mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
[3.1.1] Update Munge docs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1804 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
463aa3a0fa
commit
511dfe2d4a
2
NEWS
2
NEWS
@ -10,6 +10,8 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
||||
==========================
|
||||
|
||||
3.1.1, unknown release date
|
||||
# %URI.Munge now, by default, does not munge resources (for example, <img src="">)
|
||||
In order to enable this again, please set %URI.MungeResources to true.
|
||||
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
|
||||
and height/width HTML with %HTML.MaxImgLength.
|
||||
! %URI.SecureMunge for secure URI munging (as opposed to %URI.Munge). Thanks Chris
|
||||
|
3
TODO
3
TODO
@ -13,9 +13,7 @@ afraid to cast your vote for the next feature to be implemented!
|
||||
|
||||
- Investigate how early internal structures can be accessed; this would
|
||||
prevent structures from being parsed and serialized multiple times.
|
||||
- Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?)
|
||||
- Built-in support for target="_blank" on all external links
|
||||
- Implement SecureMunge for resources too
|
||||
- Gitify the repository
|
||||
|
||||
FUTURE VERSIONS
|
||||
@ -28,6 +26,7 @@ FUTURE VERSIONS
|
||||
IDREFs to non-existent IDs)
|
||||
# Frameset XHTML 1.0 and HTML 4.01 doctypes
|
||||
- Implement <area>
|
||||
- Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?)
|
||||
|
||||
3.3 release [Error'ed]
|
||||
# Error logging for filtering/cleanup procedures
|
||||
|
@ -19,7 +19,7 @@
|
||||
<xsl:variable name="usageLookup" select="document('../usage.xml')/usage" />
|
||||
|
||||
<!-- Twiddle this variable to get the columns as even as possible -->
|
||||
<xsl:variable name="maxNumberAdjust" select="1" />
|
||||
<xsl:variable name="maxNumberAdjust" select="2" />
|
||||
|
||||
<xsl:template match="/">
|
||||
<html lang="en" xml:lang="en">
|
||||
|
@ -27,6 +27,12 @@ DEFAULT: NULL
|
||||
in corporate environments.
|
||||
</li>
|
||||
</ul>
|
||||
<p>
|
||||
Prior to HTML Purifier 3.1.1, this directive also enabled the munging
|
||||
of browsable external resources, which could break things if your redirection
|
||||
script was a splash page or used <code>meta</code> tags. To revert to
|
||||
previous behavior, please use %URI.MungeResources.
|
||||
</p>
|
||||
<p>
|
||||
You may want to also use %URI.MungeSecretKey along with this directive
|
||||
in order to enforce what URIs your redirector script allows. Open
|
||||
|
@ -4,9 +4,13 @@ VERSION: 3.1.1
|
||||
DEFAULT: false
|
||||
--DESCRIPTION--
|
||||
<p>
|
||||
If true, any URI munging directives like %URI.Munge or %URI.SecureMunge
|
||||
If true, any URI munging directives like %URI.Munge
|
||||
will also apply to embedded resources, such as <code><img src=""></code>.
|
||||
Be careful enabling this directive if you have a redirector script
|
||||
that does not use the <code>Location</code> HTTP header; all of your images
|
||||
and other embedded resources will break.
|
||||
</ul>
|
||||
</p>
|
||||
<p>
|
||||
<strong>Warning:</strong> It is strongly advised you use this in conjunction
|
||||
%URI.MungeSecretKey to mitigate the security risk of an open redirector.
|
||||
</p>
|
||||
|
Loading…
Reference in New Issue
Block a user