|
1 |
|
2 TODO List |
|
3 |
|
4 = KEY ==================== |
|
5 # Flagship |
|
6 - Regular |
|
7 ? Maybe I'll Do It |
|
8 ========================== |
|
9 |
|
10 If no interest is expressed for a feature that may require a considerable |
|
11 amount of effort to implement, it may get endlessly delayed. Do not be |
|
12 afraid to cast your vote for the next feature to be implemented! |
|
13 |
|
14 Things to do as soon as possible: |
|
15 |
|
16 - http://htmlpurifier.org/phorum/read.php?3,5560,6307#msg-6307 |
|
17 - Think about allowing explicit order of operations hooks for transforms |
|
18 - Fix "<.<" bug (trailing < is removed if not EOD) |
|
19 - Build in better internal state dumps and debugging tools for remote |
|
20 debugging |
|
21 - Allowed/Allowed* have strange interactions when both set |
|
22 ? Transform lone embeds into object tags |
|
23 - Deprecated config options that emit warnings when you set them (with' |
|
24 a way of muting the warning if you really want to) |
|
25 - Make HTML.Trusted work with Output.FlashCompat |
|
26 - HTML.Trusted and HTML.SafeObject have funny interaction; general |
|
27 problem is what to do when a module "supersedes" another |
|
28 (see also tables and basic tables.) This is a little dicier |
|
29 because HTML.SafeObject has some extra functionality that |
|
30 trusted might find useful. See http://htmlpurifier.org/phorum/read.php?3,5762,6100 |
|
31 |
|
32 FUTURE VERSIONS |
|
33 --------------- |
|
34 |
|
35 4.8 release [OMG CONFIG PONIES] |
|
36 ! Fix Printer. It's from the old days when we didn't have decent XML classes |
|
37 ! Factor demo.php into a set of Printer classes, and then create a stub |
|
38 file for users here (inside the actual HTML Purifier library) |
|
39 - Fix error handling with form construction |
|
40 - Do encoding validation in Printers, or at least, where user data comes in |
|
41 - Config: Add examples to everything (make built-in which also automatically |
|
42 gives output) |
|
43 - Add "register" field to config schemas to eliminate dependence on |
|
44 naming conventions (try to remember why we ultimately decided on tihs) |
|
45 |
|
46 5.0 release [HTML 5] |
|
47 # Swap out code to use html5lib tokenizer and tree-builder |
|
48 ! Allow turning off of FixNesting and required attribute insertion |
|
49 |
|
50 5.1 release [It's All About Trust] (floating) |
|
51 # Implement untrusted, dangerous elements/attributes |
|
52 # Implement IDREF support (harder than it seems, since you cannot have |
|
53 IDREFs to non-existent IDs) |
|
54 - Implement <area> (client and server side image maps are blocking |
|
55 on IDREF support) |
|
56 # Frameset XHTML 1.0 and HTML 4.01 doctypes |
|
57 - Figure out how to simultaneously set %CSS.Trusted and %HTML.Trusted (?) |
|
58 |
|
59 5.2 release [Error'ed] |
|
60 # Error logging for filtering/cleanup procedures |
|
61 # Additional support for poorly written HTML |
|
62 - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) |
|
63 - Friendly strict handling of <address> (block -> <br>) |
|
64 - XSS-attempt detection--certain errors are flagged XSS-like |
|
65 - Append something to duplicate IDs so they're still usable (impl. note: the |
|
66 dupe detector would also need to detect the suffix as well) |
|
67 |
|
68 6.0 release [Beyond HTML] |
|
69 # Legit token based CSS parsing (will require revamping almost every |
|
70 AttrDef class). Probably will use CSSTidy |
|
71 # More control over allowed CSS properties using a modularization |
|
72 # IRI support (this includes IDN) |
|
73 - Standardize token armor for all areas of processing |
|
74 |
|
75 7.0 release [To XML and Beyond] |
|
76 - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) |
|
77 - Hooks for adding custom processors to custom namespaced tags and |
|
