From 2c9e041b4ca04bad765efeff411e145bd9c3978e Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sat, 31 Mar 2007 03:09:46 +0000 Subject: [PATCH] Update TODO and progress document. git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@925 48356398-32a2-884e-a903-53898d9a118a --- TODO | 60 ++++++++++++++++++++++-------------------- docs/dev-progress.html | 4 +-- 2 files changed, 33 insertions(+), 31 deletions(-) diff --git a/TODO b/TODO index 1f1fbd19..807266a2 100644 --- a/TODO +++ b/TODO @@ -4,37 +4,40 @@ TODO List = KEY ==================== # Flagship - Regular - ? At-risk + ? Maybe I'll Do It ========================== -1.6 release - # Implement all non-essential attribute transforms, configurable +1.6 release [Long Overdue] + - Regexp matching for IDs + - More user-friendly warnings when %HTML.Allow* attempts to specify a + tag or attribute that is not supported + +1.7 release [Advanced API] + # Complete advanced API, and fully document it + # Add pre-packaged "levels" of cleaning + # Implement all edge-case attribute transforms + # Implement all deprecated tags and attributes + - Parse TinyMCE-style whitelist into our %HTML.Allow* whitelists + +1.8 release [Refactor, refactor!] # URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX) # Advanced URI filtering schemes (see docs/proposal-new-directives.txt) - # Error logging for filtering/cleanup procedures - - Requires I18N facilities to be created first (COMPLEX) - # Implement all deprecated tags and attributes, for use when correctional - mode is not on - ? Configuration profiles: sets of directives that get set with one func call - - XSS-attempt detection + - Configuration profiles: predefined directives set with one func call - Implement IDREF support (harder than it seems, since you cannot have IDREFs to non-existent IDs) - - Regexp matching for IDs + - Allow non-ASCII characters in font names -1.7 release - # Add pre-packaged "levels" of cleaning (custom behavior already done) +1.9 release [Error'ed] + # Error logging for filtering/cleanup procedures + - Requires I18N facilities to be created first (COMPLEX) + - XSS-attempt detection - More fine-grained control over escaping behavior - Silently drop content inbetween SCRIPT tags (can be generalized to allow specification of elements that, when detected as foreign, trigger removal of children, although unbalanced tags could wreck havoc (or at least delete the rest of the document)). - - Allow specifying global attributes on a tag-by-tag basis in - %HTML.AllowAttributes - ? More user-friendly warnings when %HTML.Allow* attempts to specify a - tag or attribute that is not supported - - Parse TinyMCE whitelist into our %HTML.Allow* whitelists -1.8 release +1.10 release [Do What I Mean, Not What I Say] # Additional support for poorly written HTML - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!) - Friendly strict handling of
(block ->
) @@ -49,7 +52,7 @@ TODO List - Append something to duplicate IDs so they're still usable (impl. note: the dupe detector would also need to detect the suffix as well) -2.0 release +2.0 release [Beyond HTML] # Legit token based CSS parsing (will require revamping almost every AttrDef class) # Formatters for plaintext (COMPLEX) @@ -58,32 +61,31 @@ TODO List - Linkify URLs - Smileys - Linkification for HTML Purifier docs: notably configuration and classes - -3.0 release - - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) - - Hooks for adding custom processors to custom namespaced tags and - attributes, offer default implementation - - Lots of documentation and samples - Allow tags to be "armored", an internal flag that protects them from validation and passes them out unharmed - - XHTML 1.1 support - Fixes for Firefox's inability to handle COL alignment props (Bug 915) - Automatically add non-breaking spaces to empty table cells when empty-cells:show is applied to have compatibility with Internet Explorer - Convert RTL/LTR override characters to tags, or vice versa on demand. Also, enable disabling of directionality +3.0 release [To XML and Beyond] + - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX) + - Hooks for adding custom processors to custom namespaced tags and + attributes, offer default implementation + - Lots of documentation and samples + - XHTML 1.1 support + Ongoing - Lots of profiling, make it faster! - Plugins for major CMSes (COMPLEX) - - WordPress + - WordPress (mostly written, needs beta-testing) - eFiction - more! (look for ones that use WYSIWYGs) Unknown release (on a scratch-an-itch basis) - - Allow non-ASCII characters in font names ? Semi-lossy dumb alternate character encoding transfor - ? Have 'lang' attribute be checked against official listsmations, achieved by + ? Have 'lang' attribute be checked against official lists, achieved by encoding all characters that have string entity equivalents Requested diff --git a/docs/dev-progress.html b/docs/dev-progress.html index e6ae2eda..c0da280a 100644 --- a/docs/dev-progress.html +++ b/docs/dev-progress.html @@ -244,8 +244,8 @@ Mozilla on inside and needs -moz-outline, no IE support. Miscellaneous datetimeDEL, INSNo visible effect, ISO format -relALargely user-defined: nofollow, tag (see microformats) -revALargely user-defined: vote-* +relALargely user-defined: nofollow, tag (see microformats) +revALargely user-defined: vote-* axisTD, THW3C only: No browser implementation charCOL, COLGROUP, TBODY, TD, TFOOT, TH, THEAD, TRW3C only: No browser implementation headersTD, THW3C only: No browser implementation