path: root/3rdparty/htmlpurifier/docs/enduser-customize.html

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Tutorial for customizing HTML Purifier's tag and attribute sets." />
<link rel="stylesheet" type="text/css" href="style.css" />

<title>Customize - HTML Purifier</title>

</head><body>

<h1 class="subtitled">Customize!</h1>
<div class="subtitle">HTML Purifier is a Swiss-Army Knife</div>

<div id="filing">Filed under End-User</div>
<div id="index">Return to the <a href="index.html">index</a>.</div>
<div id="home"><a href="http://htmlpurifier.org/">HTML Purifier</a> End-User Documentation</div>

<p>
  HTML Purifier has this quirk where if you try to allow certain elements or
  attributes, HTML Purifier will tell you that it's not supported, and that
  you should go to the forums to find out how to implement it. Well, this
  document is how to implement elements and attributes which HTML Purifier
  doesn't support out of the box.
</p>

<h2>Is it necessary?</h2>

<p>
  Before we even write any code, it is paramount to consider whether or
  not the code we're writing is necessary or not. HTML Purifier, by default,
  contains a large set of elements and attributes: large enough so that
  <em>any</em> element or attribute in XHTML 1.0 or 1.1 (and its HTML variants)
  that can be safely used by the general public is implemented.
</p>

<p>
  So what needs to be implemented? (Feel free to skip this section if
  you know what you want).
</p>

<h3>XHTML 1.0</h3>

<p>
  All of the modules listed below are based off of the
  <a href="http://www.w3.org/TR/2001/REC-xhtml-modularization-20010410/abstract_modules.html#sec_5.2.">modularization of
  XHTML</a>, which, while technically for XHTML 1.1, is quite a useful
  resource.
</p>

<ul>
  <li>Structure</li>
  <li>Frames</li>
  <li>Applets (deprecated)</li>
  <li>Forms</li>
  <li>Image maps</li>
  <li>Objects</li>
  <li>Frames</li>
  <li>Events</li>
  <li>Meta-information</li>
  <li>Style sheets</li>
  <li>Link (not hypertext)</li>
  <li>Base</li>
  <li>Name</li>
</ul>

<p>
  If you don't recognize it, you probably don't need it. But the curious
  can look all of these modules up in the above-mentioned document.  Note
  that inline scripting comes packaged with HTML Purifier (more on this
  later).
</p>

<h3>XHTML 1.1</h3>

<p>
  As of HTMLPurifier 2.1.0, we have implemented the
  <a href="http://www.w3.org/TR/2001/REC-ruby-20010531/">Ruby module</a>,
  which defines a set of tags
  for publishing short annotations for text, used mostly in Japanese
  and Chinese school texts, but applicable for positioning any text (not
  limited to translations) above or below other corresponding text.
</p>

<h3>HTML 5</h3>

<p>
  <a href="http://www.whatwg.org/specs/web-apps/current-work/">HTML 5</a>
  is a fork of HTML 4.01 by WHATWG, who believed that XHTML 2.0 was headed
  in the wrong direction.  It too is a working draft, and may change
  drastically before publication, but it should be noted that the
  <code>canvas</code> tag has been implemented by many browser vendors.
</p>

<h3>Proprietary</h3>

<p>
  There are a number of proprietary tags still in the wild. Many of them
  have been documented in <a href="ref-proprietary-tags.txt">ref-proprietary-tags.txt</a>,
  but there is currently no implementation for any of them.
</p>

<h3>Extensions</h3>

<p>
  There are also a number of other XML languages out there that can
  be embedded in HTML documents: two of the most popular are MathML and
  SVG, and I frequently get requests to implement these.  But they are
  expansive, comprehensive specifications, and it would take far too long
  to implement them <em>correctly</em> (most systems I've seen go as far
  as whitelisting tags and no further; come on, what about nesting!)
</p>

<p>
  Word of warning: HTML Purifier is currently <em>not</em> namespace
  aware.
</p>

<h2>Giving back</h2>

<p>
  As you may imagine from the details above (don't be abashed if you didn't
  read it all: a glance over would have done), there's quite a bit that
  HTML Purifier doesn't implement.  Recent architectural changes have
  allowed HTML Purifier to implement elements and attributes that are not
  safe!  Don't worry, they won't be activated unless you set %HTML.Trusted
  to true, but they certainly help out users who need to put, say, forms
  on their page and don't want to go through the trouble of reading this
  and implementing it themself.
</p>

