Topsoil HTML Filter
What (summary)
A Ruby implementation of a filter that passes a well-known set of tests that prevent users from altering the styles and scripts that control how content looks on our site.
This is a server side tool that allows users to submit rich content (e.g., html) without introducing security risks to the system or other users.
Why this is important
It's enabling server side technology for an HTML representation of wiki content. The problem it solves is preventing security abuses and restricting HTML usage to forms that we can understand. Flickr uses a php implementation that passes all of the same tests as the python HTML Filter. Our Ruby version will also pass these same tests.
DoneDone
- All python or php tests are converted to Ruby
- Ruby implementation passes all of the converted tests
Notes
- http://amisphere.com/contrib/python-html-filter/
- lib_filter.php
Discussion
- How does this fit in with our desire to allow users to completely customize the entire skin? Jason Parmer 16:39, 30 August 2007 (PDT)
- This will apply to the content that lives in the commons (e.g., anything under http://www.aboutus.org/). It needs to all have a consistent, highly skinnable structure so that trees (sites that mount the commons under their own url) can easily customize the presentation.
