Bringing Purity to Bitweaver

Will • 19 May 2007 (02:41 UTC)
Research and Development
Good bye unclosed HTML tags and broken layouts. Hello automagical strict HTML!

The Bitweaver team is pleased to announce the integration of HTMLPurifier into R2 CVS. HTML Purifier not only removes all malicious code (better known as Cross Site Scripting Attacks or XSS) but also makes sure your content is standards compliant. It will tidy your HTML closing all open tags, and remove any unwanted ones. This is particularly valuable for those wishing to use HTML format as well as for those who wish to allow HTML within the bitweaver and TikiWiki format.

With your choice of graphical HTML editors, FCKEditor and TinyMCE, combined with HTMLPurifier you can finally do away with the wiki code learning curve and offer your users a richer user experience without compromising the security of your site. We are aware of only two other CMS systems that have integrated HTMLPurifier and Bitweaver is one of only 2 to include it with the default installation. Thanks go to Nick Palmer for doing the integration!

Comments

great stuff

by laetzer, 21 May 2007 (22:55 UTC)
I enabled it for a site that also uses FCKeditor and it works like a charm. I enabled the options Escape invalid HTML, Force Strict and Force XHTML (and disable external resoures) and HTMLPurifier in bitweaver seems to be "all I ever wanted". It doesn't do its magic on preview (yet?).

Re: great stuff

by WaterDragon, 23 May 2007 (20:04 UTC)
Preview support is a work in progress and I am told by the HTMLPurifier developer that the next version will have a feedback mechanism we will be able to use to give details about what was cleaned up back to the user on preview so they can fix problems before they save.

blockquotes badly formed in fck

by Will, 06 Jun 2007 (23:52 UTC)
Be aware that right now when using fck editor and its indent feature, which creates a block quote, you can get funny spacing results in the blockquotes.

This is actually a problem with fckeditor, but hopefully Nick will be able to hack a work around through HTMLPurifier soon.

The problem is that xhtml strict requires that only block elements be used inside blockquote tags, that is to say
some text
is not valid. Unfortunately fck editor does not properly format its blockquotes this way. I have found that if you try to create multiple paragraphs in blockquotes using fck you will get results like:

<?php
<blockquote>some text<br><br>some more text</blockquote>
?>


HTMLPurfier then properly converts this to:

<?php
&amp;lt;blockquote&amp;gt;&amp;lt;p&amp;gt;some text&amp;lt;/p&amp;gt;&amp;lt;br&amp;gt;&amp;lt;br&amp;gt;&amp;lt;p&amp;gt;some more text&amp;lt;/p&amp;gt;&amp;lt;/blockquote&amp;gt;
?>


but man does that look messed up! Again this seems to be a the fault of fckeditor, but hopefully a HTMLPurifier filter will be able to hack around the problem in the near future.

little html as text double parsing problem too

by Will, 24 May 2007 (15:35 UTC)
um and we can see there is a little issue with html being overly parsed when it should be displayed as inline text.

:)

Re: blockquotes badly formed in fck

by Will, 08 Jun 2007 (03:06 UTC)
Little update about this - it appears to be related to previewing and or re-saving.

Related forum topic

by Edward Z. Yang, 18 Jun 2007 (03:01 UTC)
I've opened a related form topic for HTML Purifier, discussing a few things. See: http://www.bitweaver.org/forums/index.php?t=8554

Consider htmLawed

by Eric W, 19 Jan 2008 (00:41 UTC)