[wp-hackers] HTML Purifier
Elliotte Harold
elharo at metalab.unc.edu
Wed Feb 14 13:17:01 GMT 2007
Peter Westwood wrote:
> For me tag balancing (balance_tags) and tag filtering (kses) are two
> separate processes - and you don't always want both.
Agreed. In fact, it's *much* easier to do tag filtering if you do it
after making the document well-formed. There are just fewer places to
hide something. Enhanced security is an often unrecognized benefit of XML.
> I do think we need super correctly (x)html purification in the core either
> to me it is the perfect job for a plugin - if people want it they can
> install it.
I assume you meant "don't" above. By contrast. I think WordPress should
guarantee well-formed XHTML without any extra configuration. This is a
technical decision the benefits of which will not be obvious to a
non-developer, such as most WordPress users. Tolls like WordPress
succeed precisely because they hide details like this from their users.
Obviously on this list people are more savvy about the underlying markup
issues, but a typical end user shouldn't have to concern themselves with
this.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
More information about the wp-hackers
mailing list