Page 1 of 3
HTMLPurifier 1.0.0 stable released
Posted: Fri Sep 01, 2006 12:32 pm
by Ambush Commander
HTML Purifier is a standards compliant HTML filter. This marks the stable 1.0.0 release (even though shortly afterwards I found two small bugs

)
Download:
Edited: Navigate to
http://hp.jpsband.org/#Download for the most up-to-date version.
Demo:
http://hp.jpsband.org/live/docs/examples/demo.php
Notable changes: more CSS shorthand properties implemented, guards against malformed UTF-8, out-of-the-box support for more encodings (using iconv) and complete API documentation.
Also cross-posted at:
http://sla.ckers.org/forum/read.php?13,371
Posted: Fri Sep 01, 2006 12:56 pm
by Luke

Good job man... I don't know how anybody has spare time to do things this cool... how old are you if you don't mind me asking? (I noticed that the HTMLPurifier site is a subdomain of a highschool marching band site...)
Posted: Fri Sep 01, 2006 12:57 pm
by Ambush Commander
16.
Posted: Fri Sep 01, 2006 1:04 pm
by Luke
WOW... that blows me away. You are very talented. Keep it up... I have already found use for this library in a few projects I am doing.
Posted: Fri Sep 01, 2006 1:08 pm
by Ambush Commander
Thanks!

Posted: Fri Sep 01, 2006 1:12 pm
by Benjamin
My parents need to be punished for not buying me a computer when I was young

Posted: Fri Sep 01, 2006 2:41 pm
by matthijs
16.
Wow.
My parents need to be punished for not buying me a computer when I was young
If there were computers, that is.
(how long has php existed then?)
Posted: Fri Sep 01, 2006 2:43 pm
by feyd
If memory serves, 1995.
Posted: Fri Sep 01, 2006 3:20 pm
by Ambush Commander
Yep.
You know, come to think of it, my generation grew up alongside computers.
Posted: Sat Oct 14, 2006 8:53 pm
by Cameri
How broad is your knowledge pal?
Posted: Sun Oct 15, 2006 12:41 am
by Oren
Ambush Commander, I tried HTML Purifier few days ago and I wanted to ask... Why this: "<script>alert('message');</script>" becomes: "alert('message');"
What if I wanted to use it on a forum for example and one of the members wants to post a JavaScript question?
Posted: Sun Oct 15, 2006 10:36 am
by Chris Corbyn
Oren wrote:Ambush Commander, I tried HTML Purifier few days ago and I wanted to ask... Why this: "<script>alert('message');</script>" becomes: "alert('message');"
What if I wanted to use it on a forum for example and one of the members wants to post a JavaScript question?
If the member wants to post a JS question you'd use something like BBCode syntax to allow the part of the text to by-pass the HTMLPurifier stuff.
Posted: Sun Oct 15, 2006 11:20 am
by Oren
d11wtq wrote:If the member wants to post a JS question you'd use something like BBCode syntax to allow the part of the text to by-pass the HTMLPurifier stuff.
I don't like the idea, why not replacing it with something like this?
Code: Select all
<script>alert('message');</script>
Posted: Sun Oct 15, 2006 11:59 am
by Ambush Commander
You can use:
Code: Select all
$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'EscapeInvalidTags', true);
$purifier = new HTMLPurifier($config);
See
http://hp.jpsband.org/live/configdoc/pl ... nvalidTags for more details.
However, there's a really cool feature of HTML Purifier that should be preferred. Just write the post like this:
Code: Select all
<pre><![CDATA[<script>alert('message');</script>]]></pre>
...and HTML Purifier will automatically escape everything in between the CDATA sections. This is an XML construct that is not normally supported by HTML, but I kept it around because it's pretty darn useful.
There are a few things that I have to add to make composing HTML by hand easier:
- Automatic URL linkification
- Paragraph from doublespace
- Smileys
However, you may also want to consider giving users a WYSIWYG editor. Raw HTML is somewhat less user friendly than Textile or BBCode.
How broad is your knowledge pal?
That's a difficult question to answer.
Posted: Sun Oct 15, 2006 10:37 pm
by Ollie Saunders
Another brilliant release from AC!
Shame the PHP community mostly doesn't bother to use libraries eh?