Michael Kliewe
7cfc44654a
CSS: added "initial" and "inherit" to width + height ( #144 )
...
* CSS: added "initial" and "inherit" to width + height
CSS: added "initial" and "inherit" to min-width + min-height, removed "auto"
CSS: added "initial" and "inherit" and "none" to max-width + max-height, removed "auto"
* Fixed test: min-width:auto; should be false
2019-07-14 13:20:58 -04:00
msuzuki
8c153eef3a
Supported hundreds of nested HTML ( #202 )
...
* Supported hundreds of nested HTML (#201 )
* Add Core.AllowParseManyTags
2019-07-14 13:15:31 -04:00
DiLong Fa
524cd08a59
Update Config.php ( #211 )
...
Fixed Undefined index: class
2019-07-14 13:11:34 -04:00
Lukas Neumann
5a90c92d83
Adds PHP 7.3 to Travis ( #214 )
...
* Adds PHP 7.3 to Travis
* Fix tests for PHP 7.3
2019-07-14 13:10:24 -04:00
Darko Hrgovic
f03e1a2c48
Fixed reserved words in constants for PHP 7 as per https://www.php.net/manual/en/reserved.other-reserved-words.php ( #222 )
2019-07-10 22:24:27 -04:00
Edward Z. Yang
a93250f251
Don't use @ warning suppression.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 18:20:33 -05:00
Edward Z. Yang
21e32042e9
Update schema for case-sensitive safe scripting
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:54:33 -05:00
Chris Pelzer
ab7bbefe8a
Update reference to the valid types to refer to HTMLPurifier_VarParser::types ( #189 )
2018-11-11 16:23:01 -05:00
Edward Z. Yang
0f7b138aaf
Make SafeScripting case-sensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:21:58 -05:00
Edward Z. Yang
4b6b3b31e8
Typofix: AutoForamt -> AutoFormat
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:21:58 -05:00
Dimitri Gritsajuk
5a01e6535d
[SafeScripting] disable autoclosing of <script /> tag ( #198 )
2018-11-11 15:04:11 -05:00
Daijobou
b81690c17e
More colors names ( #176 )
...
Added more colors names https://www.w3schools.com/colors/colors_names.asp
remove old unorded colors names
2018-06-09 22:48:13 -04:00
Mateusz Turcza
89b3fe431e
Use IDNA constants only if defined ( #171 )
...
Fixes #168 .
Solution based on https://git.ispconfig.org/ispconfig/ispconfig3/commit/0e3cf6f51b4fd .
2018-03-04 19:16:11 -05:00
Mateusz Turcza
3cb77da11d
Make tagName and node data detection hhvm compatible ( #170 )
2018-03-04 13:22:03 -05:00
Edward Z. Yang
d85d39da45
Release 4.10.0
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-02-22 20:58:20 -05:00
John Flatness
6d6d88512a
Skip counting currentNesting if null
...
This is an error starting in PHP 7.2
2017-12-30 00:23:44 -05:00
Edward Z. Yang
64baeda65c
Deal with old libxml incompatibilities.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-12-22 22:03:02 -05:00
Jan Dageförde
67c3798922
Add relative length units from CSS 3
...
cf. https://www.w3schools.com/cssref/css_units.asp
2017-12-22 21:59:47 -05:00
Roberto
ab9c9f30fd
Small typos in comments
2017-12-13 11:16:39 -05:00
Marina Glancy
ce0ede24de
Use IDNA2008 for converting domains to ASCII
2017-10-03 11:19:50 -04:00
pawelkania
e11f7c9802
Fix E_WARNING when cache directory exists
...
Sometimes Serializer from another thread already creaded dir - this commit resolves this issue.
2017-06-20 09:53:14 +02:00
Edward Z. Yang
95e1bae318
Release 4.9.3
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-06-02 22:28:16 -04:00
Xiphin
1df505296f
Mod: using stdClass instead of stdclass
2017-06-02 09:55:46 +08:00
Xiphin
b9bc1039da
Mod: using null instead of false
2017-06-02 08:50:38 +08:00
Xiphin
cb4871f446
Fix: It runs on PHP 7.1.* CPU process is 100%
2017-06-01 21:32:25 +08:00
Viktor Khokhryakov
b45c6f5363
Autoloading must be skipped while checking for php builtin class.
2017-03-20 10:42:28 +04:00
Edward Z. Yang
6d50e5282a
Release 4.9.2
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-12 23:30:53 -07:00
Edward Z. Yang
5bc7c72608
Add tests for new entity decoding codepath.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-12 20:05:09 -07:00
Eugene Leonovich
fd24de69a3
Fix a call to undefined function HTMLPurifier_Encoder()
2017-03-12 22:44:03 +01:00
Edward Z. Yang
5688656174
Fix more PHP 5.3 problems.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-08 18:01:58 -08:00
Edward Z. Yang
8836ae05aa
Fix PHP 5.3 compatibility, fixes #125 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-08 17:46:29 -08:00
Edward Z. Yang
de82f9845f
Release 4.9.1 (sic)
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-08 00:22:36 -08:00
Edward Z. Yang
74f123a84c
Fix #83 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-07 17:52:41 -08:00
Edward Z. Yang
7e11c271b9
Revamp entity decoding to be more like HTML5.
...
See %Core.LegacyEntityDecoder for more details.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-07 17:34:59 -08:00
Edward Z. Yang
66bbae73a9
Comment on why it's a non-greedy match.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 23:27:30 -08:00
Edward Z. Yang
b19dcb0ba5
CHANGELOG for #120 fix, and remove the array_filter.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 23:06:24 -08:00
Edward Z. Yang
0c31b22240
Merge pull request #118 from fxbt/master
...
Add hsl, hsla and rgba support for css color attribute definition
2017-03-06 23:01:06 -08:00
Edward Z. Yang
5662efc936
Fix #78 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 22:54:54 -08:00
Edward Z. Yang
353c96f156
Document skips in more detail, #116 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 20:31:28 -08:00
Edward Z. Yang
4047a6230b
Extra cleanup on cleanUTF8.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 16:31:02 -08:00
Andrey Pozolotin
9195cb7a2e
Added escape sequense
2017-03-06 16:28:53 -08:00
Andrey Pozolotin
39c4c359ad
Fixing PREG_BACKTRACK_LIMIT_ERROR in HTMLPurifier_Filter_ExtractStyleBlocks
2017-03-06 16:28:53 -08:00
mpyw
f145f64bf4
Fix #122 : correct surrogate pair range
2017-03-04 15:38:01 +09:00
f.godfrin
12185143ef
Use a constructor and a property for the alpha check
2017-02-10 21:03:11 +01:00
f.godfrin
17a90a951a
Better regex for mungeRgb
2017-02-10 00:40:56 +01:00
f.godfrin
0bab4b9fd0
Fix mungeRgb to handle percent, float and hsl values
2017-02-10 00:38:05 +01:00
f.godfrin
0d5ab2fe13
Include hsl and hsla support
2017-02-09 23:34:19 +01:00
f.godfrin
d41a59e422
Add rgba support for css color attribute definition
2017-02-09 22:18:15 +01:00
Bastian Hofmann
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
Bastian Hofmann
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00