htmlpurifier/docs/dev-code-quality.html

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Discusses code quality issues in HTML Purifier." />
<link rel="stylesheet" type="text/css" href="./style.css" />

<title>Code Quality Issues - HTML Purifier End-User Documentation</title>

</head><body>

<h1>Code Quality Issues</h1>

<p>Okay, face it.  Programmers can get lazy, cut corners, or make mistakes. They
also can do quick prototypes, and then forget to rewrite them later.  Well,
while I can't list mistakes in here, I can list prototype-like segments
of code that should be aggressively refactored.  This does not list
optimization issues, that needs to be done after intense profiling.</p>

<pre>
AttrDef
    Class - doesn't support Unicode characters (fringe); uses regular
        expressions
    Lang - code duplication; premature optimization
    Length - easily mistaken for CSSLength
    URI - multiple regular expressions; missing validation for parts (?)
    CSS - parser doesn't accept advanced CSS (fringe)
    Number - constructor interface inconsistent with Integer
ConfigSchema - redefinition is a mess
Strategy
    FixNesting - cannot bubble nodes out of structures
    MakeWellFormed - insufficient automatic closing definitions (check HTML
        spec for optional end tags, also, closing based on type (block/inline)
        might be efficient).
    RemoveForeignElements - should be run in parallel with MakeWellFormed
URIScheme - needs to have callable generic checks
    mailto - doesn't validate emails, doesn't validate querystring
    news - doesn't validate opaque path
    nntp - doesn't constrain path
</pre>

<div id="version">$Id$</div>

</body></html>