diff --git a/TODO b/TODO index 792525a3..e77b2ab9 100644 --- a/TODO +++ b/TODO @@ -7,7 +7,7 @@ TODO List ? Maybe I'll Do It ========================== -1.8 release [Refactor, refactor!] +2.1 release [Refactor, refactor!] # URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX) # Advanced URI filtering schemes (see docs/proposal-new-directives.txt) - Configuration profiles: predefined directives set with one func call @@ -16,13 +16,13 @@ TODO List - Allow non-ASCII characters in font names - Genericize special cases in RemoveForeignElements -1.9 release [Error'ed] +2.2 release [Error'ed] # Error logging for filtering/cleanup procedures - Requires I18N facilities to be created first (COMPLEX) - XSS-attempt detection - More fine-grained control over escaping behavior -1.10 release [Do What I Mean, Not What I Say] +2.3 release [Do What I Mean, Not What I Say] # Additional support for poorly written HTML - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) - Friendly strict handling of
(block ->
) @@ -37,10 +37,10 @@ TODO List - Append something to duplicate IDs so they're still usable (impl. note: the dupe detector would also need to detect the suffix as well) -1.11 release [It's All About Trust] (floating) +2.4 release [It's All About Trust] (floating) # Implement untrusted, dangerous elements/attributes -2.0 release [Beyond HTML] +3.0 release [Beyond HTML] # Legit token based CSS parsing (will require revamping almost every AttrDef class) # More control over allowed CSS properties (maybe modularize it in the @@ -59,7 +59,7 @@ TODO List - Convert RTL/LTR override characters to tags, or vice versa on demand. Also, enable disabling of directionality -3.0 release [To XML and Beyond] +4.0 release [To XML and Beyond] - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) - Hooks for adding custom processors to custom namespaced tags and attributes, offer default implementation diff --git a/WHATSNEW b/WHATSNEW index 7ce6b516..933e1f1a 100644 --- a/WHATSNEW +++ b/WHATSNEW @@ -1,7 +1,7 @@ -The 1.6.1 release, code-named 'Ach! We missed something! Run!', completes -HTML Purifier's roster of attribute transformations. It also implements -a number of minor features (such as better font transformations, smarter -HTML parsing, the CSS property 'white-space' and XHTML 1.1), a few bug -fixes (most notably fixed __autoload compatibility issues) and a ton -of refactoring. 1.6 was for things that absolutely could not wait: this -release, developed in a more leisurely pace, fills in the gaps. \ No newline at end of file +HTML Purifier 2.0 is the culmination of two major architectural changes. +The first is Tidy, which enables HTML Purifier to both natively support +deprecated elements and also convert them to standards-compliant +alternatives. The second is the Advanced API, which enables users to +create new elements and attributes with ease. Keeping in line with a +commitment to high quality, there are also four esoteric bug-fixes and a +plethora of subtle improvements that enhance the library. diff --git a/library/HTMLPurifier.php b/library/HTMLPurifier.php index 9ba6929b..f0bc25fa 100644 --- a/library/HTMLPurifier.php +++ b/library/HTMLPurifier.php @@ -58,14 +58,14 @@ HTMLPurifier_ConfigSchema::define( ISO 639 language code for localizable things in HTML Purifier to use, which is mainly error reporting. There is currently only an English (en) translation, so this directive is currently useless. -This directive has been available since 1.7.0. +This directive has been available since 2.0.0. '); HTMLPurifier_ConfigSchema::define( 'Core', 'CollectErrors', false, 'bool', ' Whether or not to collect errors found while filtering the document. This is a useful way to give feedback to your users. CURRENTLY NOT IMPLEMENTED. -This directive has been available since 1.7.0. +This directive has been available since 2.0.0. '); /** diff --git a/library/HTMLPurifier/AttrDef/CSS/Color.php b/library/HTMLPurifier/AttrDef/CSS/Color.php index 53a4fa89..4b0fa231 100644 --- a/library/HTMLPurifier/AttrDef/CSS/Color.php +++ b/library/HTMLPurifier/AttrDef/CSS/Color.php @@ -24,7 +24,7 @@ HTMLPurifier_ConfigSchema::define( ), 'hash', ' Lookup array of color names to six digit hexadecimal number corresponding to color, with preceding hash mark. Used when parsing colors. -This directive has been available since 1.7.0. +This directive has been available since 2.0.0. '); /** diff --git a/library/HTMLPurifier/CSSDefinition.php b/library/HTMLPurifier/CSSDefinition.php index af6c6058..78612f23 100644 --- a/library/HTMLPurifier/CSSDefinition.php +++ b/library/HTMLPurifier/CSSDefinition.php @@ -22,7 +22,7 @@ HTMLPurifier_ConfigSchema::define(

