0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-08 23:08:42 +00:00
Commit Graph

234 Commits

Author SHA1 Message Date
Edward Z. Yang
2293c67eec [1.4.0] Revamp ConfigSchema tests, add more error checking.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@670 48356398-32a2-884e-a903-53898d9a118a
2007-01-20 22:59:20 +00:00
Edward Z. Yang
5e366b25f8 [1.4.0] Support for configuration directive aliases added.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@668 48356398-32a2-884e-a903-53898d9a118a
2007-01-20 18:43:58 +00:00
Edward Z. Yang
2e16c4a968 Replaced version check with functionality check for DOM
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@667 48356398-32a2-884e-a903-53898d9a118a
2007-01-20 15:07:48 +00:00
Edward Z. Yang
d693c4ea09 [1.4.0] Implement 'background' shorthand CSS property.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@663 48356398-32a2-884e-a903-53898d9a118a
2007-01-20 02:21:43 +00:00
Edward Z. Yang
a68b6afda1 [1.4.0] CSS property background-position implemented. Also:
- Fixed some misinformation in Percentage
- Add support for lowercase CSS length units

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@661 48356398-32a2-884e-a903-53898d9a118a
2007-01-20 01:40:56 +00:00
Edward Z. Yang
0dd866cc15 [1.4.0]
- Added %Core.EscapeNonASCIICharacters to workaround %Core.Encoding misbehavior
- Add "All Tests" to test runner title and reorder subfile names
- Specific file is now called with ?f=
- Link to UTF-8 docs, even though they're not done
- 1000th unit test passed! W00t! (that's a third as many as SimpleTest has for itself.)

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@658 48356398-32a2-884e-a903-53898d9a118a
2007-01-19 03:54:55 +00:00
Edward Z. Yang
ad1169c711 [1.4.0] Make all functions in Encoder static. Affects branches/strict
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@656 48356398-32a2-884e-a903-53898d9a118a
2007-01-18 22:55:44 +00:00
Edward Z. Yang
61f852d429 Merge in PHP5 strict changes that are applicable to PHP4.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@650 48356398-32a2-884e-a903-53898d9a118a
2007-01-16 22:22:08 +00:00
Edward Z. Yang
d60f345cab [1.4.0] Implemented background-image, background-repeat and background-attachment CSS properties. background shorthand property HAS NOT been extended to allow these, and background-position IS NOT implemented yet.
- Also: fixed up some flaky behavior in list-style shorthand, introduced uri_or_none

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@643 48356398-32a2-884e-a903-53898d9a118a
2007-01-15 01:14:24 +00:00
Edward Z. Yang
aefda60696 [1.4.0] Refactored ListStyle, since list-style-image was sort of tacked on and didn't really conform with the standard. Implementation is still a little flaky but conforms with W3C's validation service.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@642 48356398-32a2-884e-a903-53898d9a118a
2007-01-15 00:48:54 +00:00
Edward Z. Yang
23d3490d49 [1.4.0] Implemented list-style-image, URIs now allowed in list-style
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@640 48356398-32a2-884e-a903-53898d9a118a
2007-01-14 16:24:02 +00:00
Edward Z. Yang
582ffc4143 [1.4.0] Implemented AttrDef_CSSURI for url(http://google.com) style declarations
- 1.3.3 release downgraded to "not likely"

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@639 48356398-32a2-884e-a903-53898d9a118a
2007-01-14 15:54:05 +00:00
Edward Z. Yang
e2cc37724b [1.3.3]
- Move SLOW to docs/enduser-slow.html and add code examples
- Update README and WYSIWYG
- Add warning to HTMLPurifier.func.php about naming similarities

