mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-05 06:01:52 +00:00
Update TODO.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
parent
af45a6c191
commit
6bdf161afd
84
TODO
84
TODO
@ -11,22 +11,39 @@ If no interest is expressed for a feature that may require a considerable
|
|||||||
amount of effort to implement, it may get endlessly delayed. Do not be
|
amount of effort to implement, it may get endlessly delayed. Do not be
|
||||||
afraid to cast your vote for the next feature to be implemented!
|
afraid to cast your vote for the next feature to be implemented!
|
||||||
|
|
||||||
- Built-in support for target="_blank" on all external links
|
Standing patches:
|
||||||
- Incorporate data: support as implemented here:
|
|
||||||
|
- Incorporate data: support as implemented here:
|
||||||
http://htmlpurifier.org/phorum/read.php?3,3491,3548
|
http://htmlpurifier.org/phorum/read.php?3,3491,3548
|
||||||
- Fix ImgRequired to handle data correctly
|
- Incorporate download and resize support as implemented here:
|
||||||
- Incorporate download and resize support as implemented here:
|
|
||||||
http://htmlpurifier.org/phorum/read.php?3,2795,3628
|
http://htmlpurifier.org/phorum/read.php?3,2795,3628
|
||||||
- Think about allowing explicit order of operations hooks for transforms
|
- Incorporate remove <span> tags that don't do anything (no attributes):
|
||||||
- Add "register" field to config schemas to eliminate dependence on
|
http://htmlpurifier.org/phorum/read.php?5,2507
|
||||||
naming conventions
|
|
||||||
- Add examples to everything (make built-in which also automatically
|
Things to do as soon as possible:
|
||||||
gives output)
|
|
||||||
|
- Fix ImgRequired to handle data correctly
|
||||||
|
- Think about allowing explicit order of operations hooks for transforms
|
||||||
|
|
||||||
FUTURE VERSIONS
|
FUTURE VERSIONS
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
4.1 release [It's All About Trust] (floating)
|
4.1 release [OMG CONFIG PONIES]
|
||||||
|
! Fix Printer. It's from the old days when we didn't have decent XML classes
|
||||||
|
! Factor demo.php into a set of Printer classes, and then create a stub
|
||||||
|
file for users here (inside the actual HTML Purifier library)
|
||||||
|
- Fix error handling with form construction
|
||||||
|
- Do encoding validation in Printers, or at least, where user data comes in
|
||||||
|
- Config: Add examples to everything (make built-in which also automatically
|
||||||
|
gives output)
|
||||||
|
- Add "register" field to config schemas to eliminate dependence on
|
||||||
|
naming conventions (try to remember why we ultimately decided on tihs)
|
||||||
|
|
||||||
|
5.0 release [HTML 5]
|
||||||
|
# Swap out code to use html5lib tokenizer and tree-builder
|
||||||
|
! Allow turning off of FixNesting and required attribute insertion
|
||||||
|
|
||||||
|
5.1 release [It's All About Trust] (floating)
|
||||||
# Implement untrusted, dangerous elements/attributes
|
# Implement untrusted, dangerous elements/attributes
|
||||||
# Implement IDREF support (harder than it seems, since you cannot have
|
# Implement IDREF support (harder than it seems, since you cannot have
|
||||||
IDREFs to non-existent IDs)
|
IDREFs to non-existent IDs)
|
||||||
@ -35,36 +52,23 @@ FUTURE VERSIONS
|
|||||||
# Frameset XHTML 1.0 and HTML 4.01 doctypes
|
# Frameset XHTML 1.0 and HTML 4.01 doctypes
|
||||||
- Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?)
|
- Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?)
|
||||||
|
|
||||||
4.2 release [Error'ed]
|
5.2 release [Error'ed]
|
||||||
# Error logging for filtering/cleanup procedures
|
# Error logging for filtering/cleanup procedures
|
||||||
- XSS-attempt detection--certain errors are flagged XSS-like
|
|
||||||
|
|
||||||
4.3 release [Do What I Mean, Not What I Say]
|
|
||||||
# Additional support for poorly written HTML
|
# Additional support for poorly written HTML
|
||||||
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
|
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
|
||||||
- Friendly strict handling of <address> (block -> <br>)
|
- Friendly strict handling of <address> (block -> <br>)
|
||||||
? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
|
- XSS-attempt detection--certain errors are flagged XSS-like
|
||||||
1. Analyzing which tags to remove duplicants
|
|
||||||
2. Ensure attributes are merged into the parent tag
|
|
||||||
3. Extend the tag exclusion system to specify whether or not the
|
|
||||||
contents should be dropped or not (currently, there's code that could do
|
|
||||||
something like this if it didn't drop the inner text too.)