Revision identifier for your custom definition. See %HTML.DefinitionRev for details. This directive has been available - since 1.7.0. + since 2.0.0.

'); diff --git a/library/HTMLPurifier/DefinitionCache/Serializer.php b/library/HTMLPurifier/DefinitionCache/Serializer.php index 24a55b28..64b79eba 100644 --- a/library/HTMLPurifier/DefinitionCache/Serializer.php +++ b/library/HTMLPurifier/DefinitionCache/Serializer.php @@ -9,7 +9,7 @@ HTMLPurifier_ConfigSchema::define( Default is within the HTML Purifier library inside DefinitionCache/Serializer. This path must be writable by the webserver. This directive has been - available since 1.7.0. + available since 2.0.0.

'); diff --git a/library/HTMLPurifier/DefinitionCacheFactory.php b/library/HTMLPurifier/DefinitionCacheFactory.php index 97707a98..bd7faba6 100644 --- a/library/HTMLPurifier/DefinitionCacheFactory.php +++ b/library/HTMLPurifier/DefinitionCacheFactory.php @@ -7,7 +7,7 @@ HTMLPurifier_ConfigSchema::define( This directive defines which method to use when caching definitions, the complex data-type that makes HTML Purifier tick. Set to null to disable caching (not recommended, as you will see a definite -performance degradation). This directive has been available since 1.7.0. +performance degradation). This directive has been available since 2.0.0. '); HTMLPurifier_ConfigSchema::defineAllowedValues( diff --git a/library/HTMLPurifier/HTMLDefinition.php b/library/HTMLPurifier/HTMLDefinition.php index c998aed6..dc7a07b9 100644 --- a/library/HTMLPurifier/HTMLDefinition.php +++ b/library/HTMLPurifier/HTMLDefinition.php @@ -31,7 +31,7 @@ $def->addAttribute(\'a\', \'tabindex\', \'Number\'); an extra directive attached to it.

- This directive has been available since 1.7.0, and in that version or + This directive has been available since 2.0.0, and in that version or later you must specify a value to this directive to use the advanced API features.

@@ -46,7 +46,7 @@ HTMLPurifier_ConfigSchema::define( context: revision 3 is more up-to-date then revision 2. Thus, when this gets incremented, the cache handling is smart enough to clean up any older revisions of your definition as well as flush the - cache. This directive has been available since 1.7.0. + cache. This directive has been available since 2.0.0.

'); @@ -124,7 +124,7 @@ HTMLPurifier_ConfigSchema::define( whitelist: directly copy-pasting it here will probably result in broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes are set, this directive has no effect. - This directive has been available since 1.7.0. + This directive has been available since 2.0.0.

'); diff --git a/library/HTMLPurifier/HTMLModule/Tidy.php b/library/HTMLPurifier/HTMLModule/Tidy.php index 5c3addd9..b81bf3ad 100644 --- a/library/HTMLPurifier/HTMLModule/Tidy.php +++ b/library/HTMLPurifier/HTMLModule/Tidy.php @@ -18,7 +18,7 @@ There are four allowed values:

Transform all deprecated elements and attributes to standards compliant equivalents
-

