Publish "Contribute" documentation.

[htmlpurifier-web.git] / docs.xhtml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html
  xmlns="http://www.w3.org/1999/xhtml"
  xmlns:xi="http://www.w3.org/2001/XInclude"
  xml:lang="en">
<head>
  <title>Documentation - HTML Purifier</title>
  <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
  <meta name="description" content="Documentation for HTML Purifier." />
  <meta name="keywords" content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, documentation, docs, manual" />
</head>
<body>

<xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />

<div id="main">
<h1 id="title">Documentation</h1>

<div id="content">

<p>
  HTML Purifier's documentation is organized by topic. New users should
  read the <a href="live/INSTALL">INSTALL</a> file that comes with your
  HTML Purifier download. Any questions about HTML Purifier can be asked
  at the <a href="http://htmlpurifier.org/phorum/">support forums</a> (no
  registration required!)
</p>

<div id="toc" class="floated" />

<h2>For Contributors</h2>

<p>
  As is with any open source project, HTML Purifier always is looking for
  developers, writers and other folks willing to lend a hand. There are any
  number of things to work on! Please, take a moment to
  <a href="contribute.html">find out how
  you can help out this project</a>.
</p>

<h2>For Advanced Users</h2>

<ul>
  <li><a href="docs/">End-User
      Documentation</a> &mdash; In-depth documents on how to get
      the most out of HTML Purifier. These are located in the <code>docs/</code>
      folder of your HTML Purifier installation.</li>
  <li><a href="live/configdoc/plain.html">Configuration
      documentation</a> &mdash; These are various configuration directives
      that can be used to customize HTML Purifier's behavior.</li>
  <li><a href="http://htmlpurifier.org/doxygen/html/">Doxygen-generated
      Documentation</a> &mdash; No class left undocumented!  Cross-referenced
      code!  A must-read for any prospective HTML Purifier hacker.
      (close by, <a href="http://htmlpurifier.org/phpdoc/">PHPDoc-generated
      Documentation.</a>)</li>
  <li><a href="live/smoketests/printDefinition.php">Print
      Definition</a> &mdash; If you want to actually see what HTML Purifier's
      filtering rules are, look no further than to this page. You can even
      experiment with the configuration to see how things respond to different
      directives.</li>
</ul>

<p>
  P.S. HTML Purifier's source code is well documented and very readable.
  If a question of your isn't answered by any of the above resources,
  go to the source! (Or ask in the forums.)
</p>

<h2>Frequently Asked Questions</h2>

<h3>What does %HTML.Allowed mean?</h3>

<p>
  The percent-dot format is a shorthand for HTML Purifier's configuration
  directives. It takes the form of %Namespace.Directive. For
  practical purposes, %HTML.Allowed translates into the following PHP
  code:
</p>

<pre>$config->set('HTML', 'Allowed', $value);</pre>

<h3>My attributes are mysteriously disappearing!</h3>

<p>
  You've probably got <a href="http://php.net/manual/en/security.magicquotes.php">magic quotes</a>
  turned on, which is interfering with the single and double-quotes in
  <abbr>HTML</abbr> attributes. The usual way to fix this is
  <a href="http://php.net/manual/en/security.magicquotes.disabling.php">with
  some runtime code or an ini tweak.</a> Be sure not to introduce any
  <abbr>SQL</abbr> injection vulnerabilities!
</p>

<h3>How do I prevent foreign characters like ä and <code>&amp;nbsp;</code> from turning into ä?</h3>

<p>
  This usually means that HTML Purifier is parsing your code as UTF-8, but
  your output encoding is something else. Read up <a href="docs/enduser-utf8.html">this
  document on UTF-8</a> to learn how to fix this. (Short answer: use
  %Core.Encoding or switch to UTF-8.)
</p>

<h3>I can't use the <code>target</code> or <code>name</code> attribute in my <code>a</code> tags!</h3>

<p>
  The <code>target</code> attribute has been deprecated for a long time, so
  I highly recommend you look at other ways of, say, opening new windows
  when you click a link (my favorites are <q>Don't do it!</q> or, if you
  must, JavaScript) But if you must, the
  <a href="live/configdoc/plain.html#Attr.AllowedFrameTargets">%Attr.AllowedFrameTargets</a>
  directive is what you are looking for.
</p>

<p>
  The <code>name</code> attribute is dependent on IDs being enabled.
  See <a href="docs/enduser-id.html">this document on enabling user IDs</a> for more information.
</p>

<h3>Is HTML Purifier slow?</h3>

<p>
  HTML Purifier isn't exactly light or speedy; this is a tradeoff for the
  power and security the library affords. You can combat this by reading
  <a href="docs/enduser-slow.html">Speeding up HTML Purifier</a> or using
  the <a href="download.html#Standalone">standalone</a> version.
</p>

<h2>Miscellaneous</h2>

<ul>
  <li><a href="live/smoketests/xssAttacks.php"><abbr>XSS</abbr>
      Attacks Smoketest</a> &mdash; Tests how well HTML Purifier fares
      against RSnake's famous cheatsheet of <abbr>XSS</abbr> attacks.</li>
  <li><a href="live/TODO">Roadmap</a>
      &mdash; Subject to lots of delays, but it's a glimpse of the future</li>
  <li><a href="live/art/">Artwork</a>
      &mdash; Extra media goodies.</li>
</ul>

</div>
</div>

</body>
</html>