Rotsblok, if only it was that simple - Look at the code of HTMLPurifier, I believe it is well commented - this will let you know of the complexity.
Highway of Life wrote:No, I’m not trying to make an HTML parser or discussing the usefulness of such a parser with those rules, I’m specifically addressing the question of if a “Secure” HTML parser - Kellanved said that such a parser doesn’t exist, so I’m curious based on the rules I stated above how you would exploit such an HTML parser.
! header name
! Another header
| cell content first row
| another cell
| cell content second row
| another cell
h1. Header 1
h2. Header 2
h3. Header 3
bq. Block Quotes
fn1. Footnotes are great to use as anchors
??cite your author?? (<cite></cite>)
Insert @some code@ (<code></code>)
remove -some text- from a sentence. (<del></del>)
insert +some text+ in a sentence. (<ins></ins>)
* bullet lists
# numeric lists
#* nested lists
p(className). Paragraph with a CSS class name
p(#super-duper). Paragraph with a CSS id
p<. align left
p>. align right
p=. align center
p(. Left indent 1em
p))). Right indent 3em
p((((. Left indent 4em
|_. Name |_. Species |_. Gender |
| Ranger | Horse | Male |
| Frosty | Cat | Male |
| Mindy | Horse | Female |
| Peaches | Dog | Female |
bobtheman wrote:i was under the impression that wysiwyg editors like TinyMCE address's these very issues and the security built in is more than sufficient.
4seven wrote:Hi there,
i [dev] now over 1 year a kind of private phpbb-wysiwyg and i think, i'am a genius in some things.
But, nevermind/anyway: Here are the main points, and here* i stucked over,
but it's not impossible: i know that 4 shure.
- Minimum: Support of Main BBCodes
- *Auto-Integration of any Custom BBCode
- Perfect Working in all possibilitys
- Near Sec-Safe Architecture
- Using much as possible of phpBB Core-Code to parse
and pre-filtering the display of problem-content (as in Live Preview)
- Lightweight and clean (uncompressed) Code
- Switchable by User to "old mode"
- Min. Load Time
Users browsing this forum: No registered users and 2 guests