Subject:*
Name/Email:*
Message Icon:*
Message:*
url email imgsrc image php hide code quote
English Nederlands 
VOORBEELD
alignleft aligncenter alignright bold italic underline linethrough   


 [meer...]
Options:*
 

 

 
   
Re: HTMLPurifier Admin Options - your opinions

by fiammybe on 21/11/2011 8:42:32

Disabling HTMLPurifier doesn't ADD linebreaks. When it's disabled properly, it just does nothing.

I can understand your frustration, but instead of complaining and threatening to drop ImpressCMS, it would be more efficient to work constructively toward a solution.

That way we both get what we want : a better and easier-to-use ImpressCMS.
Re: HTMLPurifier Admin Options - your opinions

by feratechinc on 20/11/2011 15:37:11

I am also running into this issue more and more.

While still struggling with ImpressCMS I and leaning more and more towards going to Drupal. Even with HTMLPurifier completely disabled it adds linebreaks making adding content and making it look properly impossible.

It is frustrating.

I think the developers needs to decide if they want a functional rich site or something that is hard to use be I guess can be called secure.
Re: HTMLPurifier Admin Options - your opinions

by Vaughan on 2/2/2010 6:38:44

Citaat:


Now, back on the original topic....

Just some crazy ideas -

What if we had some basic profiles for HTML Purifier - like:
1. No filtering, just tidy up the html
2. Only restrict the most easily exploited tags/attributes
3. Strict, but not paranoid
4. Paranoid
5. Custom

???



well not exactly the kind of responses i was actually looking for.

i was asking about the current options avasilable in preferences, to determine what people are changing from default, how they are changing them, and whether some of those options can be removed because they never ever get changed from their defaults.

i wasn't asking for feature improvements. lol

though to answer some of those points.

1. i supposed that could be done (though see reply '2').

2. yes this could be done, but remember purifier works on a whitelist basis, the forbidden tags subtract themselves from the allowed list. to make this work as we all want, we have to redo the fitering of the core completely, to make sure we can properly determine when & where content is being filtered.. specifically either Input filtering, where all filtering is done prior to writing to DB, or output filtering where all filtering is done on output. both have their pros & cons, but input filtering has far fewer cons. I may have a solution to that soon if it works out as i think it will.

3. well the options are there to change the strictness, but yes they are global. it is still a work in progress however (and i really should blog more), eventually my plan is to have different filtering methods and configs that can be based on group, individual user & module overrides (though core will be able to select if an option can be overridden by a module config value).

4. ""Just because you're paranoid, doesn't mean they aren't out to get you"" ;)

5. Custom, custom yes. as Niels mentioned custom XML import/export is on the way.
Re: HTMLPurifier Admin Options - your opinions

by UnderDog on 1/2/2010 21:37:49

That's not a crazy idea, it's a brilliant idea.
Same for being able to import (XML) settings for purifier?
Re: HTMLPurifier Admin Options - your opinions

by skenow on 1/2/2010 20:12:11

Now, back on the original topic....

Just some crazy ideas -

What if we had some basic profiles for HTML Purifier - like:
1. No filtering, just tidy up the html
2. Only restrict the most easily exploited tags/attributes
3. Strict, but not paranoid
4. Paranoid
5. Custom

???