mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-03-11 17:18:44 +00:00
Code Releases Activity
1,225 Commits 7 Branches 66 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Edward Z. Yang fa413e96ac Implement Injector->handleEnd, with lots of refactoring for injector. 
Previous design of injector streaming involved editability only to start, empty
and text tokens, because they could be safely modified without causing formedness
errors.  By modifying notifyEnd to operate before MakeWellFormed's safeguards
kick into effect, it can be converted into a handle function, allowing for
arbitrary modification of end tags.

This change involved quite a bit of restructuring of the MakeWellFormed code,
including the moving of end of document tags to inside the loop, so rewinding
on those tags would be functional, increased reuse of the end tag codepath by
code that inserts end tags (as they could be changed out from under you), and
processToken modified to have an extra parameter to force re-processing of
a token if the original token was an end token.

We're not exactly sure if handleEnd works at this point, but the important
talking point about this refactoring is that nothing else broke. Also, a number
of convenience functions were moved from AutoParagraph to the Injector
supertype (specifically: forward, forwardToEndToken, backward, and current).

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-10-01 00:54:51 -04:00
art
[2.0.1] Implement haphazard error collection for AttrValidator.
2007-06-27 02:03:15 +00:00
benchmarks
[3.1.1] Memory optimizations for ConfigSchema. Changes include:
2008-05-23 16:43:24 +00:00
configdoc
Setup ErrorCollector to maintain new error format, and output that HTML.
2008-09-15 19:08:58 -04:00
docs
Update customize docs to use new directive name for definition caching.
2008-09-02 16:38:40 -04:00
extras
[3.1.0] Feature parity with configdoc rewrite
2008-04-22 01:58:06 +00:00
library
Implement Injector->handleEnd, with lots of refactoring for injector.
2008-10-01 00:54:51 -04:00
maintenance
Handle CRLF discrepancies
2008-06-24 21:10:51 -04:00
plugins
Handle CRLF discrepancies
2008-06-24 21:10:51 -04:00
smoketests
[3.1.1] Land vs's HTMLPurifier_Generator patch, and a number of other bugfixes for that change
2008-05-26 04:05:48 +00:00
tests
Implement Injector->handleEnd, with lots of refactoring for injector.
2008-10-01 00:54:51 -04:00
.gitattributes
Add Git specific files and configuration
2008-06-24 22:02:16 -04:00
.gitignore
Add ignore rules for configdoc generated files.
2008-06-27 00:14:39 -04:00
CREDITS
[1.2.0] Update documentation paths.
2006-11-19 04:37:26 +00:00
Doxyfile
Release 3.1.1
2008-06-19 21:43:57 +00:00
FOCUS
Add some extra helpful data for FOCUS
2008-06-20 02:59:01 +00:00
INSTALL
Implement without-bcmath compatible UnitConverter. We might want to factor our floating point fudges. These calculations are only accurate for small precisions, and are architecture-dependent. (Unit tests seem to work on 32bit, though).
2008-05-21 00:29:31 +00:00
INSTALL.fr.utf8
[3.1.0] Update French documentation.
2008-04-22 20:43:47 +00:00
LICENSE
Rename so that there's no txt extension, adhering with good practices.
2006-08-16 03:57:02 +00:00
NEWS
Implement Injector->handleEnd, with lots of refactoring for injector.
2008-10-01 00:54:51 -04:00
package.php
Minor documentation updates; we're going to bite the bullet and tell PEAR users to change their installs.
2008-04-22 06:47:45 +00:00
phpdoc.ini
Make phpdoc more efficient, ignore the conf directory
2007-11-06 17:50:30 +00:00
README
Miscellaneous URL updates.
2007-04-22 22:26:20 +00:00
release1-update.php
Add some extra helpful data for FOCUS
2008-06-20 02:59:01 +00:00
release2-tag.php
Update release scripts, also, remove errant space from VERSION.
2008-01-08 01:20:12 +00:00
svn.php
Update release scripts, also, remove errant space from VERSION.
2008-01-08 01:20:12 +00:00
test-settings.sample.php
More documentation updates.
2008-04-10 02:56:46 +00:00
TODO
Forms implementation for %HTML.Trusted. Some backend changes:
2008-08-15 18:57:44 -04:00
VERSION
Release 3.1.1
2008-06-19 21:43:57 +00:00
WHATSNEW
Add update Freshmeat script.
2008-06-20 01:48:46 +00:00
WYSIWYG
Update WYSIWYG by removing Mantis link: bugtracker is no longer active.
2007-05-20 19:56:16 +00:00

README 

README
    All about HTML Purifier

HTML Purifier is an HTML filtering solution that uses a unique combination 
of robust whitelists and agressive parsing to ensure that not only are 
XSS attacks thwarted, but the resulting HTML is standards compliant. 

HTML Purifier is oriented towards richly formatted documents from 
untrusted sources that require CSS and a full tag-set.  This library can 
be configured to accept a more restrictive set of tags, but it won't be 
as efficient as more bare-bones parsers. It will, however, do the job 
right, which may be more important. 

Places to go:

* See INSTALL for a quick installation guide
* See docs/ for developer-oriented documentation, code examples and
  an in-depth installation guide.
* See WYSIWYG for information on editors like TinyMCE and FCKeditor

HTML Purifier can be found on the web at: http://htmlpurifier.org/
Description
Standards compliant HTML filter written in PHP.
http://htmlpurifier.org
Readme LGPL-2.1 9.9 MiB
Languages
PHP 94.5%
HTML 4.6%
XSLT 0.5%
CSS 0.3%
JavaScript 0.1%