[1.3.0] More control of URIs granted

# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2025-08-01 11:50:28 +02:00 · 2006-11-23 23:59:20 +00:00
parent 61b6ee7183
commit 49cb2a4a7c
10 changed files with 168 additions and 50 deletions
--- a/54
+++ b/54
@@ -1,41 +1,51 @@

 TODO List

+= KEY ====================
+    # Flagship
+    - Regular
+    ? At-risk
+==========================
+
 1.3 release
- - Enable strict-compliant (X)HTML output
-    - Requires to some extent 2.0 formatters to save elements in blockquote
- - Make URI validation routines tighter (especially mailto)
- - More extensive URI filtering schemes (see docs/proposal-new-directives.txt)
- - Allow for background-image and list-style-image (see above)
- - Error logging for filtering/cleanup procedures
- - Rich set* methods and config file loaders for HTMLPurifier_Config
- - Caching of everything
- - Configuration profiles: sets of directives that get set with one func call
+ # More extensive URI filtering schemes (see docs/proposal-new-directives.txt)
+ # Allow for background-image and list-style-image (intrinsically tied to above)
+ - Aggressive caching
+ - Pretty-printer of *Definition, allowing users to see at a glance what is
+   allowed and what isn't
+ ? Rich set* methods and config file loaders for HTMLPurifier_Config
+ ? Configuration profiles: sets of directives that get set with one func call
+ ? ConfigSchema directive aliases (so we can rename some of them)
+ ? URI validation routines tighter (see docs/dev-code-quality.html) (COMPLEX)

 1.4 release
- - Add various "levels" of cleaning
+ # Error logging for filtering/cleanup procedures
+    - Requires I18N facilities to be created first (COMPLEX)
+
+1.5 release
+ # Add pre-packaged "levels" of cleaning (custom behavior already done)
 - More fine-grained control over escaping behavior
    - Silently drop content inbetween SCRIPT tags (can be generalized to allow
      specification of elements that, when detected as foreign, trigger removal
      of children, although unbalanced tags could wreck havoc (or at least
      delete the rest of the document)).

-1.5 release
- - Additional support for poorly written HTML
-    - Implement all non-essential attribute transforms
-    - Microsoft Word HTML cleaning (i.e. MsoNormal)
+1.6 release
+ # Additional support for poorly written HTML
+    - Implement all non-essential attribute transforms (BIG!)
+    - Microsoft Word HTML cleaning (i.e. MsoNormal, but research essential!)
+    - Friendly strict handling of <address> (block -> <br>)

 2.0 release
- - Formatters for plaintext
+ # Formatters for plaintext (COMPLEX)
    - Auto-paragraphing (be sure to leverage fact that we know when things
      shouldn't be paragraphed, such as lists and tables).
    - Linkify URLs
    - Smileys
-    - Linkification for HTML Purifier docs: notably configuration and
-      class names
+    - Linkification for HTML Purifier docs: notably configuration and classes

 3.0 release
- - Extended HTML capabilities based on namespacing and tag transforms
+ - Extended HTML capabilities based on namespacing and tag transforms (COMPLEX)
    - Hooks for adding custom processors to custom namespaced tags and
      attributes, offer default implementation
    - Lots of documentation and samples
@@ -43,7 +53,11 @@ TODO List

 Ongoing
 - Lots of profiling, make it faster!
- - Plugins for major CMSes (very tricky issue)
+ - Plugins for major CMSes (COMPLEX)
+    - Drupal
+    - WordPress
+    - eFiction
+    - more! (look for ones that use WYSIWYGs)

 Unknown release (on a scratch-an-itch basis)
 - Fixes for Firefox's inability to handle COL alignment props (Bug 915)
@@ -54,7 +68,7 @@ Unknown release (on a scratch-an-itch basis)
 - Append something to duplicate IDs so they're still usable (impl. note: the
   dupe detector would also need to detect the suffix as well)
 - Have 'lang' attribute be checked against official lists
- - Info on how to embed YouTube videos (and related content) without patches
+ - Docs on how to embed YouTube videos (and friends) without patches

 Encoding workarounds
 - Non-lossy dumb alternate character encoding transformations, achieved by