<p>
  So any of the above that you implement for your own application could
  help out some other poor sap on the other side of the globe.  Help us
  out, and send back code so that it can be hammered into a module and
  released with the core.  Any code would be greatly appreciated!
</p>

<h2>And now...</h2>

<p>
  Enough philosophical talk, time for some code:
</p>

<pre>$config = HTMLPurifier_Config::createDefault();
$config-&gt;set('HTML.DefinitionID', 'enduser-customize.html tutorial');
$config-&gt;set('HTML.DefinitionRev', 1);
if ($def = $config-&gt;maybeGetRawHTMLDefinition()) {
    // our code will go here
}</pre>

<p>
  Assuming that HTML Purifier has already been properly loaded (hint:
  include <code>HTMLPurifier.auto.php</code>), this code will set up
  the environment that you need to start customizing the HTML definition.
  What's going on?
</p>

<ul>
  <li>
    The first three lines are regular configuration code:
    <ul>
      <li>
        %HTML.DefinitionID is set to a unique identifier for your
        custom HTML definition.  This prevents it from clobbering
        other custom definitions on the same installation.
      </li>
      <li>
        %HTML.DefinitionRev is a revision integer of your HTML
        definition.  Because HTML definitions are cached, you'll need
        to increment this whenever you make a change in order to flush
        the cache.
      </li>
    </ul>
  </li>
  <li>
    The fourth line retrieves a raw <code>HTMLPurifier_HTMLDefinition</code>
    object that we will be tweaking.  Interestingly enough, we have
    placed it in an if block: this is because
    <code>maybeGetRawHTMLDefinition</code>, as its name suggests, may
    return a NULL, in which case we should skip doing any
    initialization.  This, in fact, will correspond to when our fully
    customized object is already in the cache.
  </li>
</ul>

<h2>Turn off caching</h2>

<p>
  To make development easier, we're going to temporarily turn off
  definition caching:
</p>

<pre>$config = HTMLPurifier_Config::createDefault();
$config-&gt;set('HTML.DefinitionID', 'enduser-customize.html tutorial');
$config-&gt;set('HTML.DefinitionRev', 1);
<strong>$config-&gt;set('Cache.DefinitionImpl', null); // TODO: remove this later!</strong>
$def = $config-&gt;getHTMLDefinition(true);</pre>

<p>
  A few things should be mentioned about the caching mechanism before
  we move on.  For performance reasons, HTML Purifier caches generated
  <code>HTMLPurifier_Definition</code> objects in serialized files
  stored (by default) in <code>library/HTMLPurifier/DefinitionCache/Serializer</code>.
  A lot of processing is done in order to create these objects, so it
  makes little sense to repeat the same processing over and over again
  whenever HTML Purifier is called.
</p>

<p>
  In order to identify a cache entry, HTML Purifier uses three variables:
  the library's version number, the value of %HTML.DefinitionRev and
  a serial of relevant configuration.  Whenever any of these changes,
  a new HTML definition is generated.  Notice that there is no way
  for the definition object to track changes to customizations: here, it
  is up to you to supply appropriate information to DefinitionID and
  DefinitionRev.
</p>

<h2 id="addAttribute">Add an attribute</h2>

<p>
  For this example, we're going to implement the <code>target</code> attribute found
  on <code>a</code> elements.  To implement an attribute, we have to
  ask a few questions:
</p>

<ol>
  <li>What element is it found on?</li>
  <li>What is its name?</li>
  <li>Is it required or optional?</li>
  <li>What are valid values for it?</li>
</ol>

<p>
  The first three are easy: the element is <code>a</code>, the attribute
  is <code>target</code>, and it is not a required attribute. (If it
  was required, we'd need to append an asterisk to the attribute name,
  you'll see an example of this in the addElement() example).
</p>

<p>
  The last question is a little trickier.
  Lets allow the special values: _blank, _self, _target and _top.
  The form of this is called an <strong>enumeration</strong>, a list of
  valid values, although only one can be used at a time.  To translate
  this into code form, we write:
</p>

<pre>$config = HTMLPurifier_Config::createDefault();
$config-&gt;set('HTML.DefinitionID', 'enduser-customize.html tutorial');
$config-&gt;set('HTML.DefinitionRev', 1);
$config-&gt;set('Cache.DefinitionImpl', null); // remove this later!
$def = $config-&gt;getHTMLDefinition(true);
<strong>$def->addA