0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-08 23:08:42 +00:00
Commit Graph

66 Commits

Author SHA1 Message Date
Edward Z. Yang
aa0fdeee30 Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true
By default, the DirectLex and DOMLex behavior with stray angled brackets
varied a great deal due to their implementations. A little known directive
%Core.AggressivelyFixLt attempted to match DOMLex's behavior with DirectLex's,
but it was off by default. By turning it on by default, users now enjoy these
benefits, and performance-minded users can turn it back off.

Also, several refinements to stray angled bracket parsing was made. Specifically:

* DirectLex: Handle each left angled bracket individually, which prevents
  strange behavior as reported by eon.
* DOMLex: Iterate aggressive lt fix, so that stacked brackets like << are
  handled.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-07-07 08:52:29 -04:00
Edward Z. Yang
fd384129bf Proper support for name attribute in <a> and <img>
Prior to this commit, the name attribute was unilaterally removed, except
for Strict doctypes or a heavy TidyLevel, when it was converted to an id
attribute. As name is actually permitted in both HTML 4.01 Strict and
XHTML 1.0 Strict, although deprecated, the more sensible default behavior
is to allow it unless TidyLevel is heavy.

Our implementation is slightly stricter than the specs, as name attributes are
treated as first class IDs, disallowing <a name="foo" id="foo"> or duplicate
names. The former should be treated as a special case, but that will be
a separate commit.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-06-27 15:44:27 -04:00
Edward Z. Yang
24f6db6fb2 [3.1.2] Add %Output.SortAttr to deal with FCKeditor bug
If %Output.SortAttr is true, attributes are sorted to be
in alphabetical order. This was requested by frank farmer.

See also: http://htmlpurifier.org/phorum/read.php?2,1576

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-06-24 22:36:27 -04:00
Edward Z. Yang
511dfe2d4a [3.1.1] Update Munge docs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1804 48356398-32a2-884e-a903-53898d9a118a
2008-06-19 19:06:55 +00:00
Edward Z. Yang
463aa3a0fa [3.1.1] General munge improvements
- Add CurrentCSSProperty context variable
- Move Munge to its own class, derived off of SecureMunge.
- Rename %URI.SecureMunge to %URI.Munge
- Rename %URI.SecureMungeSecretKey to %URI.MungeSecretKey
- Add extra substitutions for munge

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1803 48356398-32a2-884e-a903-53898d9a118a
2008-06-18 03:29:27 +00:00
Edward Z. Yang
36bd06d53e [3.1.1] Implement SafeEmbed. Also, miscellaneous bugfixes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1781 48356398-32a2-884e-a903-53898d9a118a
2008-06-10 01:18:03 +00:00
Edward Z. Yang
13eb016e06 [3.1.1] Implement SafeObject.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1780 48356398-32a2-884e-a903-53898d9a118a
2008-06-10 00:13:44 +00:00
Edward Z. Yang
322288e6c0 [3.1.1] Implement %URI.SecureMunge and %URI.SecureMungeSecretKey, thanks Chris!
- URIFilter->prepare can return false in order to abort loading of the filter
- Implemented post URI filtering. Set member variable $post to true to set a URIFilter as such.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1772 48356398-32a2-884e-a903-53898d9a118a
2008-05-26 16:26:47 +00:00
Edward Z. Yang
14d934c7ca [3.1.1] Land vs's HTMLPurifier_Generator patch, and a number of other bugfixes for that change
- Convert a number of calls to use new constructor signature for Generator
- Make generator require configuration; this exposes a number of latent bugs
- Removed generator hack
- Convert Printers to use new optimized ConfigSchema format
- Hack with Printer configuration; pass an array(generator config, render config) to distinguish between output and target.
- HTML/CSS Printers need to be primed, otherwise fatal errors
- Convert a few test-cases to use member properties

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1770 48356398-32a2-884e-a903-53898d9a118a
2008-05-26 04:05:48 +00:00
Edward Z. Yang
eb9f9bc7f6 [3.1.1] Round up imagecrash support with HTML.MaxImgLength
- Add $max to AttrDef/HTML/Pixels.php
- Add %HTML.MaxImgLength
- CSS width/height allows percents when MaxImgLength is disabled


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1762 48356398-32a2-884e-a903-53898d9a118a
2008-05-23 02:09:43 +00:00
Edward Z. Yang
1a95852007 [3.1.1] Implement more robust imagecrash protection for CSS width/height.
- Change API for HTMLPurifier_AttrDef_CSS_Length
- Implement HTMLPurifier_AttrDef_Switch class
- Implement HTMLPurifier_Length->compareTo, and make make() accept object instances

