mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 16:31:53 +00:00
Standards compliant HTML filter written in PHP.
http://htmlpurifier.org
3b6aa10592
As part of its duties, URIDefinition determine the base URL and the host URL of the page based on the two corresponding configuration directives. The DisableExternal URIFilter, however, bypassed this check by directly checking %URI.Host. This fix forwards the call through URIDefinition. Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com> |
||
---|---|---|
art | ||
benchmarks | ||
configdoc | ||
docs | ||
extras | ||
library | ||
maintenance | ||
plugins | ||
smoketests | ||
tests | ||
.gitattributes | ||
.gitignore | ||
CREDITS | ||
Doxyfile | ||
FOCUS | ||
INSTALL | ||
INSTALL.fr.utf8 | ||
LICENSE | ||
NEWS | ||
package.php | ||
phpdoc.ini | ||
README | ||
release1-update.php | ||
release2-tag.php | ||
svn.php | ||
test-settings.sample.php | ||
TODO | ||
VERSION | ||
WHATSNEW | ||
WYSIWYG |
README All about HTML Purifier HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant. HTML Purifier is oriented towards richly formatted documents from untrusted sources that require CSS and a full tag-set. This library can be configured to accept a more restrictive set of tags, but it won't be as efficient as more bare-bones parsers. It will, however, do the job right, which may be more important. Places to go: * See INSTALL for a quick installation guide * See docs/ for developer-oriented documentation, code examples and an in-depth installation guide. * See WYSIWYG for information on editors like TinyMCE and FCKeditor HTML Purifier can be found on the web at: http://htmlpurifier.org/