0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-24 09:11:52 +00:00
Commit Graph

121 Commits

Author SHA1 Message Date
Edward Z. Yang
688b1833f5 Fix typos in AttrDef/Lang.php involving lowercasing uppercased language strings.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@618 48356398-32a2-884e-a903-53898d9a118a
2006-12-26 03:56:53 +00:00
Edward Z. Yang
4bdc0446de [1.3.0] New directive %URI.HostBlacklist for blocking links to bad hosts. xssAttacks.php smoketest updated accordingly.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@586 48356398-32a2-884e-a903-53898d9a118a
2006-11-26 23:14:12 +00:00
Edward Z. Yang
775763c583 [1.3.0] New directive %URI.Munge, munges URI so you can use some sort of redirector service to avoid PageRank leaks or warn users that they are exiting your site.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@576 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 00:29:16 +00:00
Edward Z. Yang
49cb2a4a7c [1.3.0] More control of URIs granted
# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false.
! New directives %URI.DisableExternalResources and %URI.DisableResources
! New directive %Attr.DisableURI, which eliminates all hyperlinking
- Missing "Available since" documentation added

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 23:59:20 +00:00
Edward Z. Yang
82afd890c4 [1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 23:09:10 +00:00
Edward Z. Yang
7a4c7b3777 [1.2.0] [BC] ID attributes now disabled by default. New directives:
+ %HTML.EnableAttrID - restores old behavior by allowing IDs
  + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs so that they don't collide with your IDs
  + %Attr.IDPrefixLocal - Same as above, but for when there are multiple instances of user content on the page
  + Profuse documentation on how to use these available in id.txt

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@526 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 01:05:41 +00:00
Edward Z. Yang
d48f9b6b21 [1.2.0]
- Update TODO
  . Add another possible plaintext formatter
  . Reference config-ideas.txt for URI options
- Update code-quality.txt, removing issues that have been addressed and updating time for post-beta
- Update config-ideas.txt
  . Added more possible URI directives
  . Removed silly language control directive
- Improved documentation on Class, CSS and Host

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@524 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 19:26:49 +00:00
Edward Z. Yang
f38fe431ed [1.2.0]
- Added %URI.DisableExternal, which prevents links to external websites. You can also use %URI.Host to permit absolute linking to subdomains
- Fixed a few bugs involving null configuration values

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@522 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 03:35:41 +00:00
Edward Z. Yang
d2fd193bc4 [1.2.0] Implement primitive email regexp to be used for mailto. There are many spotty implementation issues, so this code is not actually called anywhere else currently.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@517 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 03:10:43 +00:00
Edward Z. Yang
504203c0f3 [1.2.0] Added percent encoding normalization
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@509 48356398-32a2-884e-a903-53898d9a118a
2006-11-07 17:15:28 +00:00
Edward Z. Yang
74ba9b8629 [1.2.0] Add context parameter to URIScheme and URISchemeRegistry classes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@500 48356398-32a2-884e-a903-53898d9a118a
2006-10-27 01:20:10 +00:00
Edward Z. Yang
7d2fe4c5d7 [1.2.0]
- Factor out Config and Context object population through arrays
- Bring dependent assertions together in IDTest.php
- AttrDefHarness.php now resets context and configuration between tests
- Add missing reference operator in AttrDef/ID.php

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@494 48356398-32a2-884e-a903-53898d9a118a
2006-10-21 18:18:36 +00:00
Edward Z. Yang
2d6bf12fe0 [1.2.0]
- All important classes that use Context were migrated. Todo: Classes that currently use $config but not $context are AttrTransform (done in r493) and URIScheme+Registry (done in r500). There may be more classes, incl TagTransform (done in r497) that should have both $config and $context added.
- Strategy unit tests now migrated to use HTMLPurifier_Harness

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@485 48356398-32a2-884e-a903-53898d9a118a
2006-10-01 21:55:13 +00:00
Edward Z. Yang
4f8d83506d [1.1.1]
- Shuffle around TODO items, we're going to handle the URI deficiencies first
- Fix bugs in documentation :-P

