- Error collector / Language can take arrays and listify them
- AttrValidator takes token by reference
- Formatted errors now have their severity <strong>
- 100 test-cases! W00t!
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1250 48356398-32a2-884e-a903-53898d9a118a
- Register Generator context variable.
- Implement special substitutions for error collector.
- Also sort by order the errors came in.
- Fix line number determination bug in Lexer::create().
- Remove vestigial variables.
- Force all tag transforms to use copy(), implement serialize, unserialize algorithm for copy() in tokens.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1238 48356398-32a2-884e-a903-53898d9a118a
- Printer adheres to configuration's directives on output format
- Fix improperly named form field in ConfigForm printer
. HTMLPurifier_Config::getAllowedDirectivesForForm implemented, allows much easier selective embedding of configuration values
. Doctype objects now accept public and system DTD identifiers
. %HTML.Doctype is now constrained by specific values, to specify a custom doctype use new %HTML.CustomDoctype
. ConfigForm truncates long directives to keep the form small, and does not re-output namespaces
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1232 48356398-32a2-884e-a903-53898d9a118a
- Stray xmlns attributes removed from configuration documentation
. Interlinking in configuration documentation added using Injector_PurifierLinkify
. Directives now keep track of aliases to themselves
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1225 48356398-32a2-884e-a903-53898d9a118a
- Fixed bug where manually modified definitions were not saved via cache (mostly harmless, except for the fact that it would be a little slower)
- Configuration objects with different serials do not clobber each others when revision numbers are unequal
. DefinitionCache keys reordered to reflect precedence: version number, hash, then revision number
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1204 48356398-32a2-884e-a903-53898d9a118a
- DirectLex now honors comments with greater than or less than signs in them
- Comments are transformed into script elements, ending comments are scrapped
- Buggy generator code rewritten to be more error-proof
- AttrValidator checks if token has attributes before processing
- Remove invalid documentation from Scripting
- "Commenting" of script elements switched to the more advanced version
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1189 48356398-32a2-884e-a903-53898d9a118a
- Extend hash to convert strings from form key,value,key,value
- Hack up configdoc to accommodate configForm.php smoketest
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1101 48356398-32a2-884e-a903-53898d9a118a
- Armor some character index checking
- Add compatibility stuff for PHP_EOL
- Add autoclose for colgroup
- Compensate for realpath() quirkiness in old versions
- Add flush maintenance script
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1096 48356398-32a2-884e-a903-53898d9a118a
- Add extra protection in AttrDef_URI against phantom Schemes
- Doctype moved from config to HTMLDefinition
- AttrDef_URITest mocks have more generic object parameters to deal with PHP4's copy-happy behavior
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1089 48356398-32a2-884e-a903-53898d9a118a
- Rework descendants_are_inline to have default value as false, ins/del handling now works top-level when parent element is not block
- Remove CleanUTF8OnGeneration, feature didn't even work
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1086 48356398-32a2-884e-a903-53898d9a118a
- Fixed bug where recursive attribute collections would result in infinite loop
- Fixed bug with deep inclusions in attribute collections
- Reset doctype object if HTML or Attr is changed
- Add accessor functions to AttrTypes, unit tested class
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1077 48356398-32a2-884e-a903-53898d9a118a
- CommonAttributes factored into XMLCommonAttributes and NonXMLCommonAttributes
- Tidy abstract module was completely refactored in interest of usability
- Add friendly error message if module does not have name
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1070 48356398-32a2-884e-a903-53898d9a118a
- Make our modified class_exists() check to work in both PHP 4 and 5
(todo: we need some unit tests for ElementDef)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1023 48356398-32a2-884e-a903-53898d9a118a
- Add VERSION file, which contains just the version number of the release
- Add WHATSNEW, which is a short summary of the new release
- Add release.php which bumps all the necessary version numbers in files
- Update package.php so that the version numbers aren't hardcoded
- Add news entry for 1.7.0
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@935 48356398-32a2-884e-a903-53898d9a118a
- Fixed buggy chameleon-support for ins and del
. Removed context variable ParentType, replaced with IsInline, which
is false when you're not inline and an integer of the parent that
caused you to become inline when you are (so possibly zero)
. Removed ElementDef->type in favor of ElementDef->descendants_are_inline
and HTMLDefinition->content_sets
. StrictBlockquote now reports what elements its supposed to allow,
rather than what it does allow
. Removed HTMLDefinition->info_flow_elements in favor of
