news/2.0.0-released.xhtml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   3     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   4 <html
   5   xmlns="http://www.w3.org/1999/xhtml"
   6   xmlns:xi="http://www.w3.org/2001/XInclude"
   7   xml:lang="en">
   8 <head>
   9   <title>2.0.0 Released - News - HTML Purifier</title>
  10   <xi:include href="common-meta.xml" xpointer="xpointer(/*/node())" />
  11   <meta name="description" content="Release notice for HTML Purifier 2.0.0." />
  12   <meta name="keywords" content="HTMLPurifier, HTML Purifier, HTML, filter, filtering, standards, compliant, 2.0.0, release, version, news" />
  13 </head>
  14 <body>
  15
  16 <xi:include href="common-header.xml" xpointer="xpointer(/*/node())" />
  17 <h1 id="title">2.0.0 Released</h1>
  18
  19 <div id="content">
  20
  21 <p>
  22   <strong>HTML Purifier 2.0</strong> is the culmination of two major architectural changes.
  23   The first is <a href="../docs/enduser-tidy.html">Tidy</a>, which enables
  24   HTML Purifier to both natively support
  25   deprecated elements and also convert them to standards-compliant
  26   alternatives. The second is the
  27   <a href="../docs/enduser-customize.html">Advanced API</a>,
  28   which enables users to
  29   create new elements and attributes with ease. Keeping in line with a
  30   commitment to high quality, there are also five esoteric bug-fixes and a
  31   plethora of subtle improvements that enhance the library.
  32 </p>
  33
  34 <xi:include href="download-box.xml" xpointer="xpointer(/*/node())" />
  35
  36 <h2>What is HTML Purifier?</h2>
  37
  38 <p>
  39   HTML Purifier is a standards-compliant <abbr>HTML</abbr> filter written
  40   in <abbr>PHP</abbr>. Because it uses whitelists and a comprehensive
  41   knowledge of the <abbr>HTML</abbr> specification, it is <strong>bullet-proof</strong>
  42   against <abbr>XSS</abbr>, <strong>fixes malformed input</strong> rather
  43   than reject it, and is <strong>open and extensible</strong>. Don't
  44   take my word for it: try the <a href="../demo.php">demo</a> or
  45   read how HTML Purifier <a href="../comparison.html">compares</a> to
  46   other libraries.
  47 </p>
  48
  49 <h2>What is Tidy?</h2>
  50
  51 <p>
  52   While Tidy may remind of HTMLTidy, our Tidy has nothing to do with
  53   Dave Raggett's library. Previously, HTML Purifier was really fussy
  54   about deprecated elements and always tried to convert them to
  55   standards-compliant alternatives. Now, you can pick: stay with the
  56   deprecated (but valid) elements or clean them up! Read more about
  57   it in the <a href="../docs/enduser-tidy.html">Tidy documentation</a>.
  58 </p>
  59
  60 <h2>What is the Advanced <abbr>API</abbr>?</h2>
  61
  62 <p>
  63   The Advanced <abbr>API</abbr> is a powerful new interface users can
  64   use to customize HTML Purifier with their own custom attributes
  65   and elements. Read more about
  66   it in the <a href="../docs/enduser-customize.html">
  67   customization documentation</a>.
  68 </p>
  69
  70 <h2>Backwards-incompatible changes</h2>
  71
  72 <p>
  73   There are a few behavioral changes that may break code written for
  74   esoteric features of the previous versions:
  75 </p>
  76
  77 <ul class="long">
  78   <li>
  79     <strong>Previous customizations to HTMLDefinition will now
  80     throw fatal errors.</strong> This is easy to fix: set
  81     <code>$config->set('HTML', 'DefinitionID', 'your-name-here')</code>
  82     and then read the documentation on the
  83     <a href="../docs/enduser-customize.html">advanced <abbr>API</abbr></a>
  84     to convert your code to the brand new features. (Trust me: it's a lot
  85     easier to write.)
  86   </li>
  87   <li>
  88     <strong>Configuration objects are finalized when used.</strong>
  89     This means you cannot set another configuration value after
  90     you have already used it to purify some text. Set the <code>autoFinalize</code>
  91     member variable to false in order to work around this, or try to
  92     re-structure your code so that it is not necessary.
