Topsoil HTML Filter
What (summary)
A Ruby implementation of a filter that passes a well-known set of tests that prevent users from altering the styles and scripts that control how content looks on our site.
This is a server side tool that allows users to submit rich content (e.g., html) without introducing security risks to the system or other users.
Why this is important
It's enabling server side technology for an HTML representation of wiki content. The problem it solves is preventing security abuses and restricting HTML usage to forms that we can understand. Flickr uses a php implementation that passes all of the same tests as the python HTML Filter. Our Ruby version will also pass these same tests.
DoneDone
- All python or php tests are converted to Ruby
- Ruby implementation passes all of the converted tests
Notes
- http://amisphere.com/contrib/python-html-filter/
- lib_filter.php