mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-22 08:21:52 +00:00
Release 3.1.1
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1808 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
1009bd41a6
commit
7015aaff46
2
Doxyfile
2
Doxyfile
@ -31,7 +31,7 @@ PROJECT_NAME = HTMLPurifier
|
|||||||
# This could be handy for archiving the generated documentation or
|
# This could be handy for archiving the generated documentation or
|
||||||
# if some version control system is used.
|
# if some version control system is used.
|
||||||
|
|
||||||
PROJECT_NUMBER = 3.1.0
|
PROJECT_NUMBER = 3.1.1
|
||||||
|
|
||||||
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
|
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
|
||||||
# base path where the generated documentation will be put.
|
# base path where the generated documentation will be put.
|
||||||
|
19
NEWS
19
NEWS
@ -9,12 +9,12 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
. Internal change
|
. Internal change
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
3.1.1, unknown release date
|
3.1.1, released 2008-06-19
|
||||||
# %URI.Munge now, by default, does not munge resources (for example, <img src="">)
|
# %URI.Munge now, by default, does not munge resources (for example, <img src="">)
|
||||||
In order to enable this again, please set %URI.MungeResources to true.
|
In order to enable this again, please set %URI.MungeResources to true.
|
||||||
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
|
! More robust imagecrash protection with height/width CSS with %CSS.MaxImgLength,
|
||||||
and height/width HTML with %HTML.MaxImgLength.
|
and height/width HTML with %HTML.MaxImgLength.
|
||||||
! %URI.SecureMunge for secure URI munging (as opposed to %URI.Munge). Thanks Chris
|
! %URI.MungeSecretKey for secure URI munging. Thanks Chris
|
||||||
for sponsoring this feature. Check out the corresponding documentation
|
for sponsoring this feature. Check out the corresponding documentation
|
||||||
for details. (Att Nightly testers: The API for this feature changed before
|
for details. (Att Nightly testers: The API for this feature changed before
|
||||||
the general release. Namely, rename your directives %URI.SecureMungeSecretKey =>
|
the general release. Namely, rename your directives %URI.SecureMungeSecretKey =>
|
||||||
@ -24,26 +24,31 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|||||||
! Allow modules to define injectors via $info_injector. Injectors are
|
! Allow modules to define injectors via $info_injector. Injectors are
|
||||||
automatically disabled if injector's needed elements are not found.
|
automatically disabled if injector's needed elements are not found.
|
||||||
! Support for "safe" objects added, use %HTML.SafeObject and %HTML.SafeEmbed.
|
! Support for "safe" objects added, use %HTML.SafeObject and %HTML.SafeEmbed.
|
||||||
|
Thanks Chris for sponsoring. If you've been using ad hoc code from the
|
||||||
|
forums, PLEASE use this instead.
|
||||||
! Added substitutions for %e, %n, %a and %p in %URI.Munge (in order,
|
! Added substitutions for %e, %n, %a and %p in %URI.Munge (in order,
|
||||||
embedded, tag name, attribute name, CSS property name). See %URI.Munge
|
embedded, tag name, attribute name, CSS property name). See %URI.Munge
|
||||||
for more details.
|
for more details. Requested by Jochem Blok.
|
||||||
- Disable percent height/width attributes for img
|
- Disable percent height/width attributes for img.
|
||||||
- AttrValidator operations are now atomic; updates to attributes are not
|
- AttrValidator operations are now atomic; updates to attributes are not
|
||||||
manifest in token until end of operations. This prevents naughty internal
|
manifest in token until end of operations. This prevents naughty internal
|
||||||
code from directly modifying CurrentToken when they're not supposed to.
|
code from directly modifying CurrentToken when they're not supposed to.
|
||||||
|
This semantics change was requested by frank farmer.
|
||||||
- Percent encoding checks enabled for URI query and fragment
|
- Percent encoding checks enabled for URI query and fragment
|
||||||
- Fix stray backslashes in font-family; CSS Unicode character escapes are
|
- Fix stray backslashes in font-family; CSS Unicode character escapes are
|
||||||
now properly resolved (although *only* in font-family).
|
now properly resolved (although *only* in font-family). Thanks Takeshi Terada
|
||||||
|
for reporting.
|
||||||
- Improve parseCDATA algorithm to take into account newline normalization
|
- Improve parseCDATA algorithm to take into account newline normalization
|
||||||
- Account for browser confusion between Yen character and backslash in
|
- Account for browser confusion between Yen character and backslash in
|
||||||
Shift_JIS encoding. This fix generalizes to any other encoding which is not
|
Shift_JIS encoding. This fix generalizes to any other encoding which is not
|
||||||
a strict superset of printable ASCII.
|
a strict superset of printable ASCII. Thanks Takeshi Terada for reporting.
|
||||||
- Fix missing configuration parameter in Generator calls. Thanks vs for the
|
- Fix missing configuration parameter in Generator calls. Thanks vs for the
|
||||||
partial patch.
|
partial patch.
|
||||||
- Improved adherence to Unicode by checking for non-character codepoints.
