mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 08:21:52 +00:00
Code Releases Activity
1,716 Commits 7 Branches 66 Tags 9.5 MiB
master
Commit Graph

1025 Commits

Author SHA1 Message Date
Fräntz Miccoli
ced089434d
Make purifyArray work with empty array (#245) 2020-02-22 12:12:02 -05:00
Kieran
c2c91f52d0
Added tr@bgcolor to tidy (#244) 2020-02-22 12:10:30 -05:00
Eloy Lafuente
37dd61c45f Correct implode() params for php74 compliance (#243) 
Passing parameters to implode() in reverse order is deprecated, use
implode($glue, $parts) instead of implode($parts, $glue).

Part of https://tracker.moodle.org/browse/MDL-67115
 2020-01-21 11:17:18 -05:00
Anders Jenbo
fe0452d688 Correct typehinting of maybeGet* (#240) 
getDefinition can return null, this wasn't properly hinted leaning to false error detections with static analyzers
 2019-12-04 10:29:08 -05:00
lubomirbartos
df923d1f15 Issue 238 remove leading zeroes except if there is only zero (#239) 
* Issue 238 remove leading zeroes except if there is only zero

* Issue-238 unit test fixes
 2019-11-21 10:05:07 -05:00
Edward Z. Yang
a617e55bc6 Release 4.12.0 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2019-10-27 23:44:26 -04:00
Edward Z. Yang
b4ec8c8036 Merge remote-tracking branch 'ezyang/master' 2019-10-27 23:40:25 -04:00
Mateusz Turcza
06b3fc4cf4 Fix phpdoc params in HTMLModule::addElement() and Bool attr (#233) 2019-10-25 10:07:38 -04:00
Mateusz Turcza
ab2887e423 Fix DOM Lexer for PHP versions older than 5.4 (#225) 2019-08-09 17:01:13 -04:00
Edi Modrić
b88fcd180c Replace curly braces with square brackets in string offsets (#224) 2019-07-30 22:50:43 -04:00
Edward Z. Yang
83ab08bc1a Release 4.11.0 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2019-07-14 14:58:38 -04:00
Sandro Miguel Marques
b91833877a Method purifyArray() updated (#143) 
* Methof purifyArray() updated

Now it works with multidimensional arrays

* Add test case.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2019-07-14 14:10:33 -04:00
Michael Kliewe
7cfc44654a CSS: added "initial" and "inherit" to width + height (#144) 
* CSS: added "initial" and "inherit" to width + height
CSS: added "initial" and "inherit" to min-width + min-height, removed "auto"
CSS: added "initial" and "inherit" and "none" to max-width + max-height, removed "auto"

* Fixed test: min-width:auto; should be false
 2019-07-14 13:20:58 -04:00
msuzuki
8c153eef3a Supported hundreds of nested HTML (#202) 
* Supported hundreds of nested HTML (#201)

* Add Core.AllowParseManyTags
 2019-07-14 13:15:31 -04:00
DiLong Fa
524cd08a59 Update Config.php (#211) 
Fixed Undefined index: class
 2019-07-14 13:11:34 -04:00
Lukas Neumann
5a90c92d83 Adds PHP 7.3 to Travis (#214) 
* Adds PHP 7.3 to Travis

* Fix tests for PHP 7.3
 2019-07-14 13:10:24 -04:00
Darko Hrgovic
f03e1a2c48 Fixed reserved words in constants for PHP 7 as per https://www.php.net/manual/en/reserved.other-reserved-words.php (#222) 2019-07-10 22:24:27 -04:00
Edward Z. Yang
a93250f251 Don't use @ warning suppression. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2018-11-11 18:20:33 -05:00
Edward Z. Yang
21e32042e9 Update schema for case-sensitive safe scripting 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2018-11-11 16:54:33 -05:00
Chris Pelzer
ab7bbefe8a Update reference to the valid types to refer to HTMLPurifier_VarParser::types (#189) 2018-11-11 16:23:01 -05:00
Edward Z. Yang
0f7b138aaf Make SafeScripting case-sensitive. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2018-11-11 16:21:58 -05:00
Edward Z. Yang
4b6b3b31e8 Typofix: AutoForamt -> AutoFormat 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2018-11-11 16:21:58 -05:00
Dimitri Gritsajuk
5a01e6535d [SafeScripting] disable autoclosing of <script /> tag (#198) 2018-11-11 15:04:11 -05:00
Daijobou
b81690c17e More colors names (#176) 
Added more colors names https://www.w3schools.com/colors/colors_names.asp

remove old unorded colors names
 2018-06-09 22:48:13 -04:00
Mateusz Turcza
89b3fe431e Use IDNA constants only if defined (#171) 
Fixes #168.

