[wp-hackers] HTML Purifier

Elliotte Harold elharo at metalab.unc.edu
Wed Feb 14 13:17:01 GMT 2007


Peter Westwood wrote:

> For me tag balancing (balance_tags) and tag filtering (kses) are two
> separate processes - and you don't always want both.

Agreed. In fact, it's *much* easier to do tag filtering if you do it 
after making the document well-formed. There are just fewer places to 
hide something. Enhanced security is an often unrecognized benefit of XML.

> I do think we need super correctly (x)html purification in the core either
> to me it is the perfect job for a plugin - if people want it they can
> install it.

I assume you meant "don't" above. By contrast. I think WordPress should 
guarantee well-formed XHTML without any extra configuration. This is a 
technical decision the benefits of which will not be obvious to a 
non-developer, such as most WordPress users. Tolls like WordPress 
succeed precisely because they hide details like this from their users.

Obviously on this list people are more savvy about the underlying markup 
issues, but a typical end user shouldn't have to concern themselves with 
this.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
http://www.cafeaulait.org/books/javaio2/
http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/


More information about the wp-hackers mailing list