mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
98b4e70a93
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1237 48356398-32a2-884e-a903-53898d9a118a
92 lines
3.6 KiB
Plaintext
92 lines
3.6 KiB
Plaintext
|
|
TODO List
|
|
|
|
= KEY ====================
|
|
# Flagship
|
|
- Regular
|
|
? Maybe I'll Do It
|
|
==========================
|
|
|
|
2.1 release [Refactor, refactor!]
|
|
# URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX)
|
|
# Advanced URI filtering schemes (see docs/proposal-new-directives.txt)
|
|
# Ruby support
|
|
- Configuration profiles: predefined directives set with one func call
|
|
- Implement IDREF support (harder than it seems, since you cannot have
|
|
IDREFs to non-existent IDs)
|
|
- Allow non-ASCII characters in font names
|
|
|
|
2.2 release [Error'ed]
|
|
# Error logging for filtering/cleanup procedures
|
|
- XSS-attempt detection
|
|
|
|
2.3 release [Do What I Mean, Not What I Say]
|
|
# Additional support for poorly written HTML
|
|
- Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
|
|
- Friendly strict handling of <address> (block -> <br>)
|
|
- Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes:
|
|
1. Analyzing which tags to remove duplicants
|
|
2. Ensure attributes are merged into the parent tag
|
|
3. Extend the tag exclusion system to specify whether or not the
|
|
contents should be dropped or not (currently, there's code that could do
|
|
something like this if it didn't drop the inner text too.)
|
|
- Remove <span> tags that don't do anything (no attributes)
|
|
- Remove empty inline tags<i></i>
|
|
- Append something to duplicate IDs so they're still usable (impl. note: the
|
|
dupe detector would also need to detect the suffix as well)
|
|
|
|
2.4 release [It's All About Trust] (floating)
|
|
# Implement untrusted, dangerous elements/attributes
|
|
|
|
3.0 release [Beyond HTML]
|
|
# Legit token based CSS parsing (will require revamping almost every
|
|
AttrDef class)
|
|
# More control over allowed CSS properties (maybe modularize it in the
|
|
same fashion!)
|
|
# Formatters for plaintext
|
|
- Smileys
|
|
- Standardize token armor for all areas of processing
|
|
- Fixes for Firefox's inability to handle COL alignment props (Bug 915)
|
|
- Automatically add non-breaking spaces to empty table cells when
|
|
empty-cells:show is applied to have compatibility with Internet Explorer
|
|
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
|
Also, enable disabling of directionality
|
|
|
|
4.0 release [To XML and Beyond]
|
|
- Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
|
|
- Hooks for adding custom processors to custom namespaced tags and
|
|
attributes, offer default implementation
|
|
- Lots of documentation and samples
|
|
|
|
Ongoing
|
|
- Lots of profiling, make it faster!
|
|
- Plugins for major CMSes (COMPLEX)
|
|
- WordPress (mostly written, needs beta-testing)
|
|
- phpBB
|
|
- Phorum
|
|
- eFiction
|
|
- more! (look for ones that use WYSIWYGs)
|
|
- Complete basic smoketests
|
|
|
|
Unknown release (on a scratch-an-itch basis)
|
|
? Semi-lossy dumb alternate character encoding transfor
|
|
? Have 'lang' attribute be checked against official lists, achieved by
|
|
encoding all characters that have string entity equivalents
|
|
- Explain how to use HTML Purifier in non-PHP languages / create
|
|
a simple command line stub
|
|
- Abstract ChildDef_BlockQuote to work with all elements that only
|
|
allow blocks in them, required or optional
|
|
- Reorganize Unit Tests
|
|
- Refactor loop tests (esp. AttrDef_URI)
|
|
- Reorganize configuration directives (Create more namespaces! Get messy!)
|
|
|
|
Requested
|
|
|
|
Wontfix
|
|
- Non-lossy smart alternate character encoding transformations (unless
|
|
patch provided)
|
|
- Pretty-printing HTML, users can use Tidy on the output on entire page
|
|
- Native content compression, whitespace stripping (don't rely on Tidy, make
|
|
sure we don't remove from <pre> or related tags): use gzip if this is
|
|
really important
|