Solution based on https://git.ispconfig.org/ispconfig/ispconfig3/commit/0e3cf6f51b4fd.
 2018-03-04 19:16:11 -05:00
Mateusz Turcza
3cb77da11d Make tagName and node data detection hhvm compatible (#170) 2018-03-04 13:22:03 -05:00
Edward Z. Yang
d85d39da45 Release 4.10.0 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2018-02-22 20:58:20 -05:00
John Flatness
6d6d88512a Skip counting currentNesting if null 
This is an error starting in PHP 7.2
 2017-12-30 00:23:44 -05:00
John Flatness
bb7ad66526 Quarantine __autoload defs for PHP 7.2 compat 2017-12-30 00:23:05 -05:00
Edward Z. Yang
64baeda65c Deal with old libxml incompatibilities. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-12-22 22:03:02 -05:00
Jan Dageförde
67c3798922 Add relative length units from CSS 3 
cf. https://www.w3schools.com/cssref/css_units.asp
 2017-12-22 21:59:47 -05:00
Roberto
ab9c9f30fd Small typos in comments 2017-12-13 11:16:39 -05:00
Marina Glancy
ce0ede24de Use IDNA2008 for converting domains to ASCII 2017-10-03 11:19:50 -04:00
pawelkania
e11f7c9802 Fix E_WARNING when cache directory exists 
Sometimes Serializer from another thread already creaded dir - this commit resolves this issue.
 2017-06-20 09:53:14 +02:00
Edward Z. Yang
95e1bae318 Release 4.9.3 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-06-02 22:28:16 -04:00
Xiphin
1df505296f Mod: using stdClass instead of stdclass 2017-06-02 09:55:46 +08:00
Xiphin
b9bc1039da Mod: using null instead of false 2017-06-02 08:50:38 +08:00
Xiphin
cb4871f446 Fix: It runs on PHP 7.1.* CPU process is 100% 2017-06-01 21:32:25 +08:00
Viktor Khokhryakov
b45c6f5363 Autoloading must be skipped while checking for php builtin class. 2017-03-20 10:42:28 +04:00
Edward Z. Yang
6d50e5282a Release 4.9.2 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-12 23:30:53 -07:00
Edward Z. Yang
5bc7c72608 Add tests for new entity decoding codepath. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-12 20:05:09 -07:00
Eugene Leonovich
fd24de69a3 Fix a call to undefined function HTMLPurifier_Encoder() 2017-03-12 22:44:03 +01:00
Edward Z. Yang
5688656174 Fix more PHP 5.3 problems. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-08 18:01:58 -08:00
Edward Z. Yang
8836ae05aa Fix PHP 5.3 compatibility, fixes #125. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-08 17:46:29 -08:00
Edward Z. Yang
de82f9845f Release 4.9.1 (sic) 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-08 00:22:36 -08:00
Edward Z. Yang
74f123a84c Fix #83. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-07 17:52:41 -08:00
Edward Z. Yang
7e11c271b9 Revamp entity decoding to be more like HTML5. 
See %Core.LegacyEntityDecoder for more details.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-07 17:34:59 -08:00
Edward Z. Yang
66bbae73a9 Comment on why it's a non-greedy match. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-06 23:27:30 -08:00
Edward Z. Yang
564af61809 Usage/includes update. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-06 23:06:56 -08:00
Edward Z. Yang
b19dcb0ba5 CHANGELOG for #120 fix, and remove the array_filter. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-06 23:06:24 -08:00
Edward Z. Yang
0c31b22240 Merge pull request #118 from fxbt/master 
Add hsl, hsla and rgba support for css color attribute definition
 2017-03-06 23:01:06 -08:00
Edward Z. Yang
5662efc936 Fix #78. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-06 22:54:54 -08:00
Edward Z. Yang
353c96f156 Document skips in more detail, #116. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-06 20:31:28 -08:00
Edward Z. Yang
4047a6230b Extra cleanup on cleanUTF8. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-03-06 16:31:02 -08:00
Andrey Pozolotin
9195cb7a2e Added escape sequense 2017-03-06 16:28:53 -08:00
Andrey Pozolotin
39c4c359ad Fixing PREG_BACKTRACK_LIMIT_ERROR in HTMLPurifier_Filter_ExtractStyleBlocks 2017-03-06 16:28:53 -08:00
mpyw
f145f64bf4
Fix #122: correct surrogate pair range 2017-03-04 15:38:01 +09:00
f.godfrin
12185143ef Use a constructor and a property for the alpha check 2017-02-10 21:03:11 +01:00
f.godfrin
17a90a951a Better regex for mungeRgb 2017-02-10 00:40:56 +01:00
f.godfrin
0bab4b9fd0 Fix mungeRgb to handle percent, float and hsl values 2017-02-10 00:38:05 +01:00
f.godfrin
0d5ab2fe13 Include hsl and hsla support 2017-02-09 23:34:19 +01:00
f.godfrin
d41a59e422 Add rgba support for css color attribute definition 2017-02-09 22:18:15 +01:00
Bastian Hofmann
8e4cacf0a7 Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set 2017-02-03 16:54:51 -08:00
Bastian Hofmann
c82051c3e1 Add HTML.Noopener to add a noopener rel to every external link 
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/