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@635 48356398-32a2-884e-a903-53898d9a118a
2007-01-11 22:28:44 +00:00
Edward Z. Yang
3ad6239dc3 Remove useless $init assignment.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@634 48356398-32a2-884e-a903-53898d9a118a
2007-01-07 23:55:55 +00:00
Edward Z. Yang
a909632d2d Release 1.3.2.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@621 48356398-32a2-884e-a903-53898d9a118a
2006-12-26 04:31:48 +00:00
Edward Z. Yang
688b1833f5 Fix typos in AttrDef/Lang.php involving lowercasing uppercased language strings.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@618 48356398-32a2-884e-a903-53898d9a118a
2006-12-26 03:56:53 +00:00
Edward Z. Yang
b6e222cbc2 [1.3.2] Added purifyArray(), which takes a list of HTML and purifies it all
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@615 48356398-32a2-884e-a903-53898d9a118a
2006-12-20 23:51:09 +00:00
Edward Z. Yang
360f984f63 [1.3.2]
! HTMLPurifier object now accepts configuration arrays, no need to manually instantiate a configuration object
! Context object now accessible to outside
. HTMLPurifier_Config::create() added, takes mixed variable and converts into a HTMLPurifier_Config object.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@611 48356398-32a2-884e-a903-53898d9a118a
2006-12-15 02:12:03 +00:00
Edward Z. Yang
a0fd6a9f5c Release 1.3.1.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@603 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:52:22 +00:00
Edward Z. Yang
b73b5100fd [1.3.1] Add defense in depth measure: reject entire node if there is no child definition for the element.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@601 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:38:25 +00:00
Edward Z. Yang
d886ed59fd [1.3.1] Standardized all attribute handling variables to attr, made it plural
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@600 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:29:08 +00:00
Edward Z. Yang
cbb492c52c [1.3.1] Fixed bug in RemoveInvalidImg code that caused all images to be dropped
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@599 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:12:44 +00:00
Edward Z. Yang
4f8f022eac [1.3.1] Added HTMLPurifier.func.php stub for a convenient function to call the library
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@598 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:04:16 +00:00
Edward Z. Yang
825b0671b5 [1.3.0] Bump version numbers.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@587 48356398-32a2-884e-a903-53898d9a118a
2006-11-26 23:18:32 +00:00
Edward Z. Yang
4bdc0446de [1.3.0] New directive %URI.HostBlacklist for blocking links to bad hosts. xssAttacks.php smoketest updated accordingly.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@586 48356398-32a2-884e-a903-53898d9a118a
2006-11-26 23:14:12 +00:00
Edward Z. Yang
9bbbb87ffa [1.3.0] Add Printer_CSSDefinition.
- Added @public identifiers to properties that the Printers are using.
- Augmented Printer::getClass() to include meta-info about the object (contained inside parentheses). Currently supports: enum, composite and multiple.
- Remove all linebreaks from Printer output
- Document Printer_HTMLDefinition's methods.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@581 48356398-32a2-884e-a903-53898d9a118a
2006-11-25 05:05:32 +00:00
Edward Z. Yang
b63b0be21f [1.3.0] Some housekeeping after the last commit
- Add a few missing unit tests
- Allow for spaces between comma separated strings to be transformed into arrays
- smoketests/printDefinition.php now has documentation, links to more documentation and a friendly user-interface

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@579 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 07:12:16 +00:00
Edward Z. Yang
73a1e31fad [1.3.0] Added spiffy new smoketest printDefinition.php, which lets you twiddle with the configuration settings and see how the internal rules are affected. (currently only complete for HTMLDefinition).
- HTMLPurifier -> HTML Purifier
. HTMLPurifier_Config->getBatch($namespace) added
. More lenient casting to bool from string in HTMLPurifier_ConfigSchema
. <?xml ... tags added to all smoketests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@578 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 06:26:02 +00:00
Edward Z. Yang
775763c583 [1.3.0] New directive %URI.Munge, munges URI so you can use some sort of redirector service to avoid PageRank leaks or warn users that they are exiting your site.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@576 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 00:29:16 +00:00
Edward Z. Yang
49cb2a4a7c [1.3.0] More control of URIs granted
# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false.
! New directives %URI.DisableExternalResources and %URI.DisableResources
! New directive %Attr.DisableURI, which eliminates all hyperlinking
- Missing "Available since" documentation added

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 23:59:20 +00:00
Edward Z. Yang
92b3f0e817 [1.3.0] <li value="4"> and <ul start="2"> now allowed in loose mode
- Updated progress with some more impl-no decisions
 - Loose vs. Strict now has better tallying on current behavior
 - Document what we're not allowing in loose
 - Strict boolean indicator added to HTMLDefinition
 - Added XHTML 1.1 to TODO.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@571 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 22:15:35 +00:00
Edward Z. Yang
925a07b828 [1.3.0] New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let users narrow the set of allowed tags
. Added HTMLPurifier->info_parent_def, parent child processing made special

