diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
commit | 10831dd274ff65d4852b47dbc398adae61845206 (patch) | |
tree | 9f9397bb7433fd53bfacf88d8c8b3cf2ef50e27d /3rdparty/htmlpurifier/docs/enduser-security.txt | |
parent | 7b628a3e4d105f2e571d0fe142d59f201d6a10d0 (diff) |
use html purifier for sanitation
Diffstat (limited to '3rdparty/htmlpurifier/docs/enduser-security.txt')
-rw-r--r-- | 3rdparty/htmlpurifier/docs/enduser-security.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/3rdparty/htmlpurifier/docs/enduser-security.txt b/3rdparty/htmlpurifier/docs/enduser-security.txt new file mode 100644 index 000000000..ebf2254a0 --- /dev/null +++ b/3rdparty/htmlpurifier/docs/enduser-security.txt @@ -0,0 +1,18 @@ +
+Security
+
+Like anything that claims to afford security, HTML_Purifier can be circumvented
+through negligence of people. This class will do its job: no more, no less,
+and it's up to you to provide it the proper information and proper context
+to be effective. Things to remember:
+
+1. Character Encoding: see enduser-utf8.html for more info.
+
+2. IDs: see enduser-id.html for more info
+
+3. URIs: see enduser-uri-filter.html
+
+4. CSS: document pending
+Explain which CSS styles we blocked and why.
+
+ vim: et sw=4 sts=4
|