This directive has been available since 1.7.0

+

This directive has been available since 2.0.0

' ); HTMLPurifier_ConfigSchema::defineAllowedValues( 'HTML', 'TidyLevel', array('none', 'light', 'medium', 'heavy') @@ -27,13 +27,13 @@ HTMLPurifier_ConfigSchema::defineAllowedValues( HTMLPurifier_ConfigSchema::define( 'HTML', 'TidyAdd', array(), 'lookup', ' Fixes to add to the default set of Tidy fixes as per your level. This -directive has been available since 1.7.0. +directive has been available since 2.0.0. ' ); HTMLPurifier_ConfigSchema::define( 'HTML', 'TidyRemove', array(), 'lookup', ' Fixes to remove from the default set of Tidy fixes as per your level. This -directive has been available since 1.7.0. +directive has been available since 2.0.0. ' ); /** diff --git a/library/HTMLPurifier/HTMLModuleManager.php b/library/HTMLPurifier/HTMLModuleManager.php index 4bfc741a..ed1a8edb 100644 --- a/library/HTMLPurifier/HTMLModuleManager.php +++ b/library/HTMLPurifier/HTMLModuleManager.php @@ -50,7 +50,7 @@ HTMLPurifier_ConfigSchema::define( 'HTML', 'Trusted', false, 'bool', 'Indicates whether or not the user input is trusted or not. If the '. 'input is trusted, a more expansive set of allowed tags and attributes '. - 'will be used. This directive has been available since 1.7.0.' + 'will be used. This directive has been available since 2.0.0.' ); HTMLPurifier_ConfigSchema::define( @@ -66,7 +66,7 @@ HTMLPurifier_ConfigSchema::define( If you specify a module that does not exist, the manager will silently fail to use it, so be careful! User-defined modules are not affected by this directive. Modules defined in %HTML.CoreModules are not - affected by this directive. This directive has been available since 1.7.0. + affected by this directive. This directive has been available since 2.0.0.

'); @@ -86,7 +86,7 @@ HTMLPurifier_ConfigSchema::define( type: put those modules here. By default, XHTML\'s core modules are used. You can set this to a blank array to disable core module protection, but this is not recommended. This directive has been - available since 1.7.0. + available since 2.0.0.

'); diff --git a/library/HTMLPurifier/Lexer.php b/library/HTMLPurifier/Lexer.php index e2c0fccf..d5dc0061 100644 --- a/library/HTMLPurifier/Lexer.php +++ b/library/HTMLPurifier/Lexer.php @@ -48,7 +48,7 @@ HTMLPurifier_ConfigSchema::define(

- This directive has been available since 1.7.0. + This directive has been available since 2.0.0.

' ); @@ -61,7 +61,7 @@ HTMLPurifier_ConfigSchema::define( significant performance degradation and should not be used when unnecessary. This directive must be used with the DirectLex lexer, as the DOMLex lexer does not (yet) support this functionality. This directive - has been available since 1.7.0. + has been available since 2.0.0.

'); diff --git a/library/HTMLPurifier/Lexer/DirectLex.php b/library/HTMLPurifier/Lexer/DirectLex.php index e5643758..a34e0517 100644 --- a/library/HTMLPurifier/Lexer/DirectLex.php +++ b/library/HTMLPurifier/Lexer/DirectLex.php @@ -12,7 +12,7 @@ HTMLPurifier_ConfigSchema::define( performance, and this is only strictly necessary if the counting algorithm is buggy (in which case you should report it as a bug). This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is - not being used. This directive has been available since 1.7.0. + not being used. This directive has been available since 2.0.0.

'); diff --git a/library/HTMLPurifier/Strategy/RemoveForeignElements.php b/library/HTMLPurifier/Strategy/RemoveForeignElements.php index 4fb4a21f..f62e4653 100644 --- a/library/HTMLPurifier/Strategy/RemoveForeignElements.php +++ b/library/HTMLPurifier/Strategy/RemoveForeignElements.php @@ -16,8 +16,8 @@ HTMLPurifier_ConfigSchema::define( HTMLPurifier_ConfigSchema::define( 'Core', 'RemoveScriptContents', true, 'bool', ' This directive enables HTML Purifier to remove not only script tags -but all of their contents. This directive has been available since 1.7.0, -revert to pre-1.7.0 behavior by setting to false. +but all of their contents. This directive has been available since 2.0.0, +revert to pre-2.0.0 behavior by setting to false. ' );