Chris Steipp wrote:
Does anyone know if mediawiki has ever used
HTMLPurifier (
http://htmlpurifier.org/) as a library? Or if any extensions have used it?
I don't know of any MediaWiki-related code using HTMLPurifier.
I think I'd be remiss if I didn't mention that MediaWiki comes with its own
HTML sanitizer. More information can be found here:
<https://www.mediawiki.org/wiki/HTML_restriction>.
I'm looking at adding in a library for svg
cleaning that depends on it, but
not sure if that's something that can be added in, or if I
should re-implement those features.
MediaWiki's Sanitizer.php was written long before HTMLPurifier existed. I
imagine if such a thought-out and stable library had existed in 2002, Brion
would have opted to use it instead of rolling his own. In general, the less
reinventing of the wheel, the better. :-) Obviously you have to consider
the licensing, speed, capability, security, and stability of such libraries
when making a decision whether to use one, though.
MZMcBride