HTMLPurifier?#

Does anyhone have a free hour to implement HTMLPurifier plugin? =)

Check: http://hp.jpsband.org/

The only problem is that AFAIK we so far don't have order on events implemented and this is usefull when it's really the LAST plugin.

Well, I could try noodling around with Modx CMS, and see if I could bang out a plugin (I guess I ought to do it for all the major blogs/CMS out there to speed adoption).

Tracked you guys down from my referrer log.

Welcome Ambush!
Please feel free to join the fray! Your code looks really great. If we need to insert a new event to tag off of, I don't see why would couldn't manage to squeeze that one in.

Quote from: Ambush at Aug 20, 2006, 01:04 PM

Well, I could try noodling around with Modx CMS, and see if I could bang out a plugin (I guess I ought to do it for all the major blogs/CMS out there to speed adoption).

Tracked you guys down from my referrer log.

That would be awesome!
Thanks Ambush Commander!\

-sD-

Okay, after wrangling with the download (it doesn't work in Firefox or Opera regardless of firewall, you may want to investigate that), I've got a copy of the package. However, the events that the documentation covers seem to only cover filters during pageserves. Now, while it's possible to hook in HTMLPurifier at that point in time, the library is not fast, and it would be better if it was used on form submission. (or, if you have a caching system that I don't know about, that works too). Any pointers?

Quote from: Ambush at Aug 21, 2006, 02:24 PM

..However, the events that the documentation covers seem to only cover filters during pageserves. Now, while it's possible to hook in HTMLPurifier at that point in time, the library is not fast, and it would be better if it was used on form submission. (or, if you have a caching system that I don't know about, that works too). Any pointers?

You can use the OnDocFormSave event to itercept document saving and alter the posted data. Look for a example here Re: Is it possible to change values when a document is saved in the manager?
Also, you can see all the available events by creating a new plugin and viewing "System Events" tab. I know the documentation isn't very well detailed at this stage, but there is a reason for this too. The developing pace of this project has been extremely fast and the documentation has not just followed the same pace. There is also a total rewrite going on behind the scenes currently and you can imagine that there's not alot of extra energy to write a documentation at this time knowing that it will be outdated in the near future. But with the next release, there will be (along with other documentation) extensive developers documentation built straight from the source, so it's all being worked on. The future version is using XPDO ORM layer (also built by MODx core team member) and that will give you some idea where this project is going..

I don't know what would be the best event/events to implement the HTMLPurifier plugin, but I know that OnDocFormSave is not the best, because at this point none of the chunks/snippets/etc have not returned their output. I guess OnCacheUpdate could be one place to "purify" cached pages. OnParseDocument would be done at every page render, but as you say, it might be too much overhead.. So maybe someone with more knowledge on inner workings can give you a better answer.

Anyways.. here's a list of sytem events from 0.9.2.1, some new are coming in 0.9.5 and Ryan even said that new event for this purpose could be squeezed in if needed (altought, I think that there is allready enought events to choose from..)
Template Service Events OnDocPublished
OnDocUnPublished
OnLoadWebDocument
OnParseDocument
OnWebPageInit
OnWebPagePrerender
Cache Service Events OnBeforeCacheUpdate
OnBeforeSaveWebPageCache
OnCacheUpdate
OnLoadWebPageCache
Web Access Service Events OnBeforeWebLogin
OnBeforeWebLogout
OnWebAuthentication
OnWebChangePassword
OnWebCreateGroup
OnWebDeleteUser
OnWebLogin
OnWebLogout
OnWebSaveUser

Manager Access Events OnBeforeManagerLogin
OnBeforeManagerLogout
OnManagerAuthentication
OnManagerChangePassword
OnManagerCreateGroup
OnManagerDeleteUser
OnManagerLogin
OnManagerLogout
OnManagerPageInit
OnManagerSaveUser
Parser Service Events OnFileManagerUpload
OnPageNotFound
OnPageUnauthorized
OnSiteRefresh

Chunks OnBeforeChunkFormDelete
OnBeforeChunkFormSave
OnChunkFormDelete
OnChunkFormPrerender
OnChunkFormRender
OnChunkFormSave

Documents OnBeforeDocFormDelete
OnBeforeDocFormSave
OnCreateDocGroup
OnDocFormDelete
OnDocFormPrerender
OnDocFormRender
OnDocFormSave

Modules OnBeforeModFormDelete
OnBeforeModFormSave
OnModFormDelete
OnModFormPrerender
OnModFormRender
OnModFormSave

Plugins OnBeforePluginFormDelete
OnBeforePluginFormSave
OnPluginFormDelete
OnPluginFormPrerender
OnPluginFormRender
OnPluginFormSave

RichText Editor OnRichTextEditorInit
OnRichTextEditorRegister
Snippets OnBeforeSnipFormDelete
OnBeforeSnipFormSave
OnSnipFormDelete
OnSnipFormPrerender
OnSnipFormRender
OnSnipFormSave
System Settings OnFriendlyURLSettingsRender
OnInterfaceSettingsRender
OnMiscSettingsRender
OnSiteSettingsRender
OnUserSettingsRender

Template Variables OnBeforeTVFormDelete
OnBeforeTVFormSave
OnTVFormDelete
OnTVFormPrerender
OnTVFormRender
OnTVFormSave
Templates OnBeforeTempFormDelete
OnBeforeTempFormSave
OnTempFormDelete
OnTempFormPrerender
OnTempFormRender
OnTempFormSave

Users OnBeforeUserFormDelete
OnBeforeUserFormSave
OnUserFormDelete
OnUserFormPrerender
OnUserFormRender
OnUserFormSave

Web Users OnBeforeWUsrFormDelete
OnBeforeWUsrFormSave
OnWUsrFormDelete
OnWUsrFormPrerender
OnWUsrFormRender
OnWUsrFormSave

This would be perfect for Replix, which seems to insert
tags as if they are going out of style!

-sD-

I don't know what would be the best event/events to implement the HTMLPurifier plugin, but I know that OnDocFormSave is not the best, because at this point none of the chunks/snippets/etc have not returned their output.

That might be a good thing. While I've tried to make HTMLPurifier as permissive as possible, there are certain HTML elements it will never support: FORM (and friends), OBJECT, EMBED, IFRAME, etc. Since snippets and chunks are highly trusted, we may want to let them bypass the filtering process. Their syntax is primarily compatible, although the ampersands may be a PITA to handle (they'll all get escaped).

What precisely is expected user input, and what kinds of HTML do snippets and chunks use? If snippets/chunks need to bypass the filter, we'd want to put HTMLPurifier before them, but if their output is basically the same, we can put HTMLPuriifer after, perhaps on the cache event.

Besides all that, I'm still not precisely sure how the plugin structure works (from what I gather, it's a snippet that's directly copypasted onto your index.php).

Sorry for my misunderstanding...is there a problem with speed while hooking it on OnWebPageInit?

Probably it was not a best idea to assign this to someone out of the team, while creating modx plugin is really simple, check out this code, that is Texy plugin (Texy is Textile/Markdown alternative).



Basically you create a case for events and modify $modx->documentOutput inside.

Perhaps so, considering the state of the documentation. People are posting code willy nilly, but where precisely does it all go? The plugin directory? A new module? I don't see the word Plugin mentioned at all in the Content Manager, is it equivalent to module?

Sorry about my ignorance. It takes me a little while to grasp third-party applications, especially big ones. I've never seen anything like Modx before (and that, in a way, is a good thing ;-)