mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2025-08-15 02:24:24 +02:00
Update docs, add NEWS and WYSIWYG.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@281 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
18
WYSIWYG
Normal file
18
WYSIWYG
Normal file
@@ -0,0 +1,18 @@
|
||||
|
||||
WYSIWYG - What You See Is What You Get
|
||||
HTMLPurifier: A Pretty Good Fit for TinyMCE and FCKeditor
|
||||
|
||||
Javascript-based WYSIWYG editors, simply stated, are quite amazing. But I've
|
||||
always been wary about using them due to security issues: they handle the
|
||||
client-side magic, but once you've been served a piping hot load of unfiltered
|
||||
HTML, what should be done then? In some situations, you can serve it uncleaned,
|
||||
since you only offer these facilities to trusted(?) authors.
|
||||
|
||||
Unfortunantely, for blog comments and anonymous input, BBCode, Textile and
|
||||
other markup languages still reign supreme. Put simply: filtering HTML is
|
||||
hard work, and these WYSIWYG authors don't offer anything to alleviate that
|
||||
trouble. Therein lies the solution:
|
||||
|
||||
HTMLPurifier is perfect for filtering pure-HTML input from WYSIWYG editors.
|
||||
|
||||
Enough said.
|
Reference in New Issue
Block a user