { ?>
-    Yes <input type="radio" name="<?php echo $directive; ?>" value="1"<?php if ($value) { ?> checked="checked"<?php } ?> /> &nbsp;
-    No <input type="radio" name="<?php echo $directive; ?>" value="0"<?php if (!$value) { ?> checked="checked"<?php } ?> />
+    <label for="Yes_<?php echo $directive; ?>"><span class="c">%<?php echo $directive; ?>:</span> Yes</label>
+    <input type="radio" name="<?php echo $directive; ?>" id="Yes_<?php echo $directive; ?>" value="1"<?php if ($value) { ?> checked="checked"<?php } ?> /> &nbsp;
+    <label for="No_<?php echo $directive; ?>"><span class="c">%<?php echo $directive; ?>:</span> No</label>
+    <input type="radio" name="<?php echo $directive; ?>" id="No_<?php echo $directive; ?>" value="0"<?php if (!$value) { ?> checked="checked"<?php } ?> />
 <?php } else { ?>
     <?php if($allow_null) { ?>
-        Null/Disabled <input
-                type="checkbox"
-                value="1"
-                onclick="toggleWriteability('<?php echo $directive ?>',checked)"
-                name="Null_<?php echo $directive; ?>"
-                <?php if ($value === null) { ?> checked="checked"<?php } ?>
-              /> or <br />
+        <label for="Null_<?php echo $directive; ?>"><span class="c">%<?php echo $directive; ?>:</span> Null/Disabled*</label>
+        <input
+            type="checkbox"
+            value="1"
+            onclick="toggleWriteability('<?php echo $directive ?>',checked)"
+            name="Null_<?php echo $directive; ?>"
+            id="Null_<?php echo $directive; ?>"
+            <?php if ($value === null) { ?> checked="checked"<?php } ?>
+          /> or <br />
     <?php } ?>
     <input
         type="text"
-        id="<?php echo $directive; ?>"
         name="<?php echo $directive; ?>"
+        id="<?php echo $directive; ?>"
         value="<?php echo escapeHTML($value); ?>"
         <?php if($value === null) {echo 'disabled="disabled"';} ?>
     />
@@ -128,6 +131,10 @@ is disabled when it is null (not that, say, no tags are allowed).</p>
     </td>
 </tr>
 </table>
+<p>* Some configuration directives make a distinction between an empty
+variable and a null variable. A whitelist, for example, will take an
+empty array as meaning <em>no</em> allowed elements, while checking
+Null/Disabled will mean that user whitelisting functionality is disabled.</p>
 </form>
 <h2>HTMLDefinition</h2>
 <?php echo $printer_html_definition->render($config) ?>