HTMLPurifier 1.0.0 stable released

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

HTMLPurifier 1.0.0 stable released

Post by Ambush Commander »

HTML Purifier is a standards compliant HTML filter. This marks the stable 1.0.0 release (even though shortly afterwards I found two small bugs :-P)

Download:
Edited: Navigate to http://hp.jpsband.org/#Download for the most up-to-date version.

Demo:
http://hp.jpsband.org/live/docs/examples/demo.php

Notable changes: more CSS shorthand properties implemented, guards against malformed UTF-8, out-of-the-box support for more encodings (using iconv) and complete API documentation.

Also cross-posted at: http://sla.ckers.org/forum/read.php?13,371
Last edited by Ambush Commander on Sun Oct 15, 2006 12:30 pm, edited 1 time in total.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Image Good job man... I don't know how anybody has spare time to do things this cool... how old are you if you don't mind me asking? (I noticed that the HTMLPurifier site is a subdomain of a highschool marching band site...)
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

16.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

WOW... that blows me away. You are very talented. Keep it up... I have already found use for this library in a few projects I am doing.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Thanks! :-D
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

My parents need to be punished for not buying me a computer when I was young :evil:
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

16.
Wow.
My parents need to be punished for not buying me a computer when I was young
If there were computers, that is.
(how long has php existed then?)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If memory serves, 1995.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Yep.

You know, come to think of it, my generation grew up alongside computers.
User avatar
Cameri
Forum Commoner
Posts: 87
Joined: Tue Apr 12, 2005 4:12 pm
Location: Santo Domingo, Dominican Republic

Post by Cameri »

How broad is your knowledge pal?
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

Ambush Commander, I tried HTML Purifier few days ago and I wanted to ask... Why this: "<script>alert('message');</script>" becomes: "alert('message');"
What if I wanted to use it on a forum for example and one of the members wants to post a JavaScript question?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Oren wrote:Ambush Commander, I tried HTML Purifier few days ago and I wanted to ask... Why this: "<script>alert('message');</script>" becomes: "alert('message');"
What if I wanted to use it on a forum for example and one of the members wants to post a JavaScript question?
If the member wants to post a JS question you'd use something like BBCode syntax to allow the part of the text to by-pass the HTMLPurifier stuff.
User avatar
Oren
DevNet Resident
Posts: 1640
Joined: Fri Apr 07, 2006 5:13 am
Location: Israel

Post by Oren »

d11wtq wrote:If the member wants to post a JS question you'd use something like BBCode syntax to allow the part of the text to by-pass the HTMLPurifier stuff.
I don't like the idea, why not replacing it with something like this?

Code: Select all

<script>alert('message');</script>
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

You can use:

Code: Select all

$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'EscapeInvalidTags', true);
$purifier = new HTMLPurifier($config);
See http://hp.jpsband.org/live/configdoc/pl ... nvalidTags for more details.

However, there's a really cool feature of HTML Purifier that should be preferred. Just write the post like this:

Code: Select all

<pre><![CDATA[<script>alert('message');</script>]]></pre>
...and HTML Purifier will automatically escape everything in between the CDATA sections. This is an XML construct that is not normally supported by HTML, but I kept it around because it's pretty darn useful.

There are a few things that I have to add to make composing HTML by hand easier:
- Automatic URL linkification
- Paragraph from doublespace
- Smileys

However, you may also want to consider giving users a WYSIWYG editor. Raw HTML is somewhat less user friendly than Textile or BBCode.
How broad is your knowledge pal?
That's a difficult question to answer.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Another brilliant release from AC!
Shame the PHP community mostly doesn't bother to use libraries eh?
Post Reply