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@441 48356398-32a2-884e-a903-53898d9a118a
2006-09-23 00:43:21 +00:00
Edward Z. Yang
3b30c2ca5b Renamed ConfigDef to ConfigSchema. (Required major internal restructuring but should not affect end-users)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@424 48356398-32a2-884e-a903-53898d9a118a
2006-09-16 22:36:58 +00:00
Edward Z. Yang
a5b4ed2126 [1.0.1] Fixed rejection of inline style declarations that had lots of extra space in them. This manifested in TinyMCE.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@382 48356398-32a2-884e-a903-53898d9a118a
2006-09-04 23:01:47 +00:00
Edward Z. Yang
b99573223d [1.1.0] Made URI validator more forgiving: will ignore leading and trailing quotes, apostrophes and less than or greater than signs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@380 48356398-32a2-884e-a903-53898d9a118a
2006-09-04 02:31:27 +00:00
Edward Z. Yang
14aeafcf22 De-singleton-ized (HTML|CSS)Definition, tying them to the configuration and making them more amenable to changes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@350 48356398-32a2-884e-a903-53898d9a118a
2006-08-31 20:33:07 +00:00
Edward Z. Yang
670d298a87 Implement list-style shorthand. Also, updated devnetwork.html with more recent threads.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@337 48356398-32a2-884e-a903-53898d9a118a
2006-08-29 02:01:58 +00:00
Edward Z. Yang
24cde9c891 Revamp configuration files so that more rules can be added, internal organization is more logical, and descriptions are captured.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@327 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 18:49:16 +00:00
Edward Z. Yang
0d4ee2ba37 Fix call-time pass by reference typos.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@326 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 02:08:50 +00:00
Edward Z. Yang
692a9abc0f Implement shorthand CSS property border.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@324 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 00:49:34 +00:00
Edward Z. Yang
ffe39d7f30 Basic color keywords translated into hexadecimal values.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@323 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 00:35:57 +00:00
Edward Z. Yang
80e79d906a Implement CSS property Font.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@321 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 00:11:13 +00:00
Edward Z. Yang
dcec92e7b3 Fix bug: number spans should not allow zero as a value. This required augmenting HTMLPurifier/AttrDef/Integer.php to have a richer negative/zero/positive specification interface that can be extrapolated to Number and friends.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@318 48356398-32a2-884e-a903-53898d9a118a
2006-08-25 02:48:49 +00:00
Edward Z. Yang
f46b15cb82 Document fact that inherit only works when its alone.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@315 48356398-32a2-884e-a903-53898d9a118a
2006-08-23 02:11:04 +00:00
Edward Z. Yang
f8839d56a0 Add missing extends.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@313 48356398-32a2-884e-a903-53898d9a118a
2006-08-21 00:36:36 +00:00
Edward Z. Yang
314a48373c Document all AttrDefs, also remove duplicant NumberSpan in favor of Integer.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@308 48356398-32a2-884e-a903-53898d9a118a
2006-08-20 21:47:15 +00:00
Edward Z. Yang
1cadb08fbb Commit IPv6 fix, with majoring factoring out. Thank you Feyd!
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@284 48356398-32a2-884e-a903-53898d9a118a
2006-08-17 01:05:35 +00:00
Edward Z. Yang
ed7e72f2e3 Commit FontFamily implementation. It's a little flaky, but should be reasonable for 99% of all fonts.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@282 48356398-32a2-884e-a903-53898d9a118a
2006-08-16 17:25:25 +00:00
Edward Z. Yang
cb463f9676 Commit text-decoration implementation.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@280 48356398-32a2-884e-a903-53898d9a118a
2006-08-16 15:12:48 +00:00
Edward Z. Yang
2d28380763 Commit Multiple AttrDef, forms scaffolding for a few more CSS properties.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@272 48356398-32a2-884e-a903-53898d9a118a
2006-08-16 00:34:37 +00:00
Edward Z. Yang
38e0485fcd Prevent image crash attacks.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@268 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 22:53:12 +00:00
Edward Z. Yang
218eb67167 Remove legacy required code from AttrDef_URI, also explicitly disallow < and > in URIs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@253 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:06:57 +00:00
Edward Z. Yang
0170bb2120 Add Percentage, and font-size (not all styles fully realized yet though).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@242 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:08:45 +00:00
Edward Z. Yang
35fa08420d Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 00:27:15 +00:00
Edward Z. Yang
b5ff592157 Add CSSLength support, and roll out to all applicable styles.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@237 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 23:08:38 +00:00
Edward Z. Yang
ff7fdaca38 Commit AttrDef number, currently used by no styles right now, but percentage and length will piggy-back off it.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@236 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 22:35:55 +00:00
Edward Z. Yang
71c4a3c50c Commit dud AttrDef integer.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@235 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:59:52 +00:00
Edward Z. Yang
eca0f68c1f CSS parsed as CDATA.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@234 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:44:52 +00:00
Edward Z. Yang
a5ebf55d0e Make note that this is HTML specific.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@233 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:41:53 +00:00
Edward Z. Yang
4ffb2da238 Implement the color AttrDef.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@230 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:23:57 +00:00
Edward Z. Yang
8b45c7601a Implement Composite attribute definition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@228 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 18:16:30 +00:00
Edward Z. Yang
1e2f853f4f Implemented CSS properties whose valid values were enumerated. Accept inherit for all properties. Some composite unit tests.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@226 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 16:52:31 +00:00
