0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 17:01:51 +00:00
Commit Graph

23 Commits

Author SHA1 Message Date
Edward Z. Yang
61f852d429 Merge in PHP5 strict changes that are applicable to PHP4.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@650 48356398-32a2-884e-a903-53898d9a118a
2007-01-16 22:22:08 +00:00
Edward Z. Yang
b73b5100fd [1.3.1] Add defense in depth measure: reject entire node if there is no child definition for the element.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@601 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:38:25 +00:00
Edward Z. Yang
d886ed59fd [1.3.1] Standardized all attribute handling variables to attr, made it plural
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@600 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:29:08 +00:00
Edward Z. Yang
49cb2a4a7c [1.3.0] More control of URIs granted
# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false.
! New directives %URI.DisableExternalResources and %URI.DisableResources
! New directive %Attr.DisableURI, which eliminates all hyperlinking
- Missing "Available since" documentation added

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 23:59:20 +00:00
Edward Z. Yang
92b3f0e817 [1.3.0] <li value="4"> and <ul start="2"> now allowed in loose mode
- Updated progress with some more impl-no decisions
 - Loose vs. Strict now has better tallying on current behavior
 - Document what we're not allowing in loose
 - Strict boolean indicator added to HTMLDefinition
 - Added XHTML 1.1 to TODO.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@571 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 22:15:35 +00:00
Edward Z. Yang
925a07b828 [1.3.0] New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let users narrow the set of allowed tags
. Added HTMLPurifier->info_parent_def, parent child processing made special

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@565 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 13:51:19 +00:00
Edward Z. Yang
b1b3377b9c [1.3.0] Huge upgrade, (X)HTML Strict now supported
+ Transparently handles inline elements in block context (blockquote)
! Added GET method to demo for easier validation, added 50kb max input size
! New directive %HTML.BlockWrapper, for block-ifying inline elements
! New directive %HTML.Parent, allows you to only allow inline content
- Added missing type to ChildDef_Chameleon
. ChildDef_Required guards against empty tags
. Lookup table HTMLDefinition->info_flow_elements added
. Added peace-of-mind variable initialization to Strategy_FixNesting

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@560 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 03:23:35 +00:00
Edward Z. Yang
3b26e5dc5b [1.3.0] Refactored ChildDef classes into their own files
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@558 48356398-32a2-884e-a903-53898d9a118a
2006-11-22 18:55:15 +00:00
Edward Z. Yang
c5ea987069 Fix parse error.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@557 48356398-32a2-884e-a903-53898d9a118a
2006-11-22 18:19:44 +00:00
Edward Z. Yang
b152448608 [1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@556 48356398-32a2-884e-a903-53898d9a118a
2006-11-22 18:17:39 +00:00
Edward Z. Yang
82afd890c4 [1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 23:09:10 +00:00
Edward Z. Yang
7a4c7b3777 [1.2.0] [BC] ID attributes now disabled by default. New directives:
+ %HTML.EnableAttrID - restores old behavior by allowing IDs
  + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs so that they don't collide with your IDs
  + %Attr.IDPrefixLocal - Same as above, but for when there are multiple instances of user content on the page
  + Profuse documentation on how to use these available in id.txt

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@526 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 01:05:41 +00:00
Edward Z. Yang
9668ac1e38 [1.2.0] Add protection against stdclasses into HTMLDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@514 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 00:11:10 +00:00
Edward Z. Yang
eb6950d7d0 [1.2.0] Fix improper instantiation of stdclasses for '' and '#PCDATA'
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@513 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 00:07:42 +00:00
Edward Z. Yang
84e3a28001 [1.2.0] Type variable in HTMLDefinition was not being set properly, fixed. Minor bug because no other code actually uses the feature (todo: add unit test).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@503 48356398-32a2-884e-a903-53898d9a118a
2006-11-04 05:03:53 +00:00
Edward Z. Yang
00fce29467 Add more documentation to HTMLDefinition in anticipation for refactoring.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@440 48356398-32a2-884e-a903-53898d9a118a
2006-09-22 02:47:41 +00:00
Edward Z. Yang
e440f25bce [1.1] Table child definition made more flexible, will fix up poorly ordered elements
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@417 48356398-32a2-884e-a903-53898d9a118a
2006-09-15 01:52:22 +00:00
Edward Z. Yang
14aeafcf22 De-singleton-ized (HTML|CSS)Definition, tying them to the configuration and making them more amenable to changes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@350 48356398-32a2-884e-a903-53898d9a118a
2006-08-31 20:33:07 +00:00
Edward Z. Yang
dcec92e7b3 Fix bug: number spans should not allow zero as a value. This required augmenting HTMLPurifier/AttrDef/Integer.php to have a richer negative/zero/positive specification interface that can be extrapolated to Number and friends.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@318 48356398-32a2-884e-a903-53898d9a118a
2006-08-25 02:48:49 +00:00
Edward Z. Yang
314a48373c Document all AttrDefs, also remove duplicant NumberSpan in favor of Integer.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@308 48356398-32a2-884e-a903-53898d9a118a
2006-08-20 21:47:15 +00:00
Edward Z. Yang
2605257723 Finish documentation for all base classes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@306 48356398-32a2-884e-a903-53898d9a118a
2006-08-20 20:59:13 +00:00
Edward Z. Yang
24c64dbbac Implement attribute transforms for required attributes. I can now confidently say that output will always be valid.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@256 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 23:11:28 +00:00
Edward Z. Yang
e770d994a7 Rename Definition to HTMLDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@255 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:22:49 +00:00