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@565 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 13:51:19 +00:00
Edward Z. Yang
b1b3377b9c [1.3.0] Huge upgrade, (X)HTML Strict now supported
+ Transparently handles inline elements in block context (blockquote)
! Added GET method to demo for easier validation, added 50kb max input size
! New directive %HTML.BlockWrapper, for block-ifying inline elements
! New directive %HTML.Parent, allows you to only allow inline content
- Added missing type to ChildDef_Chameleon
. ChildDef_Required guards against empty tags
. Lookup table HTMLDefinition->info_flow_elements added
. Added peace-of-mind variable initialization to Strategy_FixNesting

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@560 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 03:23:35 +00:00
Edward Z. Yang
3b26e5dc5b [1.3.0] Refactored ChildDef classes into their own files
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@558 48356398-32a2-884e-a903-53898d9a118a
2006-11-22 18:55:15 +00:00
Edward Z. Yang
c5ea987069 Fix parse error.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@557 48356398-32a2-884e-a903-53898d9a118a
2006-11-22 18:19:44 +00:00
Edward Z. Yang
b152448608 [1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a
2006-11-22 18:17:39 +00:00
Edward Z. Yang
1955527a11 Release 1.2.0.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@543 48356398-32a2-884e-a903-53898d9a118a
2006-11-20 03:16:32 +00:00
Edward Z. Yang
82afd890c4 [1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 23:09:10 +00:00
Edward Z. Yang
7a4c7b3777 [1.2.0] [BC] ID attributes now disabled by default. New directives:
+ %HTML.EnableAttrID - restores old behavior by allowing IDs
  + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs so that they don't collide with your IDs
  + %Attr.IDPrefixLocal - Same as above, but for when there are multiple instances of user content on the page
  + Profuse documentation on how to use these available in id.txt

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@526 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 01:05:41 +00:00
Edward Z. Yang
2dc8e9c3d5 [1.2.0] Unit test housekeeping:
- HTMLPurifier_Context doesn't throw a variable reference error if you attempt to retrieve a non-existent variable
. Cleaned up test-cases to remove unnecessary swallowErrors()

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@525 48356398-32a2-884e-a903-53898d9a118a
2006-11-16 23:58:33 +00:00
Edward Z. Yang
d48f9b6b21 [1.2.0]
- Update TODO
  . Add another possible plaintext formatter
  . Reference config-ideas.txt for URI options
- Update code-quality.txt, removing issues that have been addressed and updating time for post-beta
- Update config-ideas.txt
  . Added more possible URI directives
  . Removed silly language control directive
- Improved documentation on Class, CSS and Host

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@524 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 19:26:49 +00:00
Edward Z. Yang
f38fe431ed [1.2.0]
- Added %URI.DisableExternal, which prevents links to external websites. You can also use %URI.Host to permit absolute linking to subdomains
- Fixed a few bugs involving null configuration values

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@522 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 03:35:41 +00:00
Edward Z. Yang
926b94bdd3 [1.2.0] Allow configuration directives to permit null values. ConfigDoc updated accordingly.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@521 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 02:59:36 +00:00
Edward Z. Yang
d2fd193bc4 [1.2.0] Implement primitive email regexp to be used for mailto. There are many spotty implementation issues, so this code is not actually called anywhere else currently.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@517 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 03:10:43 +00:00
Edward Z. Yang
9668ac1e38 [1.2.0] Add protection against stdclasses into HTMLDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@514 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 00:11:10 +00:00
Edward Z. Yang
eb6950d7d0 [1.2.0] Fix improper instantiation of stdclasses for '' and '#PCDATA'
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@513 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 00:07:42 +00:00
Edward Z. Yang
4a724d0230 [1.2.0] Add documentation to PercentEncoder.php
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@510 48356398-32a2-884e-a903-53898d9a118a
2006-11-07 17:42:41 +00:00
Edward Z. Yang
504203c0f3 [1.2.0] Added percent encoding normalization
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@509 48356398-32a2-884e-a903-53898d9a118a
2006-11-07 17:15:28 +00:00
Edward Z. Yang
84e3a28001 [1.2.0] Type variable in HTMLDefinition was not being set properly, fixed. Minor bug because no other code actually uses the feature (todo: add unit test).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@503 48356398-32a2-884e-a903-53898d9a118a
2006-11-04 05:03:53 +00:00
Edward Z. Yang
74ba9b8629 [1.2.0] Add context parameter to URIScheme and URISchemeRegistry classes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@500 48356398-32a2-884e-a903-53898d9a118a
2006-10-27 01:20:10 +00:00