htmlLawed comparison

26 views
Skip to first unread message

Jacques PYRAT

unread,
Mar 8, 2010, 3:07:45 AM3/8/10
to htmlpurifier
Hello,

http://htmlpurifier.org/comparison is 2 years old about htmlLawed.

How does it compare to html Purifier now ?

Regards,
Jacques — www.pyrat.net

Edward Z. Yang

unread,
Mar 8, 2010, 3:20:40 AM3/8/10
to htmlpurifier
Excerpts from Jacques PYRAT's message of Mon Mar 08 03:07:45 -0500 2010:

> Hello,
>
> http://htmlpurifier.org/comparison is 2 years old about htmlLawed.
>
> How does it compare to html Purifier now ?

Good question! I will note that htmLawed was last updated on February 26, 2009,
so it's not *that* out of date :-) (no, it is kind of out of date)

From a cursory glance, it looks like the exploits I posted about are fixed
if you toggle safe to be 1. (The default for safe is still 0). Iframes are now
disallowed; forms are still allowed. The blockquote standards compliance issue
is fixed; but you can still hoodwink it into outputting non standards-compliant code.

I will admit that I'm less of a pain-in-the-butt about standards compliance these
days. It's nice to have, but in reality, the code surrounding the HTML Purifier
content is probably not standard's compliant, so "what's the point" eh?

Now I'll be off to update the comparison page.

Cheers,
Edward

Michael Clark

unread,
Mar 8, 2010, 12:32:12 PM3/8/10
to htmlpu...@googlegroups.com
The point is that sometimes the code around it is :).

> Now I'll be off to update the comparison page.
>
> Cheers,
> Edward
>
>
Michael Clark
Programmer, PHP Development
HIT Web Design
(866) 211-0743 Ext. 1988
E-mail: mich...@hitwebdesign.com
How's my customer service? Contact my supervisor Sean Jackson at sjac...@hitwebdesign.com.

Reply all
Reply to author
Forward
0 new messages