mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-03-11 09:18:43 +00:00
[1.2.0] Assorted tinyfixes
- Add TODO request about Phalanger, something to do if I'm really bored - Update XSS attacks - Minor formatting/grammar fixes in documentation git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@502 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
24f2771304
commit
4ee1bf94e3
4
NEWS
4
NEWS
@ -10,8 +10,12 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
|
||||
1.2.0, unknown projected release date
|
||||
! Added MODx plugin <http://modxcms.com/forums/index.php/topic,6604.0.html>
|
||||
- Documentation updated
|
||||
+ TODO added request Phalanger
|
||||
+ TODO added request Native compression
|
||||
. Switched to purify()-wide Context object registry
|
||||
. Refactored unit tests to minimize duplication
|
||||
. XSS attack sheet updated
|
||||
|
||||
1.1.3, unknown projected release date
|
||||
(bugfix release, may be dropped if no major bugs are found before features)
|
||||
|
9
SLOW
9
SLOW
@ -2,13 +2,13 @@
|
||||
SLOW
|
||||
also known as the HELP ME LIBRARY IS TOO SLOW MY PAGE TAKE TOO LONG LOAD page
|
||||
|
||||
HTMLPurifier is a very powerful library. But with power comes great
|
||||
HTML Purifier is a very powerful library. But with power comes great
|
||||
responsibility, or, at least, longer execution times. Remember, this
|
||||
library isn't lightly grazing over submitted HTML: it's deconstructing
|
||||
the whole thing, rigorously checking the parts, and then putting it
|
||||
back together.
|
||||
|
||||
So, if it so turns out that HTMLPurifier is kinda too slow for outbound
|
||||
So, if it so turns out that HTML Purifier is kinda too slow for outbound
|
||||
filtering, you've got a few options:
|
||||
|
||||
1. Inbound filtering - perform filtering of HTML when it's submitted by the
|
||||
@ -19,7 +19,7 @@ it directly from your database/filesystem. The trouble with this method is
|
||||
that your user loses the original text, and when doing edits, will be
|
||||
handling the filtered text. While this may be a good thing, especially if
|
||||
you're using a WYSIWYG editor, it can also result in data-loss if a user
|
||||
expects a certain to be available but it doesn't.
|
||||
makes a typo.
|
||||
|
||||
2. Caching the filtered output - accept the submitted text and put it
|
||||
unaltered into the database, but then also generate a filtered version and
|
||||
@ -36,4 +36,5 @@ it has some drawbacks which cannot be fixed unless you save both the original
|
||||
and the filtered versions.
|
||||
|
||||
There is a third option: profile and optimize HTMLPurifier yourself. Be sure
|
||||
to tell me if you decide to do that! ;-)
|
||||
to report back your results if you decide to do that! Especially if you
|
||||
port HTML Purifier to C++. ;-)
|
||||
|
1
TODO
1
TODO
@ -53,6 +53,7 @@ Unknown release (on a scratch-an-itch basis)
|
||||
Requested
|
||||
- Native content compression, whitespace stripping (don't rely on Tidy, make
|
||||
sure we don't remove from pre tags)
|
||||
- Win32 Phalanger C# binaries
|
||||
|
||||
Wontfix
|
||||
- Non-lossy smart alternate character encoding transformations
|
||||
|
@ -126,5 +126,5 @@ Colored - background-color (background), border-color (border), color
|
||||
Dramatic - border, list-style-position (list-style), margin, padding,
|
||||
text-align, text-indent, text-transform, vertical-align, line-height
|
||||
|
||||
Dramatic elements substnatially change the look of text in ways that should
|
||||
Dramatic elements substantially change the look of text in ways that should
|
||||
probably have been reserved to other areas.
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user