mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00
Code Releases Activity
Standards compliant HTML filter written in PHP. http://htmlpurifier.org
1,373 Commits 5 Branches 66 Tags 9.3 MiB
PHP 94.5%
HTML 4.6%
XSLT 0.5%
CSS 0.3%
JavaScript 0.1%
e76f4b45d0
Go to file
Edward Z. Yang e76f4b45d0 Dramatically rewrite null host URI handling. 
Basically, browsers don't parse what should be valid URIs correctly, so
we have to go through some backbends to accomodate them.  Specifically,
for browseable URIs, the following URIs have unintended behavior:

    - ///example.com
    - http:/example.com
    - http:///example.com

Furthermore, if the path begins with //, modifying these URLs must
be done with care, as if you remove the host-name component, the
parse tree changes.

I've modified the engine to follow correct URI semantics as much
as possible while outputting browser compatible code, and invalidate
the URI in cases where we can't deal.  There has been a refactoring
of URIScheme so that this important check is always performed,
introducing a new member variable allow_empty_host which is true
on data, file, mailto and news schemes.

This also fixes bypass bugs on URI.Munge.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-01-25 18:56:46 +00:00
art [2.0.1] Implement haphazard error collection for AttrValidator. 2007-06-27 02:03:15 +00:00
benchmarks Style refresh: add/remove vimlines, fix minor factual errors. 2009-04-09 12:47:10 -04:00
configdoc Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
docs Fix two bugs with caching of customized raw definitions. 2010-12-30 23:51:53 +00:00
extras Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
library Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
maintenance Update PHPT instructions. 2010-11-21 14:00:20 +00:00
plugins Release Phorum module 4.0.0. 2009-07-09 21:12:35 -04:00
smoketests Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
tests Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
.gitattributes Add Git specific files and configuration 2008-06-24 22:02:16 -04:00
.gitignore Tighten up ignore spec. 2010-06-30 06:00:45 -07:00
CREDITS Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Doxyfile Release 4.2.0. 2010-09-15 02:52:57 -04:00
FOCUS Release 4.2.0. 2010-09-15 02:52:57 -04:00
INSTALL Add sanity check against ze1_compatibility_mode. 2010-11-12 16:15:03 +00:00
INSTALL.fr.utf8 Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
LICENSE Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
NEWS Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
package.php Add doxygen doc scripts, and fix package.php 2009-07-08 22:11:15 -04:00
phpdoc.ini Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
README Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
release1-update.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
release2-tag.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
test-settings.sample.php Update PHPT instructions. 2010-11-21 14:00:20 +00:00
TODO Shift to 4.2.0 release cycle. 2010-09-14 23:38:51 -04:00
VERSION Release 4.2.0. 2010-09-15 02:52:57 -04:00
WHATSNEW Release 4.2.0. 2010-09-15 02:52:57 -04:00
WYSIWYG Add vim modelines to all files. 2008-12-06 04:24:59 -05:00

README 

README
    All about HTML Purifier

HTML Purifier is an HTML filtering solution that uses a unique combination
of robust whitelists and agressive parsing to ensure that not only are
XSS attacks thwarted, but the resulting HTML is standards compliant.

HTML Purifier is oriented towards richly formatted documents from
untrusted sources that require CSS and a full tag-set.  This library can
be configured to accept a more restrictive set of tags, but it won't be
as efficient as more bare-bones parsers. It will, however, do the job
right, which may be more important.

Places to go:

* See INSTALL for a quick installation guide
* See docs/ for developer-oriented documentation, code examples and
  an in-depth installation guide.
* See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/

    vim: et sw=4 sts=4