Midgard and HTML Purifier

Inspired by Kore Nordmann’s post Why are you using BBcodes?, Midgard now has integrated support for the HTML Purifier library. From the HTML Purifier site:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

This means that it will be reasonably easy to configure access lists of allowed HTML to be used when editing documents with the Datamanager2 library. The same rules will also apply to several tools using DM2 as library, including RSS-based news imports.

As Kore wrote, HTML Purifier makes it possible to use a regular HTML WYSIWYG editor for things like blog comments and forum posts while remaining sure that no abuse happens. With whitelists you can even allow certain cool things like embedding of YouTube videos to posts.

Technorati Tags: ,


Read more Midgard posts.