Merged r608-621 for 1.3.2 release from trunk.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/branches/1.3@622 48356398-32a2-884e-a903-53898d9a118a

TODO

@@ -10,6 +10,7 @@ TODO List
 1.4 release
  # More extensive URI filtering schemes (see docs/proposal-new-directives.txt)
  # Allow for background-image and list-style-image (intrinsically tied to above)
+ # Add hooks for custom behavior (for instance, YouTube preservation)
  - Aggressive caching
  ? Rich set* methods and config file loaders for HTMLPurifier_Config
  ? Configuration profiles: sets of directives that get set with one func call
@@ -66,7 +67,6 @@ Unknown release (on a scratch-an-itch basis)
  - Append something to duplicate IDs so they're still usable (impl. note: the
    dupe detector would also need to detect the suffix as well)
  - Have 'lang' attribute be checked against official lists
- - Docs on how to embed YouTube videos (and friends) without patches
 
 Encoding workarounds
  - Non-lossy dumb alternate character encoding transformations, achieved by
@@ -84,7 +84,18 @@ Requested
     3. Extend the tag exclusion system to specify whether or not the
     contents should be dropped or not (currently, there's code that could do
     something like this if it didn't drop the inner text too.)
- - Accept array input, by iterating and purifying all of the items
+ - More user-friendly warnings when %HTML.Allow* attempts to specify a
+   tag or attribute that is not supported
+ - Allow specifying global attributes on a tag-by-tag basis in
+   %HTML.AllowAttributes
+ - Parse TinyMCE whitelist into our %HTML.Allow* whitelists
+ - XSS-attempt detection
+ - More user-friendly warnings when %HTML.Allow* attempts to specify a
+   tag or attribute that is not supported
+ - Allow specifying global attributes on a tag-by-tag basis in
+   %HTML.AllowAttributes
+ - Parse TinyMCE whitelist into our %HTML.Allow whitelists
+ - XSS-attempt detection
 
 Wontfix
  - Non-lossy smart alternate character encoding transformations (unless