mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-23 00:41:52 +00:00
Update filter levels document in light of fact that user can now specify tags. We may want to upgrade this to HTML so users can be helped out in choosing things to allow.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@574 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
d7ce6b4587
commit
61b6ee7183
@ -8,9 +8,9 @@ could go into this definition: the set of HTML good for blog entries is
|
|||||||
definitely too large for HTML that would be allowed in blog comments. Going
|
definitely too large for HTML that would be allowed in blog comments. Going
|
||||||
from Transitional to Strict requires changes to the definition.
|
from Transitional to Strict requires changes to the definition.
|
||||||
|
|
||||||
However, allowing users to specify their own whitelists was an idea I
|
Allowing users to specify their own whitelists is one step (implemented, btw),
|
||||||
rejected from the start. Simply put, the typical programmer is too lazy
|
but I have doubts on only doing this. Simply put, the typical programmer is too
|
||||||
to actually go through the trouble of investigating which tags, attributes
|
lazy to actually go through the trouble of investigating which tags, attributes
|
||||||
and properties to allow. HTMLDefinition makes a big part of what HTMLPurifier
|
and properties to allow. HTMLDefinition makes a big part of what HTMLPurifier
|
||||||
is.
|
is.
|
||||||
|
|
||||||
@ -28,7 +28,7 @@ Here are some fuzzy levels you could set:
|
|||||||
to be useful)
|
to be useful)
|
||||||
3. Pages - As permissive as possible without allowing XSS. No protection
|
3. Pages - As permissive as possible without allowing XSS. No protection
|
||||||
against bad design sense, unfortunantely. Suitable for wiki and page
|
against bad design sense, unfortunantely. Suitable for wiki and page
|
||||||
environments.
|
environments. (probably what we have now)
|
||||||
4. Lint - Accept everything in the spec, a Tidy wannabe. (This probably won't
|
4. Lint - Accept everything in the spec, a Tidy wannabe. (This probably won't
|
||||||
get implemented as it would require routines for things like <object>
|
get implemented as it would require routines for things like <object>
|
||||||
and friends to be implemented, which is a lot of work for not a lot of
|
and friends to be implemented, which is a lot of work for not a lot of
|
||||||
|
Loading…
Reference in New Issue
Block a user