When we released Gallery3 beta 2 we included HTMLPurifier as the
library used to cleanse fields that could potentially contain html
markup as part of the text (currently this is the title and description
fields for albums or photos and the comment field). The other fields
are sanitized with strip html.
The problem is that HTMLPurifier provides about 2MB or 27% of the beta
2 code base. In my opinion, this is a little be heavy for 3 fields.
I've been trying to find a lightweight alternative. So far the results
of my search:
- Pear's HTML_Safe. This package is used in Gallery2, but
according to the Pear website there is no maintainer for it or its
dependent package XML_HTMLSax3. The last release for HTML_Safe was
0.9.9beta on 2005-12-21
- HTML_Sanitizer: http://www.freephpscripts.eu/scripts/214/Php-Security-Scripts/HTML-Sanitizer.
I haven't played with this one, but its a couple of hundred lines long.
- htmLawed: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php
about 47kb
- I hacked a copy of this code: http://refactormycode.com/codes/557-html-filter.
Its about 33kb, but I really don't want to maintain it as part of the
gallery3 code base.
Has anyone used htmLawed or HTML_Sanitizer or do you have any other
favorites. Am I the only one concerned about a 2MB addition to the
Gallery3 code base.
Thoughts? Comments?
Thanks
Tim
------------------------------------------------------------------------------
__[ g a l l e r y - d e v e l ]_________________________
[ list info/archive -->
http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download -->
http://gallery.sf.net ]
