PEAK XOOPS - Re: HTMLPurifier 
Re: HTMLPurifier
- As this forum is only for commentation, you cannot open a new topic
- Guests cannot post into this forum
| Target | News |
| Subject | HTMLPurifier |
| Summary | WYSIWYGエディタを有効にするなら、基本的にHTML表示許可でデータを受け取るしかないのですが、そうするとScriptInsertionが避けられません。HTMLを再構築してくれるライブラリさえあればなあ、と思っていたら、kentaulsさんが教えてくれました。HTMLPurifierhttp://htmlp... |
suico
Posts: 7
Posts: 7
Thanks for the tip I'll try this in my next module : yogurt and report back here how easy or dificult it was to use it.
Votes:3
Average:3.33
kentauls
Posts: 29
Posts: 29
Thank you so much. I'm really happy that HTMLPurifier has been included in Protector.
I've already installed the latest version of Protector and Pico with the function of "HTMLPurifier" ON. It seems to be working with success!!
I thought HTMLPurifier should work not only with PHP5 because I found two different zip files in the download section of their website (http://htmlpurifier.org/download.html); "HTML Purifier 2.1.2 PHP5-strict" and the other one not with PHP5-strict.
I've already installed the latest version of Protector and Pico with the function of "HTMLPurifier" ON. It seems to be working with success!!
I thought HTMLPurifier should work not only with PHP5 because I found two different zip files in the download section of their website (http://htmlpurifier.org/download.html); "HTML Purifier 2.1.2 PHP5-strict" and the other one not with PHP5-strict.
Votes:1
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
hi kentauls.
Quote:
No. I use the latter, of course.
If we run the "strict version" with PHP4, it must raise "fatal errors".
(PHP4 never allows 'private' etc.)
Anyway, the lifetime of PHP4 will be ended soon.
This problem will be non-sense
Quote:
I thought HTMLPurifier should work not only with PHP5 because I found two different zip files in the download section of their website (http://htmlpurifier.org/download.html); "HTML Purifier 2.1.2 PHP5-strict" and the other one not with PHP5-strict.
No. I use the latter, of course.
If we run the "strict version" with PHP4, it must raise "fatal errors".
(PHP4 never allows 'private' etc.)
Anyway, the lifetime of PHP4 will be ended soon.
This problem will be non-sense
Votes:1
Average:10.00
kentauls
Posts: 29
Posts: 29
Hi GIJOE,
Yes, I can imagine.
I didn't think that you took wrong version of HTML Purifier.
Here I quote the lines written in the HTML Purifier archives to let many people know the concept.
Quote:
I know nothing perfect in the world, but hope it can be enough appropriate for use of FCKeditor on d3forum not for anonymous but members!!
Yes, I can imagine.
I didn't think that you took wrong version of HTML Purifier
.Here I quote the lines written in the HTML Purifier archives to let many people know the concept.
Quote:
WYSIWYG - What You See Is What You Get
HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditor
Javascript-based WYSIWYG editors, simply stated, are quite amazing. But I've
always been wary about using them due to security issues: they handle the
client-side magic, but once you've been served a piping hot load of unfiltered
HTML, what should be done then? In some situations, you can serve it uncleaned,
since you only offer these facilities to trusted(?) authors.
Unfortunantely, for blog comments and anonymous input, BBCode, Textile and
other markup languages still reign supreme. Put simply: filtering HTML is
hard work, and these WYSIWYG authors don't offer anything to alleviate that
trouble. Therein lies the solution:
HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors.
Enough said.
I know nothing perfect in the world, but hope it can be enough appropriate for use of FCKeditor on d3forum not for anonymous but members!!
Votes:1
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
I've just implemented it.
Try d3forum-0.77!
Try d3forum-0.77!
Votes:1
Average:10.00
Login