|
|
||||||
- Remove <span> tags that don't do anything (no attributes)
|
|
||||||
- Append something to duplicate IDs so they're still usable (impl. note: the
|
- Append something to duplicate IDs so they're still usable (impl. note: the
|
||||||
dupe detector would also need to detect the suffix as well)
|
dupe detector would also need to detect the suffix as well)
|
||||||
- Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg
|
|
||||||
|
|
||||||
5.0 release [Beyond HTML]
|
6.0 release [Beyond HTML]
|
||||||
# Legit token based CSS parsing (will require revamping almost every
|
# Legit token based CSS parsing (will require revamping almost every
|
||||||
AttrDef class). Probably will use CSSTidy class?
|
AttrDef class). Probably will use CSSTidy
|
||||||
# More control over allowed CSS properties using a modularization
|
# More control over allowed CSS properties using a modularization
|
||||||
# HTML 5 support
|
|
||||||
# IRI support (this includes IDN)
|
# IRI support (this includes IDN)
|
||||||
- Standardize token armor for all areas of processing
|
- Standardize token armor for all areas of processing
|
||||||
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
|
||||||
Also, enable disabling of directionality
|
|
||||||
|
|
||||||
6.0 release [To XML and Beyond]
|
7.0 release [To XML and Beyond]
|
||||||
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
|
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
|
||||||
- Hooks for adding custom processors to custom namespaced tags and
|
- Hooks for adding custom processors to custom namespaced tags and
|
||||||
attributes, offer default implementation
|
attributes, offer default implementation
|
||||||
@ -75,25 +79,14 @@ Ongoing
|
|||||||
- Refactor unit tests into lots of test methods
|
- Refactor unit tests into lots of test methods
|
||||||
- Plugins for major CMSes (COMPLEX)
|
- Plugins for major CMSes (COMPLEX)
|
||||||
- phpBB
|
- phpBB
|
||||||
- Drupal needs loving!
|
- Also, a FAQ for extension writers with HTML Purifier
|
||||||
- Phorum need loving!
|
|
||||||
- more! (look for ones that use WYSIWYGs)
|
|
||||||
- Also, maybe a FAQ for extension writers with HTML Purifier
|
|
||||||
|
|
||||||
AutoFormat
|
AutoFormat
|
||||||
- Smileys
|
- Smileys
|
||||||
- Syntax highlighting (with GeSHi) with <pre> and possibly <?php
|
- Syntax highlighting (with GeSHi) with <pre> and possibly <?php
|
||||||
- Look at http://drupal.org/project/Modules/category/63 for ideas
|
- Look at http://drupal.org/project/Modules/category/63 for ideas
|
||||||
|
|
||||||
Optimizations
|
|
||||||
- Reduce size of internal data-structures (esp. HTMLDefinition)
|
|
||||||
- Get PH5P working with the latest versions of DOM, which have much more
|
|
||||||
stringent error checking procedures. Maybe convert straight to tokens.
|
|
||||||
- Get rid of set_include_path(). Save this for another major release.
|
|
||||||
|
|
||||||
Neat feature related
|
Neat feature related
|
||||||
! Factor demo.php into a set of Printer classes, and then create a stub
|
|
||||||
file for users here (inside the actual HTML Purifier library)
|
|
||||||
! Support exporting configuration, so users can easily tweak settings
|
! Support exporting configuration, so users can easily tweak settings
|
||||||
in the demo, and then copy-paste into their own setup
|
in the demo, and then copy-paste into their own setup
|
||||||
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
|
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
|
||||||
@ -110,10 +103,21 @@ Neat feature related
|
|||||||
- Full set of color keywords. Also, a way to add onto them without
|
- Full set of color keywords. Also, a way to add onto them without
|
||||||
finalizing the configuration object.
|
finalizing the configuration object.
|
||||||
- Write a var_export and memcached DefinitionCache - Denis
|
- Write a var_export and memcached DefinitionCache - Denis
|
||||||
|
- Built-in support for target="_blank" on all external links
|
||||||
|
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
||||||
|
Also, enable disabling of directionality
|
||||||
|
? Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg
|
||||||
|
? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
|
||||||
|
1. Analyzing which tags to remove duplicants
|
||||||
|
2. Ensure attributes are merged into the parent tag
|
||||||
|
3. Extend the tag exclusion system to specify whether or not the
|
||||||
|
contents should be dropped or not (currently, there's code that could do
|
||||||
|
something like this if it didn't drop the inner text too.)
|
||||||
|
|
||||||
Maintenance related (slightly boring)
|
Maintenance related (slightly boring)
|
||||||
# CHMOD install script for PEAR installs
|
# CHMOD install script for PEAR installs
|
||||||
! Factor out command line parser into its own class, and unit test it
|
! Factor out command line parser into its own class, and unit test it
|
||||||
|
- Reduce size of internal data-structures (esp. HTMLDefinition)
|
||||||
- Allow merging configurations. Thus,
|
- Allow merging configurations. Thus,
|
||||||
a -> b -> default
|
a -> b -> default
|
||||||
c -> d -> default
|
c -> d -> default
|
||||||
|
Loading…
Reference in New Issue
Block a user