[Tiki-devel] Two HTML Purifier prefs in trunk?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Tiki-devel] Two HTML Purifier prefs in trunk?

Gary Cunningham-Lee
Hi,

In trunk now, on tiki-admin.php?page=security#content_admin1-1, there
are two HTML Purifier preference options next to each other, each with a
checkbox and similar help information:

"HTML purifier" and
"Output should be HTML purified"

These seem to do the same thing (activate HTML Purifier). Only the first
one exists in branch 17 and earlier. Isn't the second one redundant?

-- Gary


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Tiki-devel] Two HTML Purifier prefs in trunk?

Jonny Bradley-4
Hi Gary

I thought we always had two of those historically, and i'm not sure what the difference is tbh, so looking... ok, so:

"Output should be HTML purified" on security (feature_htmlpurifier_output) is used in \Smarty_Tiki::display so it purifies everything going through Smarty display, which is almost everything that goes on a tiki page (and oddly it doesn't seem to be dependent on the other pref)

The other "HTML purifier" on textarea in 17.x and before (feature_purifier) is used in \TikiLib::create_page and \TikiLib::update_page when html is allowed in wiki pages and purifies it before saving. It appears not to be connected with any of the other features (articles and newsletters use html i think?).

I believe HTML Purifier still isn't fully html5 compliant by default but it looks like there's a project here https://github.com/kennberg/php-htmlpurfier-html5/ that shows how to configure it so it is... expect we should do that some time?

jonny




> On 25 Jul 2017, at 14:49, Gary Cunningham-Lee <[hidden email]> wrote:
>
> Hi,
>
> In trunk now, on tiki-admin.php?page=security#content_admin1-1, there are two HTML Purifier preference options next to each other, each with a checkbox and similar help information:
>
> "HTML purifier" and
> "Output should be HTML purified"
>
> These seem to do the same thing (activate HTML Purifier). Only the first one exists in branch 17 and earlier. Isn't the second one redundant?
>
> -- Gary
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> TikiWiki-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Tiki-devel] Two HTML Purifier prefs in trunk?

Gary Cunningham-Lee
Ok, thanks, jonny. Probably the labels and/or descriptions should be
improved, then.

-- Gary

On 7/25/2017 11:21 PM, Jonny Bradley wrote:

> Hi Gary
>
> I thought we always had two of those historically, and i'm not sure what the difference is tbh, so looking... ok, so:
>
> "Output should be HTML purified" on security (feature_htmlpurifier_output) is used in \Smarty_Tiki::display so it purifies everything going through Smarty display, which is almost everything that goes on a tiki page (and oddly it doesn't seem to be dependent on the other pref)
>
> The other "HTML purifier" on textarea in 17.x and before (feature_purifier) is used in \TikiLib::create_page and \TikiLib::update_page when html is allowed in wiki pages and purifies it before saving. It appears not to be connected with any of the other features (articles and newsletters use html i think?).
>
> I believe HTML Purifier still isn't fully html5 compliant by default but it looks like there's a project here https://github.com/kennberg/php-htmlpurfier-html5/ that shows how to configure it so it is... expect we should do that some time?
>
> jonny
>
>
>
>
>> On 25 Jul 2017, at 14:49, Gary Cunningham-Lee <[hidden email]> wrote:
>>
>> Hi,
>>
>> In trunk now, on tiki-admin.php?page=security#content_admin1-1, there are two HTML Purifier preference options next to each other, each with a checkbox and similar help information:
>>
>> "HTML purifier" and
>> "Output should be HTML purified"
>>
>> These seem to do the same thing (activate HTML Purifier). Only the first one exists in branch 17 and earlier. Isn't the second one redundant?
>>
>> -- Gary
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> TikiWiki-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> TikiWiki-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
>


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Loading...