|
- Improved adherence to Unicode by checking for non-character codepoints.
|
||||||
Thanks Geoffrey Sneddon for reporting. This may result in degraded
|
Thanks Geoffrey Sneddon for reporting. This may result in degraded
|
||||||
performance for extremely large inputs.
|
performance for extremely large inputs.
|
||||||
- Allow CSS property-value pair ''text-decoration: none''
|
- Allow CSS property-value pair ''text-decoration: none''. Thanks Jochem Blok
|
||||||
|
for reporting.
|
||||||
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
|
. Added HTMLPurifier_UnitConverter and HTMLPurifier_Length for convenient
|
||||||
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
|
handling of CSS-style lengths. HTMLPurifier_AttrDef_CSS_Length now uses
|
||||||
this class.
|
this class.
|
||||||
|
1
TODO
1
TODO
@ -108,6 +108,7 @@ Neat feature related
|
|||||||
- Full set of color keywords. Also, a way to add onto them without
|
- Full set of color keywords. Also, a way to add onto them without
|
||||||
finalizing the configuration object.
|
finalizing the configuration object.
|
||||||
- Write a var_export and memcached DefinitionCache - Denis
|
- Write a var_export and memcached DefinitionCache - Denis
|
||||||
|
- Allow restriction of allowed class values
|
||||||
|
|
||||||
Maintenance related (slightly boring)
|
Maintenance related (slightly boring)
|
||||||
# CHMOD install script for PEAR installs
|
# CHMOD install script for PEAR installs
|
||||||
|
19
WHATSNEW
19
WHATSNEW
@ -1,10 +1,9 @@
|
|||||||
HTML Purifier 3.1.0 is the second release series for HTML Purifier on PHP 5
|
HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
|
||||||
as well as a security update related to URIs. It shifts over to using
|
two security vulnerabilities, both related to CSS, and one of which only
|
||||||
autoload, and also includes support for the !important CSS modifier,
|
applies to users using Shift_JIS as their output encoding. There is also
|
||||||
display and visibility CSS properties with %CSS.AllowTricky, marquee with
|
a security improvement regarding the imagecrash attack. There is a backwards
|
||||||
%HTML.Proprietary (had you scared for a moment, hmm?), a kses() wrapper,
|
incompatible change with %URI.Munge, in which resources are no longer munged
|
||||||
%CSS.AllowedProperties, %HTML.ForbiddenAttributes and
|
by default; please enable using %URI.MungeResources. Besides this, there
|
||||||
%HTML.ForbiddenElements and a totally revamped ConfigDoc system. Since the
|
are numerous improvements to URI munging, esp. with the addition of
|
||||||
release candidate, there have also been a number of stability fixes such as
|
%URI.MungeSecretKey, as well as an experimental implementation of
|
||||||
improved URI escaping, a change in serializer ID format, and a relaxed
|
%HTML.SafeObject and %HTML.SafeEmbed. There are also some memory optimizations.
|
||||||
format for %HTML.Allowed. And as always, numerous bugfixes.
|
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
|
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
|
||||||
* FILE, changes will be overwritten the next time the script is run.
|
* FILE, changes will be overwritten the next time the script is run.
|
||||||
*
|
*
|
||||||
* @version 3.1.0
|
* @version 3.1.1
|
||||||
*
|
*
|
||||||
* @warning
|
* @warning
|
||||||
* You must *not* include any other HTML Purifier files before this file,
|
* You must *not* include any other HTML Purifier files before this file,
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
HTML Purifier 3.1.0 - Standards Compliant HTML Filtering
|
HTML Purifier 3.1.1 - Standards Compliant HTML Filtering
|
||||||
Copyright (C) 2006-2008 Edward Z. Yang
|
Copyright (C) 2006-2008 Edward Z. Yang
|
||||||
|
|
||||||
This library is free software; you can redistribute it and/or
|
This library is free software; you can redistribute it and/or
|
||||||
@ -55,10 +55,10 @@ class HTMLPurifier
|
|||||||
{
|
{
|
||||||
|
|
||||||
/** Version of HTML Purifier */
|
/** Version of HTML Purifier */
|
||||||
public $version = '3.1.0';
|
public $version = '3.1.1';
|
||||||
|
|
||||||
/** Constant with version of HTML Purifier */
|
/** Constant with version of HTML Purifier */
|
||||||
const VERSION = '3.1.0';
|
const VERSION = '3.1.1';
|
||||||
|
|
||||||
/** Global configuration object */
|
/** Global configuration object */
|
||||||
public $config;
|
public $config;
|
||||||
|
@ -20,7 +20,7 @@ class HTMLPurifier_Config
|
|||||||
/**
|
/**
|
||||||
* HTML Purifier's version
|
* HTML Purifier's version
|
||||||
*/
|
*/
|
||||||
public $version = '3.1.0';
|
public $version = '3.1.1';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Bool indicator whether or not to automatically finalize
|
* Bool indicator whether or not to automatically finalize
|
||||||
|
Loading…
Reference in New Issue
Block a user