ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: home / letacommog / letaweb / admin / classes / htmlpurifier / docs

Configuration Ideas

Here are some theoretical configuration ideas that we could implement some
time.  Note the naming convention: %Namespace.Directive. If you want one
implemented, give us a ring, and we'll move it up the priority chain.

%Attr.RewriteFragments - if there's %Attr.IDPrefix we may want to transparently
    rewrite the URLs we parse too.  However, we can only do it when it's a pure
    anchor link, so it's not foolproof

%Attr.ClassBlacklist,
%Attr.ClassWhitelist,
%Attr.ClassPolicy - determines what classes are allowed. When
    %Attr.ClassPolicy is set to Blacklist, only allow those not in
    %Attr.ClassBlacklist. When it's Whitelist, only allow those in
    %Attr.ClassWhitelist.

%Attr.MaxWidth,
%Attr.MaxHeight - caps for width and height related checks.
    (the hack in Pixels for an image crashing attack could be replaced by this)

%URI.AddRelNofollow - will add rel="nofollow" to all links, preventing the
    spread of ill-gotten pagerank

%URI.HostBlacklistRegex - regexes that if matching the host are disallowed
%URI.HostWhitelist - domain names that are excluded from the host blacklist
%URI.HostPolicy - determines whether or not its reject all and then whitelist
    or allow all in then do specific blacklists with whitelist intervening.
    'DenyAll' or 'AllowAll' (default)

%URI.DisableIPHosts - URIs that have IP addresses for hosts are disallowed.
    Be sure to also grab unusual encodings (dword, hex and octal), which may
    be currently be caught by regular DNS
%URI.DisableIDN - Disallow raw internationalized domain names. Punycode
    will still be permitted.

%URI.ConvertUnusualIPHosts - transform dword/hex/octal IP addresses to the
    regular form
%URI.ConvertAbsoluteDNS - Remove extra dots after host names that trigger
    absolute DNS.  While this is actually the preferred method according to
    the RFC, most people opt to use a relative domain name relative to . (root).

vim: et sw=4 sts=4

[+] ..
[-] dev-naming.html [edit]
[+] specimens
[-] enduser-id.html [edit]
[-] dev-includes.txt [edit]
[-] enduser-slow.html [edit]
[-] dev-config-bcbreaks.txt [edit]
[-] enduser-utf8.html [edit]
[-] ref-proprietary-tags.txt [edit]
[-] dev-flush.html [edit]
[-] proposal-css-extraction.txt [edit]
[-] ref-whatwg.txt [edit]
[-] enduser-tidy.html [edit]
[-] fixquotes.htc [edit]
[-] proposal-errors.txt [edit]
[-] ref-html-modularization.txt [edit]
[+] examples
[-] dev-progress.html [edit]
[-] style.css [edit]
[-] proposal-new-directives.txt [edit]
[-] proposal-filter-levels.txt [edit]
[-] enduser-customize.html [edit]
[+] entities
[-] enduser-overview.txt [edit]
[-] dev-config-schema.html [edit]
[-] proposal-config.txt [edit]
[-] ref-content-models.txt [edit]
[-] enduser-youtube.html [edit]
[-] proposal-language.txt [edit]
[-] ref-devnetwork.html [edit]
[-] enduser-security.txt [edit]
[-] dev-config-naming.txt [edit]
[-] index.html [edit]
[-] dev-optimization.html [edit]
[-] proposal-plists.txt [edit]
[-] enduser-uri-filter.html [edit]
[+] dtd
[-] proposal-colors.html [edit]
[-] ref-css-length.txt [edit]
[-] dev-code-quality.txt [edit]
[-] dev-advanced-api.html [edit]