0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 05:11:52 +00:00

Officially transition from 1.7 -> 2.0, mass substitution. Also, wrote WHATSNEW. We are in feature-freeze!

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1172 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-06-20 03:00:36 +00:00
parent da2ea348fd
commit cf7a50163c
13 changed files with 33 additions and 33 deletions

12
TODO
View File

@ -7,7 +7,7 @@ TODO List
? Maybe I'll Do It
==========================
1.8 release [Refactor, refactor!]
2.1 release [Refactor, refactor!]
# URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX)
# Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
- Configuration profiles: predefined directives set with one func call
@ -16,13 +16,13 @@ TODO List
- Allow non-ASCII characters in font names
- Genericize special cases in RemoveForeignElements
1.9 release [Error'ed]
2.2 release [Error'ed]
# Error logging for filtering/cleanup procedures
- Requires I18N facilities to be created first (COMPLEX)
- XSS-attempt detection
- More fine-grained control over escaping behavior
1.10 release [Do What I Mean, Not What I Say]
2.3 release [Do What I Mean, Not What I Say]
# Additional support for poorly written HTML
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
- Friendly strict handling of <address> (block -> <br>)
@ -37,10 +37,10 @@ TODO List
- Append something to duplicate IDs so they're still usable (impl. note: the
dupe detector would also need to detect the suffix as well)
1.11 release [It's All About Trust] (floating)
2.4 release [It's All About Trust] (floating)
# Implement untrusted, dangerous elements/attributes
2.0 release [Beyond HTML]
3.0 release [Beyond HTML]
# Legit token based CSS parsing (will require revamping almost every
AttrDef class)
# More control over allowed CSS properties (maybe modularize it in the
@ -59,7 +59,7 @@ TODO List
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
Also, enable disabling of directionality
3.0 release [To XML and Beyond]
4.0 release [To XML and Beyond]
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
- Hooks for adding custom processors to custom namespaced tags and
attributes, offer default implementation

View File

@ -1,7 +1,7 @@
The 1.6.1 release, code-named 'Ach! We missed something! Run!', completes
HTML Purifier's roster of attribute transformations. It also implements
a number of minor features (such as better font transformations, smarter
HTML parsing, the CSS property 'white-space' and XHTML 1.1), a few bug
fixes (most notably fixed __autoload compatibility issues) and a ton
of refactoring. 1.6 was for things that absolutely could not wait: this
release, developed in a more leisurely pace, fills in the gaps.
HTML Purifier 2.0 is the culmination of two major architectural changes.
The first is Tidy, which enables HTML Purifier to both natively support
deprecated elements and also convert them to standards-compliant
alternatives. The second is the Advanced API, which enables users to
create new elements and attributes with ease. Keeping in line with a
commitment to high quality, there are also four esoteric bug-fixes and a
plethora of subtle improvements that enhance the library.

View File

@ -58,14 +58,14 @@ HTMLPurifier_ConfigSchema::define(
ISO 639 language code for localizable things in HTML Purifier to use,
which is mainly error reporting. There is currently only an English (en)
translation, so this directive is currently useless.
This directive has been available since 1.7.0.
This directive has been available since 2.0.0.
');
HTMLPurifier_ConfigSchema::define(
'Core', 'CollectErrors', false, 'bool', '
Whether or not to collect errors found while filtering the document. This
is a useful way to give feedback to your users. CURRENTLY NOT IMPLEMENTED.
This directive has been available since 1.7.0.
This directive has been available since 2.0.0.
');
/**

View File

@ -24,7 +24,7 @@ HTMLPurifier_ConfigSchema::define(
), 'hash', '
Lookup array of color names to six digit hexadecimal number corresponding
to color, with preceding hash mark. Used when parsing colors.
This directive has been available since 1.7.0.
This directive has been available since 2.0.0.
');
/**

View File

@ -22,7 +22,7 @@ HTMLPurifier_ConfigSchema::define(
<p>
Revision identifier for your custom definition. See
%HTML.DefinitionRev for details. This directive has been available
since 1.7.0.
since 2.0.0.
</p>
');

View File

@ -9,7 +9,7 @@ HTMLPurifier_ConfigSchema::define(
Default is within the
HTML Purifier library inside DefinitionCache/Serializer. This
path must be writable by the webserver. This directive has been
available since 1.7.0.
available since 2.0.0.
</p>
');

View File

@ -7,7 +7,7 @@ HTMLPurifier_ConfigSchema::define(
This directive defines which method to use when caching definitions,
the complex data-type that makes HTML Purifier tick. Set to null
to disable caching (not recommended, as you will see a definite
performance degradation). This directive has been available since 1.7.0.
performance degradation). This directive has been available since 2.0.0.
');
HTMLPurifier_ConfigSchema::defineAllowedValues(

