Subscribe: RSS
  • Does anyhone have a free hour to implement HTMLPurifier plugin? =)

    Check: http://hp.jpsband.org/

    The only problem is that AFAIK we so far don’t have order on events implemented and this is usefull when it’s really the LAST plugin.
    • Well, I could try noodling around with Modx CMS, and see if I could bang out a plugin (I guess I ought to do it for all the major blogs/CMS out there to speed adoption).

      Tracked you guys down from my referrer log. wink
      • Welcome Ambush! laugh

        Please feel free to join the fray! Your code looks really great. If we need to insert a new event to tag off of, I don’t see why would couldn’t manage to squeeze that one in. wink
          Ryan Thrash, MODX Co-Founder
          Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
        • Quote from: Ambush at Aug 20, 2006, 06:04 PM

          Well, I could try noodling around with Modx CMS, and see if I could bang out a plugin (I guess I ought to do it for all the major blogs/CMS out there to speed adoption).

          Tracked you guys down from my referrer log. wink

          That would be awesome!
          Thanks Ambush Commander!\

          -sD-
            Husband, Father, Brother, Son, Programmer, Atheist, Nurse, Friend, Lover, Fighter.
            All of the above... in no specific order.


            I send pointless little messages
          • Okay, after wrangling with the download (it doesn’t work in Firefox or Opera regardless of firewall, you may want to investigate that), I’ve got a copy of the package. However, the events that the documentation covers seem to only cover filters during pageserves. Now, while it’s possible to hook in HTMLPurifier at that point in time, the library is not fast, and it would be better if it was used on form submission. (or, if you have a caching system that I don’t know about, that works too). Any pointers?
            • Quote from: Ambush at Aug 21, 2006, 07:24 PM

              ..However, the events that the documentation covers seem to only cover filters during pageserves. Now, while it’s possible to hook in HTMLPurifier at that point in time, the library is not fast, and it would be better if it was used on form submission. (or, if you have a caching system that I don’t know about, that works too). Any pointers?
              You can use the OnDocFormSave event to itercept document saving and alter the posted data. Look for a example here Re: Is it possible to change values when a document is saved in the manager?

              Also, you can see all the available events by creating a new plugin and viewing "System Events" tab. I know the documentation isn’t very well detailed at this stage, but there is a reason for this too. The developing pace of this project has been extremely fast and the documentation has not just followed the same pace. There is also a total rewrite going on behind the scenes currently and you can imagine that there’s not alot of extra energy to write a documentation at this time knowing that it will be outdated in the near future. But with the next release, there will be (along with other documentation) extensive developers documentation built straight from the source, so it’s all being worked on. The future version is using XPDO ORM layer (also built by MODx core team member) and that will give you some idea where this project is going..

              I don’t know what would be the best event/events to implement the HTMLPurifier plugin, but I know that OnDocFormSave is not the best, because at this point none of the chunks/snippets/etc have not returned their output. I guess OnCacheUpdate could be one place to "purify" cached pages. OnParseDocument would be done at every page render, but as you say, it might be too much overhead.. So maybe someone with more knowledge on inner workings can give you a better answer.

              Anyways.. here’s a list of sytem events from 0.9.2.1, some new are coming in 0.9.5 and Ryan even said that new event for this purpose could be squeezed in if needed smiley (altought, I think that there is allready enought events to choose from..)

              Template Service Events

              OnDocPublished
              OnDocUnPublished
              OnLoadWebDocument
              OnParseDocument
              OnWebPageInit
              OnWebPagePrerender

              Cache Service Events

              OnBeforeCacheUpdate
              OnBeforeSaveWebPageCache
              OnCacheUpdate
              OnLoadWebPageCache

              Web Access Service Events

              OnBeforeWebLogin
              OnBeforeWebLogout
              OnWebAuthentication
              OnWebChangePassword
              OnWebCreateGroup
              OnWebDeleteUser
              OnWebLogin
              OnWebLogout
              OnWebSaveUser

              Manager Access Events
              OnBeforeManagerLogin
              OnBeforeManagerLogout
              OnManagerAuthentication
              OnManagerChangePassword
              OnManagerCreateGroup
              OnManagerDeleteUser
              OnManagerLogin
              OnManagerLogout
              OnManagerPageInit
              OnManagerSaveUser

              Parser Service Events

              OnFileManagerUpload
              OnPageNotFound
              OnPageUnauthorized
              OnSiteRefresh

              Chunks
              OnBeforeChunkFormDelete
              OnBeforeChunkFormSave
              OnChunkFormDelete
              OnChunkFormPrerender
              OnChunkFormRender
              OnChunkFormSave

