diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
commit | 10831dd274ff65d4852b47dbc398adae61845206 (patch) | |
tree | 9f9397bb7433fd53bfacf88d8c8b3cf2ef50e27d /3rdparty/htmlpurifier/WYSIWYG | |
parent | 7b628a3e4d105f2e571d0fe142d59f201d6a10d0 (diff) |
use html purifier for sanitation
Diffstat (limited to '3rdparty/htmlpurifier/WYSIWYG')
-rw-r--r-- | 3rdparty/htmlpurifier/WYSIWYG | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/3rdparty/htmlpurifier/WYSIWYG b/3rdparty/htmlpurifier/WYSIWYG new file mode 100644 index 000000000..aaed37ea4 --- /dev/null +++ b/3rdparty/htmlpurifier/WYSIWYG @@ -0,0 +1,20 @@ +
+WYSIWYG - What You See Is What You Get
+ HTML Purifier: A Pretty Good Fit for TinyMCE and FCKeditor
+
+Javascript-based WYSIWYG editors, simply stated, are quite amazing. But I've
+always been wary about using them due to security issues: they handle the
+client-side magic, but once you've been served a piping hot load of unfiltered
+HTML, what should be done then? In some situations, you can serve it uncleaned,
+since you only offer these facilities to trusted(?) authors.
+
+Unfortunantely, for blog comments and anonymous input, BBCode, Textile and
+other markup languages still reign supreme. Put simply: filtering HTML is
+hard work, and these WYSIWYG authors don't offer anything to alleviate that
+trouble. Therein lies the solution:
+
+HTML Purifier is perfect for filtering pure-HTML input from WYSIWYG editors.
+
+Enough said.
+
+ vim: et sw=4 sts=4
|