mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-08 06:48:42 +00:00
Code Releases Activity
Standards compliant HTML filter written in PHP. http://htmlpurifier.org
1,199 Commits 5 Branches 66 Tags 9.3 MiB
PHP 94.5%
HTML 4.6%
XSLT 0.5%
CSS 0.3%
JavaScript 0.1%
aa0fdeee30
Go to file
Edward Z. Yang aa0fdeee30 Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true 
By default, the DirectLex and DOMLex behavior with stray angled brackets
varied a great deal due to their implementations. A little known directive
%Core.AggressivelyFixLt attempted to match DOMLex's behavior with DirectLex's,
but it was off by default. By turning it on by default, users now enjoy these
benefits, and performance-minded users can turn it back off.

Also, several refinements to stray angled bracket parsing was made. Specifically:

* DirectLex: Handle each left angled bracket individually, which prevents
  strange behavior as reported by eon.
* DOMLex: Iterate aggressive lt fix, so that stacked brackets like << are
  handled.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-07-07 08:52:29 -04:00
art [2.0.1] Implement haphazard error collection for AttrValidator. 2007-06-27 02:03:15 +00:00
benchmarks [3.1.1] Memory optimizations for ConfigSchema. Changes include: 2008-05-23 16:43:24 +00:00
configdoc Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true 2008-07-07 08:52:29 -04:00
docs Remove incorrect information about bit-size 2008-06-24 22:12:56 -04:00
extras [3.1.0] Feature parity with configdoc rewrite 2008-04-22 01:58:06 +00:00
library Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true 2008-07-07 08:52:29 -04:00
maintenance Handle CRLF discrepancies 2008-06-24 21:10:51 -04:00
plugins Handle CRLF discrepancies 2008-06-24 21:10:51 -04:00
smoketests [3.1.1] Land vs's HTMLPurifier_Generator patch, and a number of other bugfixes for that change 2008-05-26 04:05:48 +00:00
tests Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true 2008-07-07 08:52:29 -04:00
.gitattributes Add Git specific files and configuration 2008-06-24 22:02:16 -04:00
.gitignore Add ignore rules for configdoc generated files. 2008-06-27 00:14:39 -04:00
CREDITS [1.2.0] Update documentation paths. 2006-11-19 04:37:26 +00:00
Doxyfile Release 3.1.1 2008-06-19 21:43:57 +00:00
FOCUS Add some extra helpful data for FOCUS 2008-06-20 02:59:01 +00:00
INSTALL Implement without-bcmath compatible UnitConverter. We might want to factor our floating point fudges. These calculations are only accurate for small precisions, and are architecture-dependent. (Unit tests seem to work on 32bit, though). 2008-05-21 00:29:31 +00:00
INSTALL.fr.utf8 [3.1.0] Update French documentation. 2008-04-22 20:43:47 +00:00
LICENSE Rename so that there's no txt extension, adhering with good practices. 2006-08-16 03:57:02 +00:00
NEWS Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true 2008-07-07 08:52:29 -04:00
package.php Minor documentation updates; we're going to bite the bullet and tell PEAR users to change their installs. 2008-04-22 06:47:45 +00:00
phpdoc.ini Make phpdoc more efficient, ignore the conf directory 2007-11-06 17:50:30 +00:00
README Miscellaneous URL updates. 2007-04-22 22:26:20 +00:00
release1-update.php Add some extra helpful data for FOCUS 2008-06-20 02:59:01 +00:00
release2-tag.php Update release scripts, also, remove errant space from VERSION. 2008-01-08 01:20:12 +00:00
svn.php Update release scripts, also, remove errant space from VERSION. 2008-01-08 01:20:12 +00:00
test-settings.sample.php More documentation updates. 2008-04-10 02:56:46 +00:00
TODO Proper support for name attribute in <a> and <img> 2008-06-27 15:44:27 -04:00
VERSION Release 3.1.1 2008-06-19 21:43:57 +00:00
WHATSNEW Add update Freshmeat script. 2008-06-20 01:48:46 +00:00
WYSIWYG Update WYSIWYG by removing Mantis link: bugtracker is no longer active. 2007-05-20 19:56:16 +00:00

README 

README
    All about HTML Purifier

HTML Purifier is an HTML filtering solution that uses a unique combination 
of robust whitelists and agressive parsing to ensure that not only are 
XSS attacks thwarted, but the resulting HTML is standards compliant. 

HTML Purifier is oriented towards richly formatted documents from 
untrusted sources that require CSS and a full tag-set.  This library can 
be configured to accept a more restrictive set of tags, but it won't be 
as efficient as more bare-bones parsers. It will, however, do the job 
right, which may be more important. 

Places to go:

* See INSTALL for a quick installation guide
* See docs/ for developer-oriented documentation, code examples and
  an in-depth installation guide.
* See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/