Adresses https://github.com/ezyang/htmlpurifier/issues/96
 2017-02-03 16:54:51 -08:00
Edward Z. Yang
1b7d684d07 Remove $a = array($a) which is miscompiled by Zend OpCache. 
Fixes #108.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2017-01-04 14:35:52 -05:00
Edward Z. Yang
5070404376 Handle semicolons in strings in CSS correctly. 
Fixes http://htmlpurifier.org/phorum/read.php?3,7522,8096

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-10-29 00:01:19 -07:00
Edward Z. Yang
59463c5c39 Allow %URI.DefaultScheme to be null. 
Fixes #103.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-10-27 17:30:44 -07:00
Edward Z. Yang
3ba9133b21 Don't assume that idn_to_ascii does validation. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-10-27 02:00:46 -07:00
yan_kos
4dc68aa920 FIX directory not closing 
#100
 2016-10-15 16:20:47 +03:00
Edward Z. Yang
08eee90e15 Delete asserts, fixes #97. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-10-02 00:14:41 -07:00
Edward Z. Yang
1ef4375dbb Proposed fix to Serializer code. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-09-05 15:24:08 -07:00
zema
246fc8946a css properties: min-width, max-width, min-height, max-height 2016-09-05 10:45:58 +03:00
Nick del Pozo
1f982d279f rollback change to permissions 2016-07-29 08:56:36 +09:00
Nick del Pozo
8be8cee9b3 changed chmod behaviour in Serializer 2016-07-27 12:56:03 +09:00
Edward Z. Yang
d0c392f77d Release 4.8.0 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-07-16 05:58:58 -07:00
Edward Z. Yang
d1c5d75027 Fix #73 with Attr.ID.HTML5 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-07-16 05:52:45 -07:00
Bart Butler
3747cb7efb avoid exif_imagetype exception with small files/corrupt data URI 2016-07-16 05:23:17 -07:00
Edward Z. Yang
0166c3728b Stop trying to chmod if SerializerPermissions is null, fixes #71 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-07-01 16:04:11 -04:00
Edward Z. Yang
ed180f595d Hack to fix #85 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-07-01 15:52:09 -04:00
Edward Z. Yang
44baee6a82 Partial border-radius support. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-06-30 22:22:13 -04:00
Cameron Ball
1675fc7caf Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-06-30 21:53:43 -04:00
Wes Cossick
cc35c8eb8c tel protocol support. 2016-06-30 21:19:49 -04:00
Edward Z. Yang
43a9f052fd Fix #57, make flashvars check (and others) case-insensitive. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-27 15:56:30 -07:00
Edward Z. Yang
b4981c3395 Fix #67, don't use <body> tags in comments for %Core.ConvertDocumentToFragment 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-27 15:19:32 -07:00
Edward Z. Yang
f14076dc3e Fix #49; prevent readdir infinite loop when cache directory not listable. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-27 14:53:31 -07:00
Edward Z. Yang
91fd55c857 Fix #45, errors when ul/ol allowed without li. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-26 22:41:54 -07:00
Mike Zukowsky
845edf16e2 Docblock update 2016-03-24 20:26:41 -07:00
Chimpzee
6e00b443cd Bug with tempnam("/tmp", ""); 
Some hostings have a different temporary path than "/tmp".
 2016-03-24 20:19:57 -07:00
Edward Z. Yang
1f3e282fde Fix a bounds error which now errors in PHP 7. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-24 00:13:08 -07:00
Edward Z. Yang
753c830239 Update to work with Git version of SimpleTest. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-24 00:08:03 -07:00
Edward Z. Yang
45161b4fb1 Accept leading digits in hostnames as per RFC 1123. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-23 22:42:21 -07:00
Edward Z. Yang
92aabf2b23 Fix #76, linkify includes dots at end of URL. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-02 02:05:54 -08:00
Edward Z. Yang
aebe1c02a2 Use idn_to_ascii when available. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2016-03-02 01:35:07 -08:00
Edward Z. Yang
913ac6955b CSS.AllowDuplicates for duplicate properties. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2015-12-20 11:53:54 -08:00
Edward Z. Yang
958ba65595 Don't truncate alts. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2015-09-29 15:36:53 -07:00
Edward Z. Yang
ae1828d955 Release 4.7.0. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2015-08-04 18:03:42 -07:00
Sylvain
2c963dcc7f Missing @return 
Adding PHPDoc @return statement for code completion in IDE
 2015-08-03 10:21:47 +02:00
Edward Z. Yang
c67e4c2f7e All values, including empty, are valid HTML bools. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2015-02-11 16:36:44 -08:00
Edward Z. Yang
0c3e68dd03 Stop using umask to make definition cache. Fixes #32 
This is not really the right way to solve the ACL problem,
but there isn't really any reason we should be mucking about
with the umask.

Mucked around with the test case to make it pass, but I think
it's probably a bit delicate now.

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2014-12-08 18:30:54 -08:00
Edward Z. Yang
cd60294ada Fix rgb in border attribute with spaces, fixes #30. 
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
 2014-08-31 12:12:38 +01:00