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1754 48356398-32a2-884e-a903-53898d9a118a
2008-05-21 01:56:48 +00:00
Edward Z. Yang
0bef016271 [3.1.0] Get testing working again for all versions
- Standalone testing setup properly with autoload
- Bootstrap autoloader deals more robustly with classes that don't exist, preventing class_exists($class, true) from barfing.
- Cleanup $_reporter to $reporter

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1727 48356398-32a2-884e-a903-53898d9a118a
2008-05-16 01:49:33 +00:00
Edward Z. Yang
cb5d5d0648 [3.1.0] Revamp URI handling of percent encoding and validation.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1709 48356398-32a2-884e-a903-53898d9a118a
2008-05-14 02:19:00 +00:00
Edward Z. Yang
77ce3e8b4a [3.1.0] Extend scanner to catch $this->config; chmod new directories from Serializer. I'm not exactly sure what the implications of the bugfix are, but hopefully it won't blow up.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1708 48356398-32a2-884e-a903-53898d9a118a
2008-05-13 03:17:38 +00:00
Edward Z. Yang
4b862f64e6 [3.1.0] Fix ScriptRequired bug with trusted installs
- Generator now takes $config and $context during instantiation
- Double quotes outside of attributes are not escaped


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1700 48356398-32a2-884e-a903-53898d9a118a
2008-04-28 01:35:07 +00:00
Edward Z. Yang
144bd6f07a [3.1.0] Fix bug with 3.1.0-dev version number (the dash caused problems, so we switched to commas)
- Refactored out null definition cache during HTMLDefinition tests


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1697 48356398-32a2-884e-a903-53898d9a118a
2008-04-26 19:28:14 +00:00
Edward Z. Yang
84aa2ca390 [3.1.0] Implement tag@attr for Allowed and Forbidden
- Fix (or null) bug in configdoc

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
2008-04-26 03:14:01 +00:00
Edward Z. Yang
1f8619cda5 [3.1.0] Fix and revamp configForm.php smoketest
- Fix bool/null ConfigForm field

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1694 48356398-32a2-884e-a903-53898d9a118a
2008-04-26 01:13:58 +00:00
Edward Z. Yang
6d9643a92e [3.1.0] Add const version to HTMLPurifier, also bump version to 3.1.0-dev; this apparently is a good idea!
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1692 48356398-32a2-884e-a903-53898d9a118a
2008-04-25 05:26:10 +00:00
Edward Z. Yang
eaabccdd9b [3.1.0] More PHP4->PHP5 conversions, notably reference removal of most methods that return objects
- Removed HTMLPurifier_Error
- Documentation updates
- Removed more copy() methods in favor of clone
- HTMLPurifier::getInstance() to HTMLPurifier::instance()
- Fix InterchangeBuilder to use HTMLPURIFIER_PREFIX

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1689 48356398-32a2-884e-a903-53898d9a118a
2008-04-23 02:40:17 +00:00
Edward Z. Yang
1ba77fedd4 [3.1.0] Implement DenyElementDecorator for imagecrash-protection against CSS width/height
- Misc doc changes
- Add missing inheritance for AttrDef_CSS decorators


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1684 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 22:28:54 +00:00
Edward Z. Yang
e9c7873057 [3.1.0] Fix validation error with missing li.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1679 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 17:35:39 +00:00
Edward Z. Yang
4fe475c57f [3.1.0] Implement %HTML.Forbidden*
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1671 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 07:16:49 +00:00
Edward Z. Yang
e1876c18ad [3.1.0] Deprecate addFilter; set up Filter namespace
- Added EXTERNAL dependency config-schema value
- Fix safe bug in Printer_HTMLDefinition
- Fixed broken smoketests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1669 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 06:40:04 +00:00
Edward Z. Yang
e616f07739 [3.1.0] Implement file sniffing of $config, for TRUE feature parity! Also add some really silly multi-column code in the XSLT.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1668 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 05:38:03 +00:00
Edward Z. Yang
8708c0617a Minor whitespace and div fixes for XSLT
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1667 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 02:24:11 +00:00
Edward Z. Yang
39be09ee14 [3.1.0] Add support for deprecated and version in configdoc
- Hide deprecated elements from ToC
- %HTML.Doctype takes null instead of empty string; this shouldn't affect anyone

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1666 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 02:19:40 +00:00
Edward Z. Yang
949f605857 [3.1.0] Feature parity with configdoc rewrite
- Abolish most classes in ConfigDoc except for HTMLXSLTProcessor
- Implement Builder_Xml using XmlWriter
- Add some convenience functions

