TODO List = KEY ==================== # Flagship - Regular ? Maybe I'll Do It ========================== If no interest is expressed for a feature that may require a considerable amount of effort to implement, it may get endlessly delayed. Do not be afraid to cast your vote for the next feature to be implemented! - Investigate how early internal structures can be accessed; this would prevent structures from being parsed and serialized multiple times. - Built-in support for target="_blank" on all external links - Incorporate data: support as implemented here: http://htmlpurifier.org/phorum/read.php?3,3491,3548 - Fix ImgRequired to handle data correctly - Think about allowing explicit order of operations hooks for transforms - Allow more relaxed "class" definition than NMTOKENS for appropriate doctypes - Lock when configuring Definition objects so we CAN'T access configuration directives outside of what dependency has been registered. FUTURE VERSIONS --------------- 4.1 release [It's All About Trust] (floating) # Implement untrusted, dangerous elements/attributes # Implement IDREF support (harder than it seems, since you cannot have IDREFs to non-existent IDs) # Frameset XHTML 1.0 and HTML 4.01 doctypes - Implement - Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?) 4.2 release [Error'ed] # Error logging for filtering/cleanup procedures - XSS-attempt detection--certain errors are flagged XSS-like 4.3 release [Do What I Mean, Not What I Say] # Additional support for poorly written HTML - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) - Friendly strict handling of
(block ->and possibly tags; may be troublesome because regular CSS has no way of uniquely identifying nodes, so we'd have to generate IDs - Explain how to use HTML Purifier in non-PHP languages / create a simple command line stub (or complicated?) - Fixes for Firefox's inability to handle COL alignment props (Bug 915) - Automatically add non-breaking spaces to empty table cells when empty-cells:show is applied to have compatibility with Internet Explorer - Table of Contents generation (XHTML Compiler might be reusable). May also be out-of-band information. - Full set of color keywords. Also, a way to add onto them without finalizing the configuration object. - Write a var_export and memcached DefinitionCache - Denis - Allow restriction of allowed class values Maintenance related (slightly boring) # CHMOD install script for PEAR installs ! Factor out command line parser into its own class, and unit test it ! Nested configuration namespaces - Distinguish between default settings and explicitly set settings, so configurations can be merged - Time PHPT tests ChildDef related (very boring) - Abstract ChildDef_BlockQuote to work with all elements that only allow blocks in them, required or optional - Implement lenient child validation Wontfix - Non-lossy smart alternate character encoding transformations (unless patch provided) - Pretty-printing HTML: users can use Tidy on the output on entire page - Native content compression, whitespace stripping: use gzip if this is really important vim: et sw=4 sts=4