Marcus Artner
214cb8a693
Fixed Issue #264 : <thead> element removed from <table> if there are no <tbody> or <tr> elements ( #283 )
2021-01-26 11:11:50 -05:00
Edward Z. Yang
ce7efc11b2
Delete language tests that are interfering with PSR-0 compatibility
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2020-06-28 20:38:16 -04:00
Mateusz Turcza
3bdc031224
Add %HTML.Forms config directive ( #260 )
...
The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted
value. This adds support for form elements without enabling other unsafe
modules, such as Scripts, Iframe or Object.
To achieve the same effect without this directive one has to explicitly list
all enabled modules in %HTML.AllowedModules, and any not listed will be
removed. This however is not very convenient, as the allowed modules may vary
between doctypes.
Resolves #213 .
2020-06-28 20:26:33 -04:00
Fräntz Miccoli
ced089434d
Make purifyArray work with empty array ( #245 )
2020-02-22 12:12:02 -05:00
lubomirbartos
df923d1f15
Issue 238 remove leading zeroes except if there is only zero ( #239 )
...
* Issue 238 remove leading zeroes except if there is only zero
* Issue-238 unit test fixes
2019-11-21 10:05:07 -05:00
Sandro Miguel Marques
b91833877a
Method purifyArray() updated ( #143 )
...
* Methof purifyArray() updated
Now it works with multidimensional arrays
* Add test case.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2019-07-14 14:10:33 -04:00
Edward Z. Yang
abba77a80b
Recent PHPs default to display_error=0, override this in index.php
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2019-07-14 14:04:12 -04:00
Michael Kliewe
7cfc44654a
CSS: added "initial" and "inherit" to width + height ( #144 )
...
* CSS: added "initial" and "inherit" to width + height
CSS: added "initial" and "inherit" to min-width + min-height, removed "auto"
CSS: added "initial" and "inherit" and "none" to max-width + max-height, removed "auto"
* Fixed test: min-width:auto; should be false
2019-07-14 13:20:58 -04:00
msuzuki
8c153eef3a
Supported hundreds of nested HTML ( #202 )
...
* Supported hundreds of nested HTML (#201 )
* Add Core.AllowParseManyTags
2019-07-14 13:15:31 -04:00
Darko Hrgovic
f03e1a2c48
Fixed reserved words in constants for PHP 7 as per https://www.php.net/manual/en/reserved.other-reserved-words.php ( #222 )
2019-07-10 22:24:27 -04:00
Edward Z. Yang
3d15f5253b
Don't define __autoload; rely on spl_autoload_register
...
Fixes #196
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:55:01 -05:00
Edward Z. Yang
0f7b138aaf
Make SafeScripting case-sensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:21:58 -05:00
Dimitri Gritsajuk
5a01e6535d
[SafeScripting] disable autoclosing of <script /> tag ( #198 )
2018-11-11 15:04:11 -05:00
Jan Dageförde
67c3798922
Add relative length units from CSS 3
...
cf. https://www.w3schools.com/cssref/css_units.asp
2017-12-22 21:59:47 -05:00
Marina Glancy
ce0ede24de
Use IDNA2008 for converting domains to ASCII
2017-10-03 11:19:50 -04:00
Edward Z. Yang
5bc7c72608
Add tests for new entity decoding codepath.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-12 20:05:09 -07:00
Edward Z. Yang
9d2d75d8bc
Add test case for removing empty list items.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-08 00:11:32 -08:00
Edward Z. Yang
7e11c271b9
Revamp entity decoding to be more like HTML5.
...
See %Core.LegacyEntityDecoder for more details.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-07 17:34:59 -08:00
Edward Z. Yang
5886326cd0
Test for catastrophic backtracking.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 23:26:55 -08:00
Edward Z. Yang
0c31b22240
Merge pull request #118 from fxbt/master
...
Add hsl, hsla and rgba support for css color attribute definition
2017-03-06 23:01:06 -08:00
Edward Z. Yang
5662efc936
Fix #78 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 22:54:54 -08:00
mpyw
d16e73e63e
Add test for #122
2017-03-04 15:40:44 +09:00
f.godfrin
0bab4b9fd0
Fix mungeRgb to handle percent, float and hsl values
2017-02-10 00:38:05 +01:00
f.godfrin
bd92f3531b
Remove double %
2017-02-09 23:37:36 +01:00
f.godfrin
0d5ab2fe13
Include hsl and hsla support
2017-02-09 23:34:19 +01:00
f.godfrin
d41a59e422
Add rgba support for css color attribute definition
2017-02-09 22:18:15 +01:00
Bastian Hofmann
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
Bastian Hofmann
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00
Edward Z. Yang
5070404376
Handle semicolons in strings in CSS correctly.
...
Fixes http://htmlpurifier.org/phorum/read.php?3,7522,8096
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-29 00:01:19 -07:00
Edward Z. Yang
59463c5c39
Allow %URI.DefaultScheme to be null.
...
Fixes #103 .
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 17:30:44 -07:00
Edward Z. Yang
20b40a5441
Travis support.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 02:00:47 -07:00
Edward Z. Yang
8b28e571fe
Handle case when IDNAs are supported.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 02:00:46 -07:00
Edward Z. Yang
3ae21ce511
PHP 7.0 warnings fix: don't pass rvalue by reference.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 02:00:46 -07:00
zema
246fc8946a
css properties: min-width, max-width, min-height, max-height
2016-09-05 10:45:58 +03:00
Edward Z. Yang
d1c5d75027
Fix #73 with Attr.ID.HTML5
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-07-16 05:52:45 -07:00
Bart Butler
3747cb7efb
avoid exif_imagetype exception with small files/corrupt data URI
2016-07-16 05:23:17 -07:00
Edward Z. Yang
44baee6a82
Partial border-radius support.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-06-30 22:22:13 -04:00
Cameron Ball
1675fc7caf
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-06-30 21:53:43 -04:00
Wes Cossick
cc35c8eb8c
tel protocol support.
2016-06-30 21:19:49 -04:00
Edward Z. Yang
43a9f052fd
Fix #57 , make flashvars check (and others) case-insensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-27 15:56:30 -07:00
Edward Z. Yang
b4981c3395
Fix #67 , don't use <body> tags in comments for %Core.ConvertDocumentToFragment
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-27 15:19:32 -07:00
Edward Z. Yang
f14076dc3e
Fix #49 ; prevent readdir infinite loop when cache directory not listable.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-27 14:53:31 -07:00
Edward Z. Yang
91fd55c857
Fix #45 , errors when ul/ol allowed without li.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-26 22:41:54 -07:00
Edward Z. Yang
753c830239
Update to work with Git version of SimpleTest.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-24 00:08:03 -07:00
Edward Z. Yang
72123e23c9
Update ExtractStyleBlocks tests for modern CSSTidy at https://github.com/Cerdic/CSSTidy
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-23 23:39:38 -07:00
Edward Z. Yang
45161b4fb1
Accept leading digits in hostnames as per RFC 1123.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-23 22:42:21 -07:00
Synchro
25db9e1dd0
Don't use PHP4-style constructors
2016-03-16 17:09:41 -07:00
Edward Z. Yang
92aabf2b23
Fix #76 , linkify includes dots at end of URL.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-02 02:05:54 -08:00
Edward Z. Yang
aebe1c02a2
Use idn_to_ascii when available.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-02 01:35:07 -08:00
Edward Z. Yang
913ac6955b
CSS.AllowDuplicates for duplicate properties.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2015-12-20 11:53:54 -08:00