Edward Z. Yang
d721066d27 Make CSS validator drop duplicate declarations.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@225 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 04:52:40 +00:00
Edward Z. Yang
7c86e3cc0f Commit initial implementation of AttrDef_CSS, with text-align being the only defined property. Further development will be going on in AttrDef and CSSDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@223 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 20:22:09 +00:00
Edward Z. Yang
4193fd018a Commit a very lenient mailto checker. We'll tighten it later.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:11:21 +00:00
Edward Z. Yang
d28bad648a Implement URIScheme and subclasses except for mailto. Remove fragment from components, as it is scheme independent.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@218 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 18:58:54 +00:00
Edward Z. Yang
6c3d364213 Augment URISchemeRegistry with the ability to overload/register your own schemes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@215 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 17:06:14 +00:00
Edward Z. Yang
ebe01a0a24 Fix a few errors that came with API change. I really should run the unit tests before committing.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@213 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 16:12:16 +00:00
Edward Z. Yang
a2880bdff2 Generalize IDAccumulator into AttrContext. Modify tests and classes accordingly. Also, this allows us to make the validate() parameters uniform among all AttrDef subclasses.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@212 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 16:04:40 +00:00
Edward Z. Yang
77f2833f36 Fix PHP 4 problems with references.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@211 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 04:07:06 +00:00
Edward Z. Yang
4ab6cab15c Finish bare-bones implementation of URI. This will suffice for now.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@209 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 03:35:05 +00:00
Edward Z. Yang
5b14310284 Refactor a little, but I think I'm going to end up rewriting the whole thing.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@208 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 02:48:17 +00:00
Edward Z. Yang
4b097ef493 Commit initial URI unit tests and implementation. They're not complete yet though.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@206 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 01:12:35 +00:00
Edward Z. Yang
2090d94091 E_STRICT fix: put $config in parameter list even if it isn't used.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@204 48356398-32a2-884e-a903-53898d9a118a
2006-08-11 20:26:25 +00:00
Edward Z. Yang
0db1cbb7ac Revamp Configuration classes, breaking backwards configuration compatibility (not that there was much to broken to begin with). Fix bug involving PHP 4 object typecasting.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@203 48356398-32a2-884e-a903-53898d9a118a
2006-08-11 20:23:41 +00:00
Edward Z. Yang
d5e75f2616 Add NumberSpan definition (non-DTD, but applies to enough to be useful). All widely used non-deprecated attributes have been implemented (except for rel/rev, but that's tricky). Add note about quirky COL handling and possible implementation of a workaround.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@174 48356398-32a2-884e-a903-53898d9a118a
2006-08-06 03:58:48 +00:00
Edward Z. Yang
d429989f86 Implement MultiLength.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@173 48356398-32a2-884e-a903-53898d9a118a
2006-08-06 01:41:18 +00:00
Edward Z. Yang
fb18fe31e1 AttrDef_Length implemented. Reuses a bit of stuff from Pixel.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@170 48356398-32a2-884e-a903-53898d9a118a
2006-08-06 01:30:54 +00:00
Edward Z. Yang
a520b5469e Implement Pixels attribute definition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@169 48356398-32a2-884e-a903-53898d9a118a
2006-08-06 01:03:48 +00:00
Edward Z. Yang
8a23710405 Implement lang and xml:lang. Fixed a bunch of bugs too.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@162 48356398-32a2-884e-a903-53898d9a118a
2006-08-05 01:50:13 +00:00
Edward Z. Yang
1945ddca5c Refactor unit tests so that abstract test cases are now called Harnesses and AttrDef tests use their harness's assertDef() function, which enforces type much better. Also fixed a few bugs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@161 48356398-32a2-884e-a903-53898d9a118a
2006-08-05 00:30:31 +00:00
Edward Z. Yang
6232221c08 Define AttrDef_Text and parseCDATA().
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@160 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 03:13:04 +00:00
Edward Z. Yang
a2fc5da060 Implement AttrDef_Class.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@157 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 02:48:20 +00:00
Edward Z. Yang
784b756b3f Add configuration as a parameter to all AttrDef objects. If we get another construction like accumulator, however, we'll have to create an AttrContext object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@156 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 01:52:54 +00:00
Edward Z. Yang
7d2bf08d2f Implement simple attribute transformations and roll them out.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@152 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 00:11:54 +00:00
Edward Z. Yang
d243545142 Compat changes with earlier versions of PHP.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@139 48356398-32a2-884e-a903-53898d9a118a
2006-08-01 01:57:22 +00:00
Edward Z. Yang
bb0435bdd4 Add AttrDef_Id, as well as amend the accumulator by adding a load.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@131 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 16:35:05 +00:00
Edward Z. Yang
647ff26379 Minor tweaks to documentation and Enum (case-sensitivity is now boolean).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@128 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 15:29:22 +00:00
Edward Z. Yang
f8eaedb500 Factor out definitions to a ['child'] so that we could assign the ['attr'] definitions separately.
Also, added AttrDef/EnumTest.php

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@127 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 00:54:38 +00:00