HTMLDefinition->content_sets['Flow']
. Removed redundant "exclusionary" definitions from DTD roster
. StrictBlockquote now requires a construction parameter as if it
were an Required ChildDef, this is the "real" set of allowed elements
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@710 48356398-32a2-884e-a903-53898d9a118a
- Added %Core.EscapeNonASCIICharacters to workaround %Core.Encoding misbehavior
- Add "All Tests" to test runner title and reorder subfile names
- Specific file is now called with ?f=
- Link to UTF-8 docs, even though they're not done
- 1000th unit test passed! W00t! (that's a third as many as SimpleTest has for itself.)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@658 48356398-32a2-884e-a903-53898d9a118a
- Move SLOW to docs/enduser-slow.html and add code examples
- Update README and WYSIWYG
- Add warning to HTMLPurifier.func.php about naming similarities
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@635 48356398-32a2-884e-a903-53898d9a118a
! HTMLPurifier object now accepts configuration arrays, no need to manually instantiate a configuration object
! Context object now accessible to outside
. HTMLPurifier_Config::create() added, takes mixed variable and converts into a HTMLPurifier_Config object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@611 48356398-32a2-884e-a903-53898d9a118a
- HTMLPurifier -> HTML Purifier
. HTMLPurifier_Config->getBatch($namespace) added
. More lenient casting to bool from string in HTMLPurifier_ConfigSchema
. <?xml ... tags added to all smoketests
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@578 48356398-32a2-884e-a903-53898d9a118a
# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false.
! New directives %URI.DisableExternalResources and %URI.DisableResources
! New directive %Attr.DisableURI, which eliminates all hyperlinking
- Missing "Available since" documentation added
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
- Updated progress with some more impl-no decisions
- Loose vs. Strict now has better tallying on current behavior
- Document what we're not allowing in loose
- Strict boolean indicator added to HTMLDefinition
- Added XHTML 1.1 to TODO.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@571 48356398-32a2-884e-a903-53898d9a118a
+ Transparently handles inline elements in block context (blockquote)
! Added GET method to demo for easier validation, added 50kb max input size
! New directive %HTML.BlockWrapper, for block-ifying inline elements
! New directive %HTML.Parent, allows you to only allow inline content
- Added missing type to ChildDef_Chameleon
. ChildDef_Required guards against empty tags
. Lookup table HTMLDefinition->info_flow_elements added
. Added peace-of-mind variable initialization to Strategy_FixNesting
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@560 48356398-32a2-884e-a903-53898d9a118a
+ %HTML.EnableAttrID - restores old behavior by allowing IDs
+ %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs so that they don't collide with your IDs
+ %Attr.IDPrefixLocal - Same as above, but for when there are multiple instances of user content on the page
+ Profuse documentation on how to use these available in id.txt
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@526 48356398-32a2-884e-a903-53898d9a118a
- HTMLPurifier_Context doesn't throw a variable reference error if you attempt to retrieve a non-existent variable
. Cleaned up test-cases to remove unnecessary swallowErrors()
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@525 48356398-32a2-884e-a903-53898d9a118a
- Update TODO
. Add another possible plaintext formatter
. Reference config-ideas.txt for URI options
- Update code-quality.txt, removing issues that have been addressed and updating time for post-beta
- Update config-ideas.txt
. Added more possible URI directives
. Removed silly language control directive
- Improved documentation on Class, CSS and Host
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@524 48356398-32a2-884e-a903-53898d9a118a
- Added %URI.DisableExternal, which prevents links to external websites. You can also use %URI.Host to permit absolute linking to subdomains
- Fixed a few bugs involving null configuration values
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@522 48356398-32a2-884e-a903-53898d9a118a
- Add TODO request about Phalanger, something to do if I'm really bored
- Update XSS attacks
- Minor formatting/grammar fixes in documentation
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@502 48356398-32a2-884e-a903-53898d9a118a
- All important classes that use Context were migrated. Todo: Classes that currently use $config but not $context are AttrTransform (done in r493) and URIScheme+Registry (done in r500). There may be more classes, incl TagTransform (done in r497) that should have both $config and $context added.
- Strategy unit tests now migrated to use HTMLPurifier_Harness
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@485 48356398-32a2-884e-a903-53898d9a118a
- Added notes on HTML versus XML attribute whitespace handling
- Noted that HTMLPurifier_ChildDef_Custom isn't being used
- Noted that config object's definitions are cached versions
- Hooked up HTMLPurifier_ChildDef_Custom's unit tests (they weren't being run)
- Tester named "HTML Purifier" not "HTMLPurifier"
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@472 48356398-32a2-884e-a903-53898d9a118a