              Documents
              OnBeforeDocFormDelete
              OnBeforeDocFormSave
              OnCreateDocGroup
              OnDocFormDelete
              OnDocFormPrerender
              OnDocFormRender
              OnDocFormSave

              Modules
              OnBeforeModFormDelete
              OnBeforeModFormSave
              OnModFormDelete
              OnModFormPrerender
              OnModFormRender
              OnModFormSave

              Plugins
              OnBeforePluginFormDelete
              OnBeforePluginFormSave
              OnPluginFormDelete
              OnPluginFormPrerender
              OnPluginFormRender
              OnPluginFormSave

              RichText Editor
              OnRichTextEditorInit
              OnRichTextEditorRegister

              Snippets

              OnBeforeSnipFormDelete
              OnBeforeSnipFormSave
              OnSnipFormDelete
              OnSnipFormPrerender
              OnSnipFormRender
              OnSnipFormSave

              System Settings

              OnFriendlyURLSettingsRender
              OnInterfaceSettingsRender
              OnMiscSettingsRender
              OnSiteSettingsRender
              OnUserSettingsRender

              Template Variables
              OnBeforeTVFormDelete
              OnBeforeTVFormSave
              OnTVFormDelete
              OnTVFormPrerender
              OnTVFormRender
              OnTVFormSave

              Templates

              OnBeforeTempFormDelete
              OnBeforeTempFormSave
              OnTempFormDelete
              OnTempFormPrerender
              OnTempFormRender
              OnTempFormSave

              Users
              OnBeforeUserFormDelete
              OnBeforeUserFormSave
              OnUserFormDelete
              OnUserFormPrerender
              OnUserFormRender
              OnUserFormSave

              Web Users
              OnBeforeWUsrFormDelete
              OnBeforeWUsrFormSave
              OnWUsrFormDelete
              OnWUsrFormPrerender
              OnWUsrFormRender
              OnWUsrFormSave


                "He can have a lollipop any time he wants to. That's what it means to be a programmer."
              • This would be perfect for Replix, which seems to insert
                tags as if they are going out of style!

                -sD-
                  Husband, Father, Brother, Son, Programmer, Atheist, Nurse, Friend, Lover, Fighter.
                  All of the above... in no specific order.


                  I send pointless little messages
                • I don’t know what would be the best event/events to implement the HTMLPurifier plugin, but I know that OnDocFormSave is not the best, because at this point none of the chunks/snippets/etc have not returned their output.

                  That might be a good thing. While I’ve tried to make HTMLPurifier as permissive as possible, there are certain HTML elements it will never support: FORM (and friends), OBJECT, EMBED, IFRAME, etc. Since snippets and chunks are highly trusted, we may want to let them bypass the filtering process. Their syntax is primarily compatible, although the ampersands may be a PITA to handle (they’ll all get escaped).

                  What precisely is expected user input, and what kinds of HTML do snippets and chunks use? If snippets/chunks need to bypass the filter, we’d want to put HTMLPurifier before them, but if their output is basically the same, we can put HTMLPuriifer after, perhaps on the cache event.

                  Besides all that, I’m still not precisely sure how the plugin structure works (from what I gather, it’s a snippet that’s directly copypasted onto your index.php).
                  • Sorry for my misunderstanding...is there a problem with speed while hooking it on OnWebPageInit?

                    Probably it was not a best idea to assign this to someone out of the team, while creating modx plugin is really simple, check out this code, that is Texy plugin (Texy is Textile/Markdown alternative).

                    $e = &$modx->Event;
                    
                    switch ($e->name) {
                    	case "OnWebPagePrerender":	
                    		include_once($modx->config["base_path"].'/assets/plugins/texy/texy.php');
                    		$texyengine = &new Texy();
                    		$doc = $modx->documentOutput;
                    		$doc = $texyengine->process($doc);
                    		$modx->documentOutput = $doc;
                    		break;
                    		
                    	default:	// stop here
                    		return; 
                    		break;	
                    }
                    
                    return $texy;


                    Basically you create a case for events and modify $modx->documentOutput inside.
                    • Perhaps so, considering the state of the documentation. People are posting code willy nilly, but where precisely does it all go? The plugin directory? A new module? I don’t see the word Plugin mentioned at all in the Content Manager, is it equivalent to module?

                      Sorry about my ignorance. It takes me a little while to grasp third-party applications, especially big ones. I’ve never seen anything like Modx before (and that, in a way, is a good thing ;-)