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1665 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 01:58:06 +00:00
Edward Z. Yang
d765628d24 Minor cosmetic changes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1580 48356398-32a2-884e-a903-53898d9a118a
2008-02-26 01:45:03 +00:00
Edward Z. Yang
a2d044f58d Reorganize configdoc, but it's still broken.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1577 48356398-32a2-884e-a903-53898d9a118a
2008-02-25 21:21:12 +00:00
Edward Z. Yang
a74a590f1c [3.1.0] Remove multi-description functionality as well as file detection.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1525 48356398-32a2-884e-a903-53898d9a118a
2008-01-27 20:21:31 +00:00
Edward Z. Yang
43f01925cd Convert to PHP 5 only codebase, adding visibility modifiers to all members and methods in the main library area (function only for test methods)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1458 48356398-32a2-884e-a903-53898d9a118a
2007-11-25 02:24:39 +00:00
Edward Z. Yang
f80de908bd [2.1.0] Optimize ConfigSchema to only perform safety checks when HTMLPURIFIER_SCHEMA_STRICT is true
- Remove useless ->revision check in Config.php
- Add simple trace file to benchmarks folder

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1319 48356398-32a2-884e-a903-53898d9a118a
2007-07-31 01:04:38 +00:00
Edward Z. Yang
e99520ab96 Remove trailing ?> in PHP library files, add trailing newlines to all other files.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1253 48356398-32a2-884e-a903-53898d9a118a
2007-06-27 13:58:32 +00:00
Edward Z. Yang
58064592ff [2.0.1]
- Stray xmlns attributes removed from configuration documentation
. Interlinking in configuration documentation added using Injector_PurifierLinkify
. Directives now keep track of aliases to themselves

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1225 48356398-32a2-884e-a903-53898d9a118a
2007-06-24 22:22:00 +00:00
Edward Z. Yang
12f73605a3 [1.7.0] Implement HTML.Allowed, a TinyMCE style whitelist format.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1119 48356398-32a2-884e-a903-53898d9a118a
2007-05-29 21:26:43 +00:00
Edward Z. Yang
073ddb0cb2 Remove unlink(types.xml) from cleanup
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1110 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 04:27:51 +00:00
Edward Z. Yang
889ccb1a92 Centralize types.xml writing.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1109 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 04:26:25 +00:00
Edward Z. Yang
aec84dc3f6 Simplify generate.php variable naming and comments.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1108 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 03:58:02 +00:00
Edward Z. Yang
e06929c218 Further refactoring to remove hacks. Move everything into the ConfigDoc facade object. Add parameters to plain.xsl. Optionally singleton-ize HTML Purifier. Add loadArrayFromForm to Config object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1105 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 03:33:12 +00:00
Edward Z. Yang
aaf4839c34 Further refactor ConfigDoc, creating HTMLXSLTProcessor. Update NEWS.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1104 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 02:55:50 +00:00
Edward Z. Yang
c113f43440 Add basic structure for ConfigDoc namespace, begin moving things over.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1103 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 02:41:01 +00:00
Edward Z. Yang
ef51f8681a [1.7.0] Create ConfigForm printer classes
- Extend hash to convert strings from form key,value,key,value
- Hack up configdoc to accommodate configForm.php smoketest

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1101 48356398-32a2-884e-a903-53898d9a118a
2007-05-28 02:20:55 +00:00
Edward Z. Yang
cb186dddc4 Compactify HTML Purifier library inclusion
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@987 48356398-32a2-884e-a903-53898d9a118a
2007-04-22 21:01:48 +00:00
Edward Z. Yang
e1a5d10e75 Fix typo in comment.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@702 48356398-32a2-884e-a903-53898d9a118a
2007-01-30 00:34:23 +00:00
Edward Z. Yang
5e366b25f8 [1.4.0] Support for configuration directive aliases added.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@668 48356398-32a2-884e-a903-53898d9a118a
2007-01-20 18:43:58 +00:00
Edward Z. Yang
462d3ab72f [1.4.0] Add some nicer styling to the configuration documentation. Also update NEWS.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@654 48356398-32a2-884e-a903-53898d9a118a
2007-01-18 02:52:20 +00:00
Edward Z. Yang
926b94bdd3 [1.2.0] Allow configuration directives to permit null values. ConfigDoc updated accordingly.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@521 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 02:59:36 +00:00
Edward Z. Yang
afee1ea9bf [1.2.0]
- Updated ConfigDoc TODO
- configdoc.xml now has xml:space attached to default value nodes

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@519 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 00:05:27 +00:00
Edward Z. Yang
a6bbe60e7c [1.2.0] Configuration documentation now has table of contents
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@518 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 14:21:06 +00:00