0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00

Add readme and install documents.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@277 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-08-16 04:14:59 +00:00
parent 1b867888e8
commit bd081fd50c
2 changed files with 73 additions and 0 deletions

61
INSTALL.txt Normal file
View File

@ -0,0 +1,61 @@
Install
How to install HTMLPurifier
Being a library, there's no fancy GUI that will take you step-by-step through
configuring database credentials and other mumbo-jumbo. HTMLPurifier is
designed to run "out of the box." Regardless, there are still a couple of
things you should be mindful of.
1. Including the proper files
The library/ directory must be added to your path: HTMLPurifier will not be
able to find the necessary includes otherwise. This is as simple as:
set_include_path('/path/to/htmlpurifier/library' . PATH_SEPARATOR . get_include_path());
...replacing /path/to/htmlpurifier with the actual location of the folder. Don't
worry, HTMLPurifier is namespaced so unless you have another file named
HTMLPurifier.php, the files won't collide with any of your includes.
Then, it's a simple matter of including the base file:
require_once 'HTMLPurifier.php';
...and you're good to go.
2. Preparing the proper environment
While no configuration is necessary, you first should take precautions regarding
the other output HTML that the filtered content will be going along with. Here
is a (short) checklist:
* Have I specified XHTML 1.0 Transitional as the doctype?
* Have I specified UTF-8 as the character encoding?
I cannot stress the importance of these two bullets enough. Omitting either
of them could have dire consequences not only for security but for plain
old usability. You can find a more in-depth discussion of why this is needed
in docs/security.txt, in the meantime, try to change your output so this is
the case.
If, for some reason, you are unable to switch to UTF-8 immediately, you can
use iconv to convert the output of HTMLPurifier to your desired encoding.
We may integrate support for other encodings in later releases, but for now,
UTF-8 is all you should need. (If you're not using UTF-8, switch now!)
3. Using the code
The interface is mind-numbingly simple.
$purifier = new HTMLPurifier();
$clean_html = $purifier->purify($dirty_html);
That's it. For more examples, check out docs/examples/. Also, SLOW gives
advice on what to do if HTMLPurifier is slowing down your application.

12
README.txt Normal file
View File

@ -0,0 +1,12 @@
README
All about HTMLPurifier
HTMLPurifier is an HTML filtering solution. It uses a unique combination of
robust whitelists and agressive parsing to ensure that not only are XSS
attacks thwarted, but the resulting HTML is standards compliant.
See INSTALL on how to use the library. See docs/ for more developer-oriented
documentation as well as some code examples.
HTMLPurifier can be found on the web at: http://hp.jpsband.org/