mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-23 00:41:52 +00:00
2d5498b8aa
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@992 48356398-32a2-884e-a903-53898d9a118a
52 lines
2.2 KiB
HTML
52 lines
2.2 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
|
<meta name="description" content="Discusses code quality issues and places that need to be refactored in HTML Purifier." />
|
|
<link rel="stylesheet" type="text/css" href="./style.css" />
|
|
|
|
<title>Code Quality Issues - HTML Purifier</title>
|
|
|
|
</head><body>
|
|
|
|
<h1>Code Quality Issues</h1>
|
|
|
|
<div id="filing">Filed under Development</div>
|
|
<div id="index">Return to the <a href="index.html">index</a>.</div>
|
|
<div id="home"><a href="http://htmlpurifier.org/">HTML Purifier</a> End-User Documentation</div>
|
|
|
|
<p>Okay, face it. Programmers can get lazy, cut corners, or make mistakes. They
|
|
also can do quick prototypes, and then forget to rewrite them later. Well,
|
|
while I can't list mistakes in here, I can list prototype-like segments
|
|
of code that should be aggressively refactored. This does not list
|
|
optimization issues, that needs to be done after intense profiling.</p>
|
|
|
|
<pre>
|
|
docs/examples/demo.php - ad hoc HTML/PHP soup to the extreme
|
|
|
|
AttrDef
|
|
Class - doesn't support Unicode characters (fringe); uses regular
|
|
expressions
|
|
Lang - code duplication; premature optimization
|
|
Length - easily mistaken for CSSLength
|
|
URI - multiple regular expressions; missing validation for parts (?)
|
|
CSS - parser doesn't accept advanced CSS (fringe)
|
|
Number - constructor interface inconsistent with Integer
|
|
ConfigSchema - redefinition is a mess
|
|
Strategy
|
|
FixNesting - cannot bubble nodes out of structures, duplicated checks
|
|
for special-case parent node
|
|
MakeWellFormed - insufficient automatic closing definitions (check HTML
|
|
spec for optional end tags, also, closing based on type (block/inline)
|
|
might be efficient).
|
|
RemoveForeignElements - should be run in parallel with MakeWellFormed
|
|
URIScheme - needs to have callable generic checks
|
|
mailto - doesn't validate emails, doesn't validate querystring
|
|
news - doesn't validate opaque path
|
|
nntp - doesn't constrain path
|
|
</pre>
|
|
|
|
<div id="version">$Id$</div>
|
|
|
|
</body></html> |