htmlpurifier

mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-08 06:48:42 +00:00

Author	SHA1	Message	Date
Edward Z. Yang	6a6c0ed5d7	Don't autoclose if no parents support the tag. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2011-03-22 00:26:41 +00:00
Edward Z. Yang	ee9c70ab7f	Fix E_NOTICE from indexing into empty string. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2011-03-17 17:33:11 +00:00
Edward Z. Yang	b4469f17aa	Fix missing numeric entities (shows up when DirectLexing). Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2011-02-27 11:58:37 +00:00
Edward Z. Yang	e76f4b45d0	Dramatically rewrite null host URI handling. Basically, browsers don't parse what should be valid URIs correctly, so we have to go through some backbends to accomodate them. Specifically, for browseable URIs, the following URIs have unintended behavior: - ///example.com - http:/example.com - http:///example.com Furthermore, if the path begins with //, modifying these URLs must be done with care, as if you remove the host-name component, the parse tree changes. I've modified the engine to follow correct URI semantics as much as possible while outputting browser compatible code, and invalidate the URI in cases where we can't deal. There has been a refactoring of URIScheme so that this important check is always performed, introducing a new member variable allow_empty_host which is true on data, file, mailto and news schemes. This also fixes bypass bugs on URI.Munge. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2011-01-25 18:56:46 +00:00
Edward Z. Yang	a32d5b52e1	Fix embedding flash on non-IE browsers and allow more wmode. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2011-01-22 12:28:57 +00:00
Maxim Krizhanovsky	a3d71fe606	Iterative traversal of DOM. There are some deep DOMs you can hit the maximum nesting level limit in tokenizeDOM (we've experienced this even with maximum nesting level of 300). Here is an iterative version of the same function with simple queue/dequeue approach. Signed-off-by: Maxim Krizhanovsky <darhazer@gmail.com>	2011-01-19 22:06:40 +00:00
Petr Skoda	78c4e62245	Add new Cache.SerializerPermissions option.	2011-01-13 22:57:40 +00:00
Edward Z. Yang	b63569ac22	Fix bad interaction between bootstrap autoloader and Zend Debugger/APC. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-12-31 09:48:28 +00:00
Edward Z. Yang	f3d050c517	Fix two bugs with caching of customized raw definitions. The first bug is that we will repeatedly write out the result of a customized raw definition to the filesystem, even when a cache entry already exists. The second bug is that caching these definitions doesn't actually work (the cache entry is written but never used.) A new API for retrieving raw definitions permits the user to take advantage of caching. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-12-30 23:51:53 +00:00
Edward Z. Yang	cfc4ee1faf	Add initial implementation of CSS.Trusted. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-11-12 18:45:03 +00:00
Edward Z. Yang	598c5b60c9	Add sanity check against ze1_compatibility_mode. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-11-12 16:15:03 +00:00
Edward Z. Yang	feeffe6ed2	Check if schema.ser was corrupted. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-10-29 14:47:40 +01:00
Edward Z. Yang	4754d407aa	Fix removal of id with DirectLex by preserving armor. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-10-28 17:25:31 +01:00
Nick Pope	0b9db1f54b	Allow non-static autoload methods w/ PHP >= 5.2.11 HTML Purifier loads itself as the first autoload function by unregistering all existing functions and re-registering them after registering itself. Originally an exception was thrown when a non-static object method was encountered as the behaviour of spl_autoload_functions() did not return the object instance, but only the class name. This was filed on PHP bugs (#44144). The bug was fixed for PHP >= 5.2.11 and >= 5.3 Signed-off-by: Nick Pope <nick@nickpope.me.uk> Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-10-28 17:25:17 +01:00
Edward Z. Yang	1d4a38d055	Escape CDATA before handling conditional comments. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-28 12:11:26 -04:00
Edward Z. Yang	8c80349f9d	Implement HTML.Nofollow for external links. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-28 12:01:57 -04:00
Edward Z. Yang	d848c99b74	Make IE conditional comment matching ungreedy. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-28 10:22:38 -04:00
Edward Z. Yang	882ffed9ba	Release 4.2.0. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-15 02:52:57 -04:00
Edward Z. Yang	86990a21f1	Rename newline normalization directive to something better. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-15 02:50:39 -04:00
Edward Z. Yang	632bf2bbd4	Shift to 4.2.0 release cycle. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-14 23:38:51 -04:00
Edward Z. Yang	ec86598446	Add support for file:// URI scheme. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-09 00:01:26 -04:00
