Mercurial Mercurial > corpus_parole / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cms/drupal/profiles/drustack/libraries/htmlpurifier/WYSIWYG
author ymh <ymh.work@gmail.com>
Tue, 20 Mar 2018 15:02:40 +0100
changeset 573 25f3d28f51b2
parent 541 e756a8c72c3d
permissions -rwxr-xr-x
Added tag 0.0.25 for changeset 190ae1dee68d


WYSIWYG - What You See Is What You Get
    HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditor

Javascript-based WYSIWYG editors, simply stated, are quite amazing.  But I've
always been wary about using them due to security issues: they handle the
client-side magic, but once you've been served a piping hot load of unfiltered
HTML, what should be done then?  In some situations, you can serve it uncleaned,
since you only offer these facilities to trusted(?) authors.

Unfortunantely, for blog comments and anonymous input, BBCode, Textile and
other markup languages still reign supreme.  Put simply: filtering HTML is
hard work, and these WYSIWYG authors don't offer anything to alleviate that
trouble.  Therein lies the solution:

HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors.

Enough said.

    vim: et sw=4 sts=4
corpus_parole