mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 15:28:40 +00:00
e2cc37724b
- Move SLOW to docs/enduser-slow.html and add code examples - Update README and WYSIWYG - Add warning to HTMLPurifier.func.php about naming similarities git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@635 48356398-32a2-884e-a903-53898d9a118a
23 lines
1.0 KiB
Plaintext
23 lines
1.0 KiB
Plaintext
|
|
WYSIWYG - What You See Is What You Get
|
|
HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditor
|
|
|
|
Javascript-based WYSIWYG editors, simply stated, are quite amazing. But I've
|
|
always been wary about using them due to security issues: they handle the
|
|
client-side magic, but once you've been served a piping hot load of unfiltered
|
|
HTML, what should be done then? In some situations, you can serve it uncleaned,
|
|
since you only offer these facilities to trusted(?) authors.
|
|
|
|
Unfortunantely, for blog comments and anonymous input, BBCode, Textile and
|
|
other markup languages still reign supreme. Put simply: filtering HTML is
|
|
hard work, and these WYSIWYG authors don't offer anything to alleviate that
|
|
trouble. Therein lies the solution:
|
|
|
|
HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors.
|
|
|
|
Enough said.
|
|
|
|
There is a proof-of-concept integration of HTML Purifier with the Mantis
|
|
bugtracker at http://hp.jpsband.org/mantis/ You can see notes on how
|
|
this integration was acheived at http://hp.jpsband.org/mantis_notes.txt
|