0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00

Update filter levels document in light of fact that user can now specify tags. We may want to upgrade this to HTML so users can be helped out in choosing things to allow.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@574 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-11-23 22:40:59 +00:00
parent d7ce6b4587
commit 61b6ee7183

View File

@ -8,9 +8,9 @@ could go into this definition: the set of HTML good for blog entries is
definitely too large for HTML that would be allowed in blog comments. Going definitely too large for HTML that would be allowed in blog comments. Going
from Transitional to Strict requires changes to the definition. from Transitional to Strict requires changes to the definition.
However, allowing users to specify their own whitelists was an idea I Allowing users to specify their own whitelists is one step (implemented, btw),
rejected from the start. Simply put, the typical programmer is too lazy but I have doubts on only doing this. Simply put, the typical programmer is too
to actually go through the trouble of investigating which tags, attributes lazy to actually go through the trouble of investigating which tags, attributes
and properties to allow. HTMLDefinition makes a big part of what HTMLPurifier and properties to allow. HTMLDefinition makes a big part of what HTMLPurifier
is. is.
@ -28,7 +28,7 @@ Here are some fuzzy levels you could set:
to be useful) to be useful)
3. Pages - As permissive as possible without allowing XSS. No protection 3. Pages - As permissive as possible without allowing XSS. No protection
against bad design sense, unfortunantely. Suitable for wiki and page against bad design sense, unfortunantely. Suitable for wiki and page
environments. environments. (probably what we have now)
4. Lint - Accept everything in the spec, a Tidy wannabe. (This probably won't 4. Lint - Accept everything in the spec, a Tidy wannabe. (This probably won't
get implemented as it would require routines for things like <object> get implemented as it would require routines for things like <object>
and friends to be implemented, which is a lot of work for not a lot of and friends to be implemented, which is a lot of work for not a lot of