Techblog Careesma Just another Network site


HTML Purifier custom attribute validation

Posted by Javier Lopez

HTML Purifier is a library written in PHP that filters malicious code (better known as XSS) in HTML inputs. It will make sure your documents are standards compliant and it will allow just HTML tags based in a tag/attribute white-list you define.

At careesma we have changed our previous  HTML input validation based in DTDs to HTML Purifier. The main reason as you can imagine is that 'hand' written DTDs are complex to write, read and maintain.

HTML Purifier has a default validation for every type of attribute (e.g. unique for id, URI for href, etc) but allow you to change the default behavior using the function HTMLDefinition::addAttribute(). This function has three parameters: the tag name, the attribute name and a class that tells HTML purifier how to validate the attribute value. There are several classes already defined in HTML purifier that let you, for example, define an enumeration of possible values as shown in the following example.

$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Allowed', implode('a[href|target]'));
$def = $config->getHTMLDefinition(true);
$def->addAttribute('a', 'target', new HTMLPurifier_AttrDef_Enum(
$purifier = new HTMLPurifier($config);
Tagged as: , Continue reading

FBJS tabs

Last week I had to work on a Facebook page that requested a second level of tabs. I was completely new to FBML and FBJS, but with modern javascript libraries you can do a tabbed interface with a couple of lines of code, so I thought it would have been a quick thing. With my great disappointment, I found out that doing such a simple thing in FBJS can be a horribly complicated task, so I decided that nobody else in the world had to suffer the same pain I did, and wrote down this tutorial. The final code goes against all my principles, it's not semantic nor sintactically correct. But it works.


Optimizing slow queries in Mysql

Posted by Luis Sobrecueva

Recently we had to optimize a set of slow queries in our website and I took advantage of this to write a brief article with some optimization tips.

When system performance is slow, before spending a lot of money in hardware, it's a good idea to review your mysql queries, and the best  tool to use is called 'EXPLAIN'.
Let's see a example:


Our Transition to Agile Testing, Step 1

Posted by Cath Bartlett

A year and a half ago we went agile here at careesma.  Sort of.  We changed our processes as much as we could at the time and since then we have continued making incremental changes.  This went hand in hand with en effort to change the architecture of the code and clean it up.  (By the way, we used this book by Mike Cohn almost exclusively to guide us in our process changes.)  The entire company began using redmine to track everything (which will be explained in more detail in another post).  Now our technology has almost made it to the current decade as we transition to Zend framework, and even though the architecture of our code will never really be designed to accommodate test-driven development, we only lack one more process change to really consider ourselves agile.  That change is to integrate QA into the development process.

But how?  After reading a lot of information on the topic, it seems that there is little concrete information on the subject because the actual process....well, it depends on your situation.  So the authors of books and articles have to remain abstract.  But I was looking for a concrete example of a transition from traditional testing to agile testing and concrete examples of particular practices.  I wanted an example of a team that had been using a process where developers "threw code over the wall" to QA and had made the change to agile development that included testers.


Geolocateme with javascript!

Posted by Albert Horta

New mobile phones (like iphone or android ones) have come out with some wonderful GPS features! And thanks to the W3C guys and their Geolocation API Specification, we can find the location of our web users (always to give them new features and services of course).

Mobile browsers offer us some DOM objects to control and find the user's location. As you know, I don't wanna fill this blog with empty words so let's see an example of that. I think it's the best way to learn!


Repcache & PHP = ‘Sessions on steroids’

Posted by Albert Horta

When I learned PHP, I always did think that sessions are great stuff that the PHP guys have given to us developers. But, playing with huge traffic websites (mainly when we have to handle multiple front ends), I always perceived it as huge limitation.

What do I mean? Simply put, sessions by default are saved on the machine that serves php. This means that we need to ensure that our incoming users always go to the same web server. We solved that problem (previously) using the expertise of our Systems team; they would 'stick' our sessions to one server. Great solution but with great problems. If a server fails (and we know that never happens, heheheh), every single user 'stuck' to that server gets thrown off with it.