  93   </li>
  94   <li>
  95     <strong>Interface for HTMLPurifier_Lexer::create() changed.</strong>
  96     This factory method no longer accepts a prototype as a parameter:
  97     instead, it requires a configuration object.  To overload the Lexer
  98     with your own custom one, set <code>$config->set('Core', 'LexerImpl', $lexer)</code>.
  99     Note however, that the lexer selection has gotten a bit smarter, so
 100     you may want to just let HTML Purifier do its thing.
 101   </li>
 102   <li>
 103     <strong>Caching for HTMLDefinition added, please ensure the cache
 104     output directory is writeable.</strong> While this change won't
 105     break anything per-say, you'll be missing out on a tremendous
 106     speed increase if you don't ensure that
 107     <code>library/HTMLPurifier/DefinitionCache/Serializer</code> is
 108     writeable by <abbr>PHP</abbr>. In the event this is not possible,
 109     you can change the cache output directory using
 110     <code>$config->set('Cache', 'SerializerPath', $path);</code> (please
 111     use absolute paths).
 112   </li>
 113 </ul>
 114
 115 <p>
 116   I take backwards-compatibility <em>very</em> seriously, so if you have
 117   any problems pop on over to the <a href="http://htmlpurifier.org/phorum/">forums</a>
 118   and I'll do whatever I can to help you.
 119 </p>
 120
 121 <h2>What is new?</h2>
 122
 123 <p>
 124   Tidy and the Advanced API are all fine and dandy, but they're aimed towards
 125   the advanced user. HTML Purifier 2.0.0 also has a number of extra
 126   features that target the common guy too! Here are the more notable ones:
 127 </p>
 128
 129 <ul class="long">
 130   <li>
 131     New <strong>%HTML.Allowed</strong> configuration directive lets you set allowed attributes
 132     and elements in one go! Use a TinyMCE style format: "<code>a[href|title],b,i</code>"
 133   </li>
 134   <li>
 135     The configuration object gives friendlier error messages when things
 136     go wrong.
 137   </li>
 138   <li>
 139     HTML Purifier works in <strong><abbr>PHP</abbr> 4.3.2</strong>. That's
 140     pretty ancient, but it's good to know that you can still use HTML Purifier
 141     on those crappy webhosts that refuse to upgrade.
 142   </li>
 143   <li>
 144     When running in Transitional mode (HTML 4.01 Transitional or XHTML 1.0
 145     Transitional), HTML Purifier will be as lazy as possible when fixing
 146     things up: this means that deprecated elements will be preserved in
 147     these doctypes.
 148   </li>
 149 </ul>
 150
 151 <p>
 152   As usual, you can see a full list of changes, bugfixes and other
 153   miscellanea in
 154   <a href="http://htmlpurifier.org/svnroot/htmlpurifier/tags/2.0.0/NEWS">News</a>.
 155 </p>
 156
 157 <h2>Spread the word!</h2>
 158
 159 <p>
 160   Used HTML Purifier and liked it? Interested but will investigate later?
 161   Disbelieving at the prospect of bullet-proof <abbr>XSS</abbr> protection?
 162   Whatever your thoughts, help spread the word!
 163 </p>
 164
 165 <ul>
 166   <li><a href="http://www.dzone.com/links/html_purifier_200_released.html">Vote up HTML Purifier on <strong>DZone</strong></a></li>
 167   <li><a href="http://programming.reddit.com/info/2016n/comments">Read HTML Purifier at <strong>Reddit</strong></a></li>
 168   <li><a href="http://digg.com/programming/HTML_Purifier_2_0_0_released">Digg HTML Purifier on <strong>Digg</strong></a></li>
 169   <li><a href="http://del.icio.us/post?v=4&amp;noui&amp;url=http://htmlpurifier.org/news/2.0.0-released.html">Bookmark HTML Purifier on <strong>del.icio.us</strong></a></li>
 170   <li><a href="http://freshmeat.net/projects/htmlpurifier">Rate HTML Purifier on <strong>freshmeat.net</strong></a></li>
 171   <li><a href="http://sourceforge.net/projects/htmlpurifier">Nominate HTML Purifier on <strong>sourceforge.net</strong></a></li>
 172 </ul>
 173
 174 </div>
 175
 176 </body>
 177 </html>