View File

@ -31,7 +31,7 @@ $def->addAttribute(\'a\', \'tabindex\', \'Number\');
an extra directive attached to it.
</p>
<p>
This directive has been available since 1.7.0, and in that version or
This directive has been available since 2.0.0, and in that version or
later you <em>must</em> specify a value to this directive to use the
advanced API features.
</p>
@ -46,7 +46,7 @@ HTMLPurifier_ConfigSchema::define(
context: revision 3 is more up-to-date then revision 2. Thus, when
this gets incremented, the cache handling is smart enough to clean
up any older revisions of your definition as well as flush the
cache. This directive has been available since 1.7.0.
cache. This directive has been available since 2.0.0.
</p>
');
@ -124,7 +124,7 @@ HTMLPurifier_ConfigSchema::define(
whitelist: directly copy-pasting it here will probably result in
broken whitelists. If %HTML.AllowedElements or %HTML.AllowedAttributes
are set, this directive has no effect.
This directive has been available since 1.7.0.
This directive has been available since 2.0.0.
</p>
');

View File

@ -18,7 +18,7 @@ There are four allowed values:</p>
<dd>Transform all deprecated elements and attributes to standards
compliant equivalents</dd>
</dl>
<p>This directive has been available since 1.7.0</p>
<p>This directive has been available since 2.0.0</p>
' );
HTMLPurifier_ConfigSchema::defineAllowedValues(
'HTML', 'TidyLevel', array('none', 'light', 'medium', 'heavy')
@ -27,13 +27,13 @@ HTMLPurifier_ConfigSchema::defineAllowedValues(
HTMLPurifier_ConfigSchema::define(
'HTML', 'TidyAdd', array(), 'lookup', '
Fixes to add to the default set of Tidy fixes as per your level. This
directive has been available since 1.7.0.
directive has been available since 2.0.0.
' );
HTMLPurifier_ConfigSchema::define(
'HTML', 'TidyRemove', array(), 'lookup', '
Fixes to remove from the default set of Tidy fixes as per your level. This
directive has been available since 1.7.0.
directive has been available since 2.0.0.
' );
/**

View File

@ -50,7 +50,7 @@ HTMLPurifier_ConfigSchema::define(
'HTML', 'Trusted', false, 'bool',
'Indicates whether or not the user input is trusted or not. If the '.
'input is trusted, a more expansive set of allowed tags and attributes '.
'will be used. This directive has been available since 1.7.0.'
'will be used. This directive has been available since 2.0.0.'
);
HTMLPurifier_ConfigSchema::define(
@ -66,7 +66,7 @@ HTMLPurifier_ConfigSchema::define(
If you specify a module that does not exist, the manager will silently
fail to use it, so be careful! User-defined modules are not affected
by this directive. Modules defined in %HTML.CoreModules are not
affected by this directive. This directive has been available since 1.7.0.
affected by this directive. This directive has been available since 2.0.0.
</p>
');
@ -86,7 +86,7 @@ HTMLPurifier_ConfigSchema::define(
type: put those modules here. By default, XHTML\'s core modules
are used. You can set this to a blank array to disable core module
protection, but this is not recommended. This directive has been
available since 1.7.0.
available since 2.0.0.
</p>
');

View File

@ -48,7 +48,7 @@ HTMLPurifier_ConfigSchema::define(
</dd>
</dl>
<p>
This directive has been available since 1.7.0.
This directive has been available since 2.0.0.
</p>
'
);
@ -61,7 +61,7 @@ HTMLPurifier_ConfigSchema::define(
significant performance degradation and should not be used when
unnecessary. This directive must be used with the DirectLex lexer,
as the DOMLex lexer does not (yet) support this functionality. This directive
has been available since 1.7.0.
has been available since 2.0.0.
</p>
');

View File

@ -12,7 +12,7 @@ HTMLPurifier_ConfigSchema::define(
performance, and this is only strictly necessary if the counting
algorithm is buggy (in which case you should report it as a bug).
This has no effect when %Core.MaintainLineNumbers is disabled or DirectLex is
not being used. This directive has been available since 1.7.0.
not being used. This directive has been available since 2.0.0.
</p>
');

View File

@ -16,8 +16,8 @@ HTMLPurifier_ConfigSchema::define(
HTMLPurifier_ConfigSchema::define(
'Core', 'RemoveScriptContents', true, 'bool', '
This directive enables HTML Purifier to remove not only script tags
but all of their contents. This directive has been available since 1.7.0,
revert to pre-1.7.0 behavior by setting to false.
but all of their contents. This directive has been available since 2.0.0,
revert to pre-2.0.0 behavior by setting to false.
'
);