aboutsummaryrefslogtreecommitdiffstats
path: root/lib/htmlpurifier/docs/enduser-security.txt
blob: 518f092bd615e4edaf54bcf4c9c247ec2459da58 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Security

Like anything that claims to afford security, HTML_Purifier can be circumvented
through negligence of people. This class will do its job: no more, no less,
and it's up to you to provide it the proper information and proper context
to be effective. Things to remember:

1. Character Encoding: see enduser-utf8.html for more info.

2. IDs: see enduser-id.html for more info

3. URIs: see enduser-uri-filter.html

4. CSS: document pending
Explain which CSS styles we blocked and why.

    vim: et sw=4 sts=4