From 6bdf161afd64bd8344c67fe04e258d53c87e59bd Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Wed, 15 Jul 2009 14:50:52 -0400 Subject: [PATCH] Update TODO. Signed-off-by: Edward Z. Yang --- TODO | 88 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 46 insertions(+), 42 deletions(-) diff --git a/TODO b/TODO index 1bb707bd..64d7f054 100644 --- a/TODO +++ b/TODO @@ -11,22 +11,39 @@ If no interest is expressed for a feature that may require a considerable amount of effort to implement, it may get endlessly delayed. Do not be afraid to cast your vote for the next feature to be implemented! -- Built-in support for target="_blank" on all external links -- Incorporate data: support as implemented here: - http://htmlpurifier.org/phorum/read.php?3,3491,3548 -- Fix ImgRequired to handle data correctly -- Incorporate download and resize support as implemented here: - http://htmlpurifier.org/phorum/read.php?3,2795,3628 -- Think about allowing explicit order of operations hooks for transforms -- Add "register" field to config schemas to eliminate dependence on - naming conventions -- Add examples to everything (make built-in which also automatically - gives output) +Standing patches: + + - Incorporate data: support as implemented here: + http://htmlpurifier.org/phorum/read.php?3,3491,3548 + - Incorporate download and resize support as implemented here: + http://htmlpurifier.org/phorum/read.php?3,2795,3628 + - Incorporate remove tags that don't do anything (no attributes): + http://htmlpurifier.org/phorum/read.php?5,2507 + +Things to do as soon as possible: + + - Fix ImgRequired to handle data correctly + - Think about allowing explicit order of operations hooks for transforms FUTURE VERSIONS --------------- -4.1 release [It's All About Trust] (floating) +4.1 release [OMG CONFIG PONIES] + ! Fix Printer. It's from the old days when we didn't have decent XML classes + ! Factor demo.php into a set of Printer classes, and then create a stub + file for users here (inside the actual HTML Purifier library) + - Fix error handling with form construction + - Do encoding validation in Printers, or at least, where user data comes in + - Config: Add examples to everything (make built-in which also automatically + gives output) + - Add "register" field to config schemas to eliminate dependence on + naming conventions (try to remember why we ultimately decided on tihs) + +5.0 release [HTML 5] + # Swap out code to use html5lib tokenizer and tree-builder + ! Allow turning off of FixNesting and required attribute insertion + +5.1 release [It's All About Trust] (floating) # Implement untrusted, dangerous elements/attributes # Implement IDREF support (harder than it seems, since you cannot have IDREFs to non-existent IDs) @@ -35,36 +52,23 @@ FUTURE VERSIONS # Frameset XHTML 1.0 and HTML 4.01 doctypes - Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?) -4.2 release [Error'ed] +5.2 release [Error'ed] # Error logging for filtering/cleanup procedures - - XSS-attempt detection--certain errors are flagged XSS-like - -4.3 release [Do What I Mean, Not What I Say] # Additional support for poorly written HTML - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) - Friendly strict handling of
(block ->
) - ? Remove redundant tags, ex. Underlined. Implementation notes: - 1. Analyzing which tags to remove duplicants - 2. Ensure attributes are merged into the parent tag - 3. Extend the tag exclusion system to specify whether or not the - contents should be dropped or not (currently, there's code that could do - something like this if it didn't drop the inner text too.) - - Remove tags that don't do anything (no attributes) + - XSS-attempt detection--certain errors are flagged XSS-like - Append something to duplicate IDs so they're still usable (impl. note: the dupe detector would also need to detect the suffix as well) - - Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg -5.0 release [Beyond HTML] +6.0 release [Beyond HTML] # Legit token based CSS parsing (will require revamping almost every - AttrDef class). Probably will use CSSTidy class? + AttrDef class). Probably will use CSSTidy # More control over allowed CSS properties using a modularization - # HTML 5 support # IRI support (this includes IDN) - Standardize token armor for all areas of processing - - Convert RTL/LTR override characters to tags, or vice versa on demand. - Also, enable disabling of directionality -6.0 release [To XML and Beyond] +7.0 release [To XML and Beyond] - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) - Hooks for adding custom processors to custom namespaced tags and attributes, offer default implementation @@ -75,25 +79,14 @@ Ongoing - Refactor unit tests into lots of test methods - Plugins for major CMSes (COMPLEX) - phpBB - - Drupal needs loving! - - Phorum need loving! - - more! (look for ones that use WYSIWYGs) - - Also, maybe a FAQ for extension writers with HTML Purifier + - Also, a FAQ for extension writers with HTML Purifier AutoFormat - Smileys - Syntax highlighting (with GeSHi) with 
 and possibly  tags, or vice versa on demand.
+   Also, enable disabling of directionality
+ ? Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg
+ ? Remove redundant tags, ex. Underlined. Implementation notes:
+    1. Analyzing which tags to remove duplicants
+    2. Ensure attributes are merged into the parent tag
+    3. Extend the tag exclusion system to specify whether or not the
+    contents should be dropped or not (currently, there's code that could do
+    something like this if it didn't drop the inner text too.)
 
 Maintenance related (slightly boring)
  # CHMOD install script for PEAR installs
  ! Factor out command line parser into its own class, and unit test it
+ - Reduce size of internal data-structures (esp. HTMLDefinition)
  - Allow merging configurations.  Thus,
         a -> b -> default
         c -> d -> default