some important stuff we'll need

author: friendica <info@friendica.com> 2012-05-12 17:57:41 -0700
committer: friendica <info@friendica.com> 2012-07-18 20:40:31 +1000
commit: 7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a (patch)
tree: a9c3d91209cff770bb4b613b1b95e61a7bbc5a2b /lib/htmlpurifier/docs/enduser-security.txt
parent: cd727cb26b78a1dade09d510b071446898477356 (diff)
download: volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.gz
volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.bz2
volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/htmlpurifier/docs/enduser-security.txt b/lib/htmlpurifier/docs/enduser-security.txt
new file mode 100644
index 000000000..518f092bd
--- /dev/null
+++ b/lib/htmlpurifier/docs/enduser-security.txt
@@ -0,0 +1,18 @@
+
+Security
+
+Like anything that claims to afford security, HTML_Purifier can be circumvented
+through negligence of people. This class will do its job: no more, no less,
+and it's up to you to provide it the proper information and proper context
+to be effective. Things to remember:
+
+1. Character Encoding: see enduser-utf8.html for more info.
+
+2. IDs: see enduser-id.html for more info
+
+3. URIs: see enduser-uri-filter.html
+
+4. CSS: document pending
+Explain which CSS styles we blocked and why.
+
+    vim: et sw=4 sts=4
author	friendica <info@friendica.com>	2012-05-12 17:57:41 -0700
committer	friendica <info@friendica.com>	2012-07-18 20:40:31 +1000
commit	7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a (patch)
tree	a9c3d91209cff770bb4b613b1b95e61a7bbc5a2b /lib/htmlpurifier/docs/enduser-security.txt
parent	cd727cb26b78a1dade09d510b071446898477356 (diff)
download	volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.gz volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.tar.bz2 volse-hubzilla-7a40f4354b32809af3d0cfd6e3af0eda02ab0e0a.zip