Edward Z. Yang	7c91104532	Implement HTML.FlashAllowFullScreen. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-08 23:39:20 -04:00
Edward Z. Yang	eac628f490	Add %CSS.ForbiddenProperties directive. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-04 02:59:03 -04:00
Edward Z. Yang	92913bc816	Add documentation about configuration directive types. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-04 02:28:53 -04:00
Edward Z. Yang	479d793562	Reword documentation to be clearer, and give warning on common user error. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-09-04 01:31:20 -04:00
Edward Z. Yang	e2c15f1c98	Fix Mac Snow Leopard APC bug. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-08-26 21:40:58 -07:00
Edward Z. Yang	c04a441b3e	Actually make URI.DisableResources do something. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-06-30 05:59:17 -07:00
Edward Z. Yang	1bed8b6d5f	Added %Core.RemoveProcessingInstructions. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-06-20 18:26:44 -07:00
Edward Z. Yang	33afd7d9e0	Fix improper handling of IE conditional comments. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-06-18 06:08:54 -07:00
Edward Z. Yang	18e538317a	Release 4.1.1. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-31 20:17:31 -07:00
Edward Z. Yang	96a4193fc9	Fix undefined index warnings in maintenance scripts. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-31 20:07:27 -07:00
Edward Z. Yang	00c66fa9cb	Fix bug in parsing single attribute with entities. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-31 19:44:18 -07:00
Edward Z. Yang	d3abcb90e3	Rewrite CSS url() and font-family output logic. The new logic is as follows: * Given a URL to insert into url(), check that it is properly URL encoded (in particular, a doublequote and backslash never occurs within it) and then place it as url("http://example.com"). * Given a font name, if it is strictly alphanumeric, it is safe to omit quotes. Otherwise, wrap in double quotes and replace '"' with '\22 ' (note trailing space) and '\' with '\5C ' (ditto). We introduce expandCSSEscape() which is a hack for common parsing idioms in CSS; this means that CSS escapes are now recognized inside URLs as well as unquoted font names. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-31 18:45:21 -07:00
Edward Z. Yang	df3100b1b3	Make test script less chatty when log_errors is on. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-20 21:50:44 -04:00
Edward Z. Yang	143e1ad718	Remove shebang and +x from test script. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-20 21:21:26 -04:00
Edward Z. Yang	875b0febde	Fix infinite loop involving wrapping formedness. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-17 23:22:51 -04:00
Edward Z. Yang	3166b8a10f	Fix bug in background-position with center keyword. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-05 15:08:57 -04:00
Edward Z. Yang	1a70bffd5a	Emit errors when body is extracted. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-05-04 13:41:09 -04:00
Edward Z. Yang	f4c6e10ff7	Release 4.1.0. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-04-26 18:31:40 -04:00
Edward Z. Yang	da94d3d6ac	Always quote the contents of url() in CSS. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-04-26 12:10:15 -04:00
Edward Z. Yang	8ef4fb22db	Support for flashvars in HTML.SafeEmbed. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-03-30 13:33:13 -04:00
Edward Z. Yang	70a7a3f5dd	Handle <ol><ol> properly by adding missing <li> tag. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-03-10 00:58:37 -05:00
Edward Z. Yang	0229458f8f	Implement Internet Explorer compatibility code for embedded content. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-03-08 01:56:40 -05:00
Edward Z. Yang	dc90e8e85b	Support flashvars. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-03-08 01:16:57 -05:00
Edward Z. Yang	97125ed18b	Implement data URI scheme. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-03-07 21:45:39 -05:00
Edward Z. Yang	aea7d02dfe	Support YouTube slideshow embedding. YouTube slideshows contain a /cp/, not a /v/, in their URL; relax the YouTube filter to allow them. Signed-off-by: Nigel McNie <nigel@catalyst.net.nz> Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2010-03-07 18:57:22 -05:00
Edward Z. Yang	5b4e5c983e	Support proprietary height attribute on table. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2009-08-27 20:17:24 -04:00
Edward Z. Yang	2b72d0445f	Add 4.1.0 release NEWS entry. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2009-07-09 21:03:46 -04:00
Edward Z. Yang	53ff3e2744	Release 4.0.0. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2009-07-07 22:41:01 -04:00
Edward Z. Yang	ba9fd175d7	Make extractBody not terminate prematurely on first </body>. Previously, if two </body> tags were present, HTML Purifier would truncate everything after the first </body>. This is not ideal behavior; so HTML Purifier has been changed to match up to the last </body>. Signed-off-by: Edward Z. Yang <ezyang@mit.edu>	2009-07-07 22:19:04 -04:00

1 2 3 4 5 ...

454 Commits