78 attributes, offer default implementation |
|
79 - Lots of documentation and samples |
|
80 |
|
81 Ongoing |
|
82 - More refactoring to take advantage of PHP5's facilities |
|
83 - Refactor unit tests into lots of test methods |
|
84 - Plugins for major CMSes (COMPLEX) |
|
85 - phpBB |
|
86 - Also, a FAQ for extension writers with HTML Purifier |
|
87 |
|
88 AutoFormat |
|
89 - Smileys |
|
90 - Syntax highlighting (with GeSHi) with <pre> and possibly <?php |
|
91 - Look at http://drupal.org/project/Modules/category/63 for ideas |
|
92 |
|
93 Neat feature related |
|
94 ! Support exporting configuration, so users can easily tweak settings |
|
95 in the demo, and then copy-paste into their own setup |
|
96 - Advanced URI filtering schemes (see docs/proposal-new-directives.txt) |
|
97 - Allow scoped="scoped" attribute in <style> tags; may be troublesome |
|
98 because regular CSS has no way of uniquely identifying nodes, so we'd |
|
99 have to generate IDs |
|
100 - Explain how to use HTML Purifier in non-PHP languages / create |
|
101 a simple command line stub (or complicated?) |
|
102 - Fixes for Firefox's inability to handle COL alignment props (Bug 915) |
|
103 - Automatically add non-breaking spaces to empty table cells when |
|
104 empty-cells:show is applied to have compatibility with Internet Explorer |
|
105 - Table of Contents generation (XHTML Compiler might be reusable). May also |
|
106 be out-of-band information. |
|
107 - Full set of color keywords. Also, a way to add onto them without |
|
108 finalizing the configuration object. |
|
109 - Write a var_export and memcached DefinitionCache - Denis |
|
110 - Built-in support for target="_blank" on all external links |
|
111 - Convert RTL/LTR override characters to <bdo> tags, or vice versa on demand. |
|
112 Also, enable disabling of directionality |
|
113 ? Externalize inline CSS to promote clean HTML, proposed by Sander Tekelenburg |
|
114 ? Remove redundant tags, ex. <u><u>Underlined</u></u>. Implementation notes: |
|
115 1. Analyzing which tags to remove duplicants |
|
116 2. Ensure attributes are merged into the parent tag |
|
117 3. Extend the tag exclusion system to specify whether or not the |
|
118 contents should be dropped or not (currently, there's code that could do |
|
119 something like this if it didn't drop the inner text too.) |
|
120 ? Make AutoParagraph also support paragraph-izing double <br> tags, and not |
|
121 just double newlines. This is kind of tough to do in the current framework, |
|
122 though, and might be reasonably approximated by search replacing double <br>s |
|
123 with newlines before running it through HTML Purifier. |
|
124 |
|
125 Maintenance related (slightly boring) |
|
126 # CHMOD install script for PEAR installs |
|
127 ! Factor out command line parser into its own class, and unit test it |
|
128 - Reduce size of internal data-structures (esp. HTMLDefinition) |
|
129 - Allow merging configurations. Thus, |
|
130 a -> b -> default |
|
131 c -> d -> default |
|
132 becomes |
|
133 a -> b -> c -> d -> default |
|
134 Maybe allow more fine-grained tuning of this behavior. Alternatively, |
|
135 encourage people to use short plist depths before building them up. |
|
136 - Time PHPT tests |
|
137 |
|
138 ChildDef related (very boring) |
|
139 - Abstract ChildDef_BlockQuote to work with all elements that only |
|
140 allow blocks in them, required or optional |
|
141 - Implement lenient <ruby> child validation |
|
142 |
|
143 Wontfix |
|
144 - Non-lossy smart alternate character encoding transformations (unless |
|
145 patch provided) |
|
146 - Pretty-printing HTML: users can use Tidy on the output on entire page |
|
147 - Native content compression, whitespace stripping: use gzip if this is |
|
148 really important |
|
149 |
|
150 vim: et sw=4 sts=4 |