0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-18 11:41:52 +00:00

Update TODO

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1683 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2008-04-22 20:57:11 +00:00
parent c0f2e69c9f
commit fae720115a

82
TODO
View File

@ -7,11 +7,10 @@ TODO List
? Maybe I'll Do It ? Maybe I'll Do It
========================== ==========================
If no interest is expressed for a feature that may required a considerable If no interest is expressed for a feature that may require a considerable
amount of effort to implement, it may get endlessly delayed. Do not be amount of effort to implement, it may get endlessly delayed. Do not be
afraid to cast your vote for the next feature to be implemented! afraid to cast your vote for the next feature to be implemented!
UPCOMING RELEASE UPCOMING RELEASE
---------------- ----------------
@ -27,15 +26,23 @@ EXTERNAL
FUTURE VERSIONS FUTURE VERSIONS
--------------- ---------------
3.2 release [Error'ed] 3.2 release [It's All About Trust] (floating)
# Error logging for filtering/cleanup procedures # Implement untrusted, dangerous elements/attributes
- XSS-attempt detection - Objects and Forms are especially wanted
# Implement IDREF support (harder than it seems, since you cannot have
IDREFs to non-existent IDs)
# Frameset XHTML 1.0 and HTML 4.01 doctypes
- Research and implement a "safe" version of the Object module
3.3 release [Do What I Mean, Not What I Say] 3.3 release [Error'ed]
# Error logging for filtering/cleanup procedures
- XSS-attempt detection--certain errors are flagged XSS-like
3.4 release [Do What I Mean, Not What I Say]
# Additional support for poorly written HTML # Additional support for poorly written HTML
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
- Friendly strict handling of <address> (block -> <br>) - Friendly strict handling of <address> (block -> <br>)
- Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes: ? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
1. Analyzing which tags to remove duplicants 1. Analyzing which tags to remove duplicants
2. Ensure attributes are merged into the parent tag 2. Ensure attributes are merged into the parent tag
3. Extend the tag exclusion system to specify whether or not the 3. Extend the tag exclusion system to specify whether or not the
@ -45,25 +52,16 @@ FUTURE VERSIONS
- Remove empty inline tags<i></i> - Remove empty inline tags<i></i>
- Append something to duplicate IDs so they're still usable (impl. note: the - Append something to duplicate IDs so they're still usable (impl. note: the
dupe detector would also need to detect the suffix as well) dupe detector would also need to detect the suffix as well)
- Externalize inline CSS to promote clean HTML - Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg
3.4 release [It's All About Trust] (floating)
# Implement untrusted, dangerous elements/attributes
- Objects and Forms are especially wanted
# Implement IDREF support (harder than it seems, since you cannot have
IDREFs to non-existent IDs)
# Frameset XHTML 1.0 and HTML 4.01 doctypes
4.0 release [Beyond HTML] 4.0 release [Beyond HTML]
# Legit token based CSS parsing (will require revamping almost every # Legit token based CSS parsing (will require revamping almost every
AttrDef class). Probably will use CSSTidy class AttrDef class). Probably will use CSSTidy class?
# More control over allowed CSS properties (maybe modularize it in the # More control over allowed CSS properties using a modularization
same fashion!)
# HTML 5 support # HTML 5 support
- Standardize token armor for all areas of processing - Standardize token armor for all areas of processing
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand. - Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
Also, enable disabling of directionality Also, enable disabling of directionality
- Table of Contents generation (XHTML Compiler might be reusable)
5.0 release [To XML and Beyond] 5.0 release [To XML and Beyond]
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
@ -73,50 +71,52 @@ FUTURE VERSIONS
Ongoing Ongoing
- More refactoring to take advantage of PHP5's facilities - More refactoring to take advantage of PHP5's facilities
- Lots of profiling, make it faster! - Refactor unit tests into lots of test methods
- Plugins for major CMSes (COMPLEX) - Plugins for major CMSes (COMPLEX)
- phpBB - phpBB
- Drupal needs loving!
- Phorum need loving!
- more! (look for ones that use WYSIWYGs) - more! (look for ones that use WYSIWYGs)
- Complete basic smoketests - Also, maybe a FAQ for extension writers with HTML Purifier
AutoFormat AutoFormat
- Smileys - Smileys
- Syntax highlighting with <pre> and possibly <?php - Syntax highlighting with <pre> and possibly <?php
- Look at http://drupal.org/project/Modules/category/63 for ideas - Look at http://drupal.org/project/Modules/category/63 for ideas
Unknown release (on a scratch-an-itch basis) Neat feature related
# CHMOD install script for PEAR installs ! Factor demo.php into a set of Printer classes, and then create a stub
? Have 'lang' attribute be checked against official lists, achieved by file for users here (inside the actual HTML Purifier library)
encoding all characters that have string entity equivalents ! Support exporting configuration, so users can easily tweak settings
- Abstract ChildDef_BlockQuote to work with all elements that only in the demo, and then copy-paste into their own setup
allow blocks in them, required or optional
- Reorganize Unit Tests
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt) - Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
- Implement lenient <ruby> child validation - Allow scoped="scoped" attribute in <style> tags; may be troublesome
because regular CSS has no way of uniquely identifying nodes, so we'd
have to generate IDs
- Explain how to use HTML Purifier in non-PHP languages / create - Explain how to use HTML Purifier in non-PHP languages / create
a simple command line stub (or complicated?) a simple command line stub (or complicated?)
- Fixes for Firefox's inability to handle COL alignment props (Bug 915) - Fixes for Firefox's inability to handle COL alignment props (Bug 915)
- Automatically add non-breaking spaces to empty table cells when - Automatically add non-breaking spaces to empty table cells when
empty-cells:show is applied to have compatibility with Internet Explorer empty-cells:show is applied to have compatibility with Internet Explorer
- Table of Contents generation (XHTML Compiler might be reusable). May also
be out-of-band information.
Maintenance related (slightly boring)
# CHMOD install script for PEAR installs
! Factor out command line parser into its own class, and unit test it
! Nested configuration namespaces
- Distinguish between default settings and explicitly set settings, so - Distinguish between default settings and explicitly set settings, so
configurations can be merged configurations can be merged
- Nested configuration namespaces
- Allow scoped="scoped" attribute in <style> tags; may be troublesome
because regular CSS has no way of uniquely identifying nodes, so we'd
have to generate IDs
- Time PHPT tests - Time PHPT tests
- Factor out command line parser into its own class, and unit test it
- Factor demo.php into a set of Printer classes, and then create a stub
file for users here (inside the actual HTML Purifier library)
- Support exporting configuration, so users can easily tweak settings
in the demo, and then copy-paste into their own setup
Requested ChildDef related (very boring)
- Abstract ChildDef_BlockQuote to work with all elements that only
allow blocks in them, required or optional
- Implement lenient <ruby> child validation
Wontfix Wontfix
- Non-lossy smart alternate character encoding transformations (unless - Non-lossy smart alternate character encoding transformations (unless
patch provided) patch provided)
- Pretty-printing HTML: users can use Tidy on the output on entire page - Pretty-printing HTML: users can use Tidy on the output on entire page
- Native content compression, whitespace stripping (don't rely on Tidy, make - Native content compression, whitespace stripping: use gzip if this is
sure we don't remove from <pre> or related tags): use gzip if this is
really important really important