mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-01-18 11:41:52 +00:00
Update TODO
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1683 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
c0f2e69c9f
commit
fae720115a
82
TODO
82
TODO
@ -7,11 +7,10 @@ TODO List
|
|||||||
? Maybe I'll Do It
|
? Maybe I'll Do It
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
If no interest is expressed for a feature that may required a considerable
|
If no interest is expressed for a feature that may require a considerable
|
||||||
amount of effort to implement, it may get endlessly delayed. Do not be
|
amount of effort to implement, it may get endlessly delayed. Do not be
|
||||||
afraid to cast your vote for the next feature to be implemented!
|
afraid to cast your vote for the next feature to be implemented!
|
||||||
|
|
||||||
|
|
||||||
UPCOMING RELEASE
|
UPCOMING RELEASE
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
@ -27,15 +26,23 @@ EXTERNAL
|
|||||||
FUTURE VERSIONS
|
FUTURE VERSIONS
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
3.2 release [Error'ed]
|
3.2 release [It's All About Trust] (floating)
|
||||||
# Error logging for filtering/cleanup procedures
|
# Implement untrusted, dangerous elements/attributes
|
||||||
- XSS-attempt detection
|
- Objects and Forms are especially wanted
|
||||||
|
# Implement IDREF support (harder than it seems, since you cannot have
|
||||||
|
IDREFs to non-existent IDs)
|
||||||
|
# Frameset XHTML 1.0 and HTML 4.01 doctypes
|
||||||
|
- Research and implement a "safe" version of the Object module
|
||||||
|
|
||||||
3.3 release [Do What I Mean, Not What I Say]
|
3.3 release [Error'ed]
|
||||||
|
# Error logging for filtering/cleanup procedures
|
||||||
|
- XSS-attempt detection--certain errors are flagged XSS-like
|
||||||
|
|
||||||
|
3.4 release [Do What I Mean, Not What I Say]
|
||||||
# Additional support for poorly written HTML
|
# Additional support for poorly written HTML
|
||||||
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
|
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
|
||||||
- Friendly strict handling of <address> (block -> <br>)
|
- Friendly strict handling of <address> (block -> <br>)
|
||||||
- Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
|
? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
|
||||||
1. Analyzing which tags to remove duplicants
|
1. Analyzing which tags to remove duplicants
|
||||||
2. Ensure attributes are merged into the parent tag
|
2. Ensure attributes are merged into the parent tag
|
||||||
3. Extend the tag exclusion system to specify whether or not the
|
3. Extend the tag exclusion system to specify whether or not the
|
||||||
@ -45,25 +52,16 @@ FUTURE VERSIONS
|
|||||||
- Remove empty inline tags<i></i>
|
- Remove empty inline tags<i></i>
|
||||||
- Append something to duplicate IDs so they're still usable (impl. note: the
|
- Append something to duplicate IDs so they're still usable (impl. note: the
|
||||||
dupe detector would also need to detect the suffix as well)
|
dupe detector would also need to detect the suffix as well)
|
||||||
- Externalize inline CSS to promote clean HTML
|
- Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg
|
||||||
|
|
||||||
3.4 release [It's All About Trust] (floating)
|
|
||||||
# Implement untrusted, dangerous elements/attributes
|
|
||||||
- Objects and Forms are especially wanted
|
|
||||||
# Implement IDREF support (harder than it seems, since you cannot have
|
|
||||||
IDREFs to non-existent IDs)
|
|
||||||
# Frameset XHTML 1.0 and HTML 4.01 doctypes
|
|
||||||
|
|
||||||
4.0 release [Beyond HTML]
|
4.0 release [Beyond HTML]
|
||||||
# Legit token based CSS parsing (will require revamping almost every
|
# Legit token based CSS parsing (will require revamping almost every
|
||||||
AttrDef class). Probably will use CSSTidy class
|
AttrDef class). Probably will use CSSTidy class?
|
||||||
# More control over allowed CSS properties (maybe modularize it in the
|
# More control over allowed CSS properties using a modularization
|
||||||
same fashion!)
|
|
||||||
# HTML 5 support
|
# HTML 5 support
|
||||||
- Standardize token armor for all areas of processing
|
- Standardize token armor for all areas of processing
|
||||||
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
||||||
Also, enable disabling of directionality
|
Also, enable disabling of directionality
|
||||||
- Table of Contents generation (XHTML Compiler might be reusable)
|
|
||||||
|
|
||||||
5.0 release [To XML and Beyond]
|
5.0 release [To XML and Beyond]
|
||||||
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
|
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
|
||||||
@ -73,50 +71,52 @@ FUTURE VERSIONS
|
|||||||
|
|
||||||
Ongoing
|
Ongoing
|
||||||
- More refactoring to take advantage of PHP5's facilities
|
- More refactoring to take advantage of PHP5's facilities
|
||||||
- Lots of profiling, make it faster!
