z at mzmcbride
Apr 24, 2012, 2:29 PM
Post #3 of 3
Chris Steipp wrote:
> Does anyone know if mediawiki has ever used HTMLPurifier (
> http://htmlpurifier.org/) as a library? Or if any extensions have used it?
I don't know of any MediaWiki-related code using HTMLPurifier.
I think I'd be remiss if I didn't mention that MediaWiki comes with its own
HTML sanitizer. More information can be found here:
> I'm looking at adding in a library for svg cleaning that depends on it, but
> not sure if that's something that can be added in, or if I
> should re-implement those features.
MediaWiki's Sanitizer.php was written long before HTMLPurifier existed. I
imagine if such a thought-out and stable library had existed in 2002, Brion
would have opted to use it instead of rolling his own. In general, the less
reinventing of the wheel, the better. :-) Obviously you have to consider
the licensing, speed, capability, security, and stability of such libraries
when making a decision whether to use one, though.
Wikitech-l mailing list
Wikitech-l [at] lists