mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 23:28:42 +00:00
4ee1bf94e3
- Add TODO request about Phalanger, something to do if I'm really bored - Update XSS attacks - Minor formatting/grammar fixes in documentation git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@502 48356398-32a2-884e-a903-53898d9a118a
61 lines
2.3 KiB
Plaintext
61 lines
2.3 KiB
Plaintext
|
|
TODO List
|
|
|
|
Ongoing
|
|
- Lots of profiling, make it faster!
|
|
- Plugins for major CMSes (very tricky issue)
|
|
|
|
1.2 release
|
|
- Make URI validation routines tighter (especially mailto)
|
|
- More extensive URI filtering schemes
|
|
- Allow for background-image and list-style-image (see above)
|
|
- Distinguish between different types of URIs, for instance, a mailto URI
|
|
in IMG SRC is nonsensical
|
|
- Error logging for filtering/cleanup procedures
|
|
|
|
1.3 release
|
|
- Add various "levels" of cleaning
|
|
- Related: Allow strict (X)HTML
|
|
|
|
1.4 release
|
|
- Additional support for poorly written HTML
|
|
- Implement all non-essential attribute transforms
|
|
- Microsoft Word HTML cleaning (i.e. MsoNormal)
|
|
|
|
2.0 release
|
|
- Formatters for plaintext
|
|
- Auto-paragraphing (be sure to leverage fact that we know when things
|
|
shouldn't be paragraphed, such as lists and tables).
|
|
- Linkify URLs
|
|
- Smileys
|
|
|
|
3.0 release
|
|
- Extended HTML capabilities based on namespacing and tag transforms
|
|
- Hooks for adding custom processors to custom namespaced tags and
|
|
attributes, offer default implementation
|
|
- Lots of documentation and samples
|
|
|
|
Unknown release (on a scratch-an-itch basis)
|
|
- Silently drop content inbetween SCRIPT tags (can be generalized to allow
|
|
specification of elements that, when detected as foreign, trigger removal
|
|
of children, although unbalanced tags could wreck havoc (or at least delete
|
|
the rest of the document)).
|
|
- Fixes for Firefox's inability to handle COL alignment props (Bug 915)
|
|
- Automatically add non-breaking spaces to empty table cells when
|
|
empty-cells:show is applied to have compatibility with Internet Explorer
|
|
- Non-lossy dumb alternate character encoding transformations, achieved by
|
|
numerically encoding all non-ASCII characters
|
|
- Semi-lossy dumb alternate character encoding transformations, achieved by
|
|
encoding all characters that have string entity equivalents
|
|
- Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand.
|
|
Also, enable disabling of directionality
|
|
|
|
Requested
|
|
- Native content compression, whitespace stripping (don't rely on Tidy, make
|
|
sure we don't remove from pre tags)
|
|
- Win32 Phalanger C# binaries
|
|
|
|
Wontfix
|
|
- Non-lossy smart alternate character encoding transformations
|
|
- Pretty-printing HTML, users can use Tidy on the output on entire page
|