Page 1 of 3

HTMLPurifier 1.0.0 stable released

Posted: Fri Sep 01, 2006 12:32 pm
by Ambush Commander
HTML Purifier is a standards compliant HTML filter. This marks the stable 1.0.0 release (even though shortly afterwards I found two small bugs :-P)

Download:
Edited: Navigate to http://hp.jpsband.org/#Download for the most up-to-date version.

Demo:
http://hp.jpsband.org/live/docs/examples/demo.php

Notable changes: more CSS shorthand properties implemented, guards against malformed UTF-8, out-of-the-box support for more encodings (using iconv) and complete API documentation.

Also cross-posted at: http://sla.ckers.org/forum/read.php?13,371

Posted: Fri Sep 01, 2006 12:56 pm
by Luke
Image Good job man... I don't know how anybody has spare time to do things this cool... how old are you if you don't mind me asking? (I noticed that the HTMLPurifier site is a subdomain of a highschool marching band site...)

Posted: Fri Sep 01, 2006 12:57 pm
by Ambush Commander
16.

Posted: Fri Sep 01, 2006 1:04 pm
by Luke
WOW... that blows me away. You are very talented. Keep it up... I have already found use for this library in a few projects I am doing.

Posted: Fri Sep 01, 2006 1:08 pm
by Ambush Commander
Thanks! :-D

Posted: Fri Sep 01, 2006 1:12 pm
by Benjamin
My parents need to be punished for not buying me a computer when I was young :evil:

Posted: Fri Sep 01, 2006 2:41 pm
by matthijs
16.
Wow.
My parents need to be punished for not buying me a computer when I was young
If there were computers, that is.
(how long has php existed then?)

Posted: Fri Sep 01, 2006 2:43 pm
by feyd
If memory serves, 1995.

Posted: Fri Sep 01, 2006 3:20 pm
by Ambush Commander
Yep.

You know, come to think of it, my generation grew up alongside computers.

Posted: Sat Oct 14, 2006 8:53 pm
by Cameri
How broad is your knowledge pal?

Posted: Sun Oct 15, 2006 12:41 am
by Oren
Ambush Commander, I tried HTML Purifier few days ago and I wanted to ask... Why this: "<script>alert('message');</script>" becomes: "alert('message');"
What if I wanted to use it on a forum for example and one of the members wants to post a JavaScript question?

Posted: Sun Oct 15, 2006 10:36 am
by Chris Corbyn
Oren wrote:Ambush Commander, I tried HTML Purifier few days ago and I wanted to ask... Why this: "<script>alert('message');</script>" becomes: "alert('message');"
What if I wanted to use it on a forum for example and one of the members wants to post a JavaScript question?
If the member wants to post a JS question you'd use something like BBCode syntax to allow the part of the text to by-pass the HTMLPurifier stuff.

Posted: Sun Oct 15, 2006 11:20 am
by Oren
d11wtq wrote:If the member wants to post a JS question you'd use something like BBCode syntax to allow the part of the text to by-pass the HTMLPurifier stuff.
I don't like the idea, why not replacing it with something like this?

Code: Select all

<script>alert('message');</script>

Posted: Sun Oct 15, 2006 11:59 am
by Ambush Commander
You can use:

Code: Select all

$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'EscapeInvalidTags', true);
$purifier = new HTMLPurifier($config);
See http://hp.jpsband.org/live/configdoc/pl ... nvalidTags for more details.

However, there's a really cool feature of HTML Purifier that should be preferred. Just write the post like this:

Code: Select all

<pre><![CDATA[<script>alert('message');</script>]]></pre>
...and HTML Purifier will automatically escape everything in between the CDATA sections. This is an XML construct that is not normally supported by HTML, but I kept it around because it's pretty darn useful.

There are a few things that I have to add to make composing HTML by hand easier:
- Automatic URL linkification
- Paragraph from doublespace
- Smileys

However, you may also want to consider giving users a WYSIWYG editor. Raw HTML is somewhat less user friendly than Textile or BBCode.
How broad is your knowledge pal?
That's a difficult question to answer.

Posted: Sun Oct 15, 2006 10:37 pm
by Ollie Saunders
Another brilliant release from AC!
Shame the PHP community mostly doesn't bother to use libraries eh?