diff --git a/NEWS b/NEWS index f42dd0d3..3215198a 100644 --- a/NEWS +++ b/NEWS @@ -6,8 +6,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier - Malformed UTF-8 and non-SGML character detection and cleaning implemented - API documentation completed - Shorthand CSS properties implemented: font, border +- A limited version of CSS background implemented, only color is supported - Basic color keywords translated into hexadecimal values -- Table CSS properties implementeds +- Table CSS properties implemented 1.0.0beta, released 2006-08-16 - First public release, most functionality implemented. Notable omissions are: diff --git a/TODO b/TODO index 74d5d7f4..370d089a 100644 --- a/TODO +++ b/TODO @@ -6,12 +6,10 @@ Ongoing - Plugins for major CMSes (very tricky issue) 1.0 release - - Limited shorthand CSS attributes - - background - - list-style - - Revise (HTML|CSS)Definition and Config relationship (groundwork for 2.0) + - Limited list-style shorthand CSS support - Lossy alternate character encoding support (characters not in the encoding will get silently dropped). + - Revise (HTML|CSS)Definition and Config relationship (groundwork for 2.0) 1.1 release - Directive documentation generation @@ -25,6 +23,8 @@ Ongoing 1.3 release - Make URI validation routines tighter (especially mailto) + - More extensive URI filtering schemes + - Allow for background-image and list-style-image (see above) - Distinguish between different types of URIs, for instance, a mailto URI in IMG SRC is nonsensical diff --git a/library/HTMLPurifier/CSSDefinition.php b/library/HTMLPurifier/CSSDefinition.php index e8bf00f4..97c9e0a0 100644 --- a/library/HTMLPurifier/CSSDefinition.php +++ b/library/HTMLPurifier/CSSDefinition.php @@ -75,6 +75,15 @@ class HTMLPurifier_CSSDefinition array('capitalize', 'uppercase', 'lowercase', 'none'), false); $this->info['color'] = new HTMLPurifier_AttrDef_Color(); + // technically speaking, this one should get its own validator, but + // since we don't support background images, it effectively is + // equivalent to color. The only trouble is that if the author + // specifies an image and a color, they'll both end up getting dropped, + // even though we ought to implement it and just discard the image + // info. This will be fixed in a later version (see TODO) when + // better URI filtering is implemented. + $this->info['background'] = + $border_color = $this->info['border-top-color'] = $this->info['border-bottom-color'] = diff --git a/tests/HTMLPurifier/AttrDef/CSSTest.php b/tests/HTMLPurifier/AttrDef/CSSTest.php index d4c0e077..0b3b659b 100644 --- a/tests/HTMLPurifier/AttrDef/CSSTest.php +++ b/tests/HTMLPurifier/AttrDef/CSSTest.php @@ -23,6 +23,7 @@ class HTMLPurifier_AttrDef_CSSTest extends HTMLPurifier_AttrDefHarness $this->assertDef('text-transform:capitalize;'); $this->assertDef('background-color:rgb(0,0,255);'); $this->assertDef('background-color:transparent;'); + $this->assertDef('background:#FF9;'); $this->assertDef('color:#F00;'); $this->assertDef('border-top-color:#F00;'); $this->assertDef('border-color:#F00 #FF0;');