|
- Refactor unit tests into lots of test methods
|
||||||
- Plugins for major CMSes (COMPLEX)
|
- Plugins for major CMSes (COMPLEX)
|
||||||
- phpBB
|
- phpBB
|
||||||
|
- Drupal needs loving!
|
||||||
|
- Phorum need loving!
|
||||||
- more! (look for ones that use WYSIWYGs)
|
- more! (look for ones that use WYSIWYGs)
|
||||||
- Complete basic smoketests
|
- Also, maybe a FAQ for extension writers with HTML Purifier
|
||||||
|
|
||||||
AutoFormat
|
AutoFormat
|
||||||
- Smileys
|
- Smileys
|
||||||
- Syntax highlighting with <pre> and possibly <?php
|
- Syntax highlighting with <pre> and possibly <?php
|
||||||
- Look at http://drupal.org/project/Modules/category/63 for ideas
|
- Look at http://drupal.org/project/Modules/category/63 for ideas
|
||||||
|
|
||||||
Unknown release (on a scratch-an-itch basis)
|
Neat feature related
|
||||||
# CHMOD install script for PEAR installs
|
! Factor demo.php into a set of Printer classes, and then create a stub
|
||||||
? Have 'lang' attribute be checked against official lists, achieved by
|
file for users here (inside the actual HTML Purifier library)
|
||||||
encoding all characters that have string entity equivalents
|
! Support exporting configuration, so users can easily tweak settings
|
||||||
- Abstract ChildDef_BlockQuote to work with all elements that only
|
in the demo, and then copy-paste into their own setup
|
||||||
allow blocks in them, required or optional
|
|
||||||
- Reorganize Unit Tests
|
|
||||||
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
|
- Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
|
||||||
- Implement lenient <ruby> child validation
|
- Allow scoped="scoped" attribute in <style> tags; may be troublesome
|
||||||
|
because regular CSS has no way of uniquely identifying nodes, so we'd
|
||||||
|
have to generate IDs
|
||||||
- Explain how to use HTML Purifier in non-PHP languages / create
|
- Explain how to use HTML Purifier in non-PHP languages / create
|
||||||
a simple command line stub (or complicated?)
|
a simple command line stub (or complicated?)
|
||||||
- Fixes for Firefox's inability to handle COL alignment props (Bug 915)
|
- Fixes for Firefox's inability to handle COL alignment props (Bug 915)
|
||||||
- Automatically add non-breaking spaces to empty table cells when
|
- Automatically add non-breaking spaces to empty table cells when
|
||||||
empty-cells:show is applied to have compatibility with Internet Explorer
|
empty-cells:show is applied to have compatibility with Internet Explorer
|
||||||
|
- Table of Contents generation (XHTML Compiler might be reusable). May also
|
||||||
|
be out-of-band information.
|
||||||
|
|
||||||
|
Maintenance related (slightly boring)
|
||||||
|
# CHMOD install script for PEAR installs
|
||||||
|
! Factor out command line parser into its own class, and unit test it
|
||||||
|
! Nested configuration namespaces
|
||||||
- Distinguish between default settings and explicitly set settings, so
|
- Distinguish between default settings and explicitly set settings, so
|
||||||
configurations can be merged
|
configurations can be merged
|
||||||
- Nested configuration namespaces
|
|
||||||
- Allow scoped="scoped" attribute in <style> tags; may be troublesome
|
|
||||||
because regular CSS has no way of uniquely identifying nodes, so we'd
|
|
||||||
have to generate IDs
|
|
||||||
- Time PHPT tests
|
- Time PHPT tests
|
||||||
- Factor out command line parser into its own class, and unit test it
|
|
||||||
- Factor demo.php into a set of Printer classes, and then create a stub
|
|
||||||
file for users here (inside the actual HTML Purifier library)
|
|
||||||
- Support exporting configuration, so users can easily tweak settings
|
|
||||||
in the demo, and then copy-paste into their own setup
|
|
||||||
|
|
||||||
Requested
|
ChildDef related (very boring)
|
||||||
|
- Abstract ChildDef_BlockQuote to work with all elements that only
|
||||||
|
allow blocks in them, required or optional
|
||||||
|
- Implement lenient <ruby> child validation
|
||||||
|
|
||||||
Wontfix
|
Wontfix
|
||||||
- Non-lossy smart alternate character encoding transformations (unless
|
- Non-lossy smart alternate character encoding transformations (unless
|
||||||
patch provided)
|
patch provided)
|
||||||
- Pretty-printing HTML: users can use Tidy on the output on entire page
|
- Pretty-printing HTML: users can use Tidy on the output on entire page
|
||||||
- Native content compression, whitespace stripping (don't rely on Tidy, make
|
- Native content compression, whitespace stripping: use gzip if this is
|
||||||
sure we don't remove from <pre> or related tags): use gzip if this is
|
|
||||||
really important
|
really important
|
||||||
|
Loading…
Reference in New Issue
Block a user