Edward Z. Yang
|
6d50e5282a
|
Release 4.9.2
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-12 23:30:53 -07:00 |
|
Edward Z. Yang
|
5bc7c72608
|
Add tests for new entity decoding codepath.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-12 20:05:09 -07:00 |
|
Eugene Leonovich
|
fd24de69a3
|
Fix a call to undefined function HTMLPurifier_Encoder()
|
2017-03-12 22:44:03 +01:00 |
|
Edward Z. Yang
|
5688656174
|
Fix more PHP 5.3 problems.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-08 18:01:58 -08:00 |
|
Edward Z. Yang
|
8836ae05aa
|
Fix PHP 5.3 compatibility, fixes #125.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-08 17:46:29 -08:00 |
|
Edward Z. Yang
|
de82f9845f
|
Release 4.9.1 (sic)
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-08 00:22:36 -08:00 |
|
Edward Z. Yang
|
74f123a84c
|
Fix #83.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-07 17:52:41 -08:00 |
|
Edward Z. Yang
|
7e11c271b9
|
Revamp entity decoding to be more like HTML5.
See %Core.LegacyEntityDecoder for more details.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-07 17:34:59 -08:00 |
|
Edward Z. Yang
|
66bbae73a9
|
Comment on why it's a non-greedy match.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-06 23:27:30 -08:00 |
|
Edward Z. Yang
|
b19dcb0ba5
|
CHANGELOG for #120 fix, and remove the array_filter.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-06 23:06:24 -08:00 |
|
Edward Z. Yang
|
0c31b22240
|
Merge pull request #118 from fxbt/master
Add hsl, hsla and rgba support for css color attribute definition
|
2017-03-06 23:01:06 -08:00 |
|
Edward Z. Yang
|
5662efc936
|
Fix #78.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-06 22:54:54 -08:00 |
|
Edward Z. Yang
|
353c96f156
|
Document skips in more detail, #116.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-06 20:31:28 -08:00 |
|
Edward Z. Yang
|
4047a6230b
|
Extra cleanup on cleanUTF8.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-03-06 16:31:02 -08:00 |
|
Andrey Pozolotin
|
9195cb7a2e
|
Added escape sequense
|
2017-03-06 16:28:53 -08:00 |
|
Andrey Pozolotin
|
39c4c359ad
|
Fixing PREG_BACKTRACK_LIMIT_ERROR in HTMLPurifier_Filter_ExtractStyleBlocks
|
2017-03-06 16:28:53 -08:00 |
|
mpyw
|
f145f64bf4
|
Fix #122: correct surrogate pair range
|
2017-03-04 15:38:01 +09:00 |
|
f.godfrin
|
12185143ef
|
Use a constructor and a property for the alpha check
|
2017-02-10 21:03:11 +01:00 |
|
f.godfrin
|
17a90a951a
|
Better regex for mungeRgb
|
2017-02-10 00:40:56 +01:00 |
|
f.godfrin
|
0bab4b9fd0
|
Fix mungeRgb to handle percent, float and hsl values
|
2017-02-10 00:38:05 +01:00 |
|
f.godfrin
|
0d5ab2fe13
|
Include hsl and hsla support
|
2017-02-09 23:34:19 +01:00 |
|
f.godfrin
|
d41a59e422
|
Add rgba support for css color attribute definition
|
2017-02-09 22:18:15 +01:00 |
|
Bastian Hofmann
|
8e4cacf0a7
|
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
|
2017-02-03 16:54:51 -08:00 |
|
Bastian Hofmann
|
c82051c3e1
|
Add HTML.Noopener to add a noopener rel to every external link
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
|
2017-02-03 16:54:51 -08:00 |
|
Edward Z. Yang
|
1b7d684d07
|
Remove $a = array($a) which is miscompiled by Zend OpCache.
Fixes #108.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2017-01-04 14:35:52 -05:00 |
|
Edward Z. Yang
|
5070404376
|
Handle semicolons in strings in CSS correctly.
Fixes http://htmlpurifier.org/phorum/read.php?3,7522,8096
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-10-29 00:01:19 -07:00 |
|
Edward Z. Yang
|
59463c5c39
|
Allow %URI.DefaultScheme to be null.
Fixes #103.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-10-27 17:30:44 -07:00 |
|
Edward Z. Yang
|
3ba9133b21
|
Don't assume that idn_to_ascii does validation.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-10-27 02:00:46 -07:00 |
|
yan_kos
|
4dc68aa920
|
FIX directory not closing
#100
|
2016-10-15 16:20:47 +03:00 |
|
Edward Z. Yang
|
08eee90e15
|
Delete asserts, fixes #97.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-10-02 00:14:41 -07:00 |
|
Edward Z. Yang
|
1ef4375dbb
|
Proposed fix to Serializer code.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-09-05 15:24:08 -07:00 |
|
zema
|
246fc8946a
|
css properties: min-width, max-width, min-height, max-height
|
2016-09-05 10:45:58 +03:00 |
|
Nick del Pozo
|
1f982d279f
|
rollback change to permissions
|
2016-07-29 08:56:36 +09:00 |
|
Nick del Pozo
|
8be8cee9b3
|
changed chmod behaviour in Serializer
|
2016-07-27 12:56:03 +09:00 |
|
Edward Z. Yang
|
d0c392f77d
|
Release 4.8.0
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-07-16 05:58:58 -07:00 |
|
Edward Z. Yang
|
d1c5d75027
|
Fix #73 with Attr.ID.HTML5
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-07-16 05:52:45 -07:00 |
|
Bart Butler
|
3747cb7efb
|
avoid exif_imagetype exception with small files/corrupt data URI
|
2016-07-16 05:23:17 -07:00 |
|
Edward Z. Yang
|
0166c3728b
|
Stop trying to chmod if SerializerPermissions is null, fixes #71
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-07-01 16:04:11 -04:00 |
|
Edward Z. Yang
|
ed180f595d
|
Hack to fix #85
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-07-01 15:52:09 -04:00 |
|
Edward Z. Yang
|
44baee6a82
|
Partial border-radius support.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-06-30 22:22:13 -04:00 |
|
Cameron Ball
|
1675fc7caf
|
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-06-30 21:53:43 -04:00 |
|
Wes Cossick
|
cc35c8eb8c
|
tel protocol support.
|
2016-06-30 21:19:49 -04:00 |
|
Edward Z. Yang
|
43a9f052fd
|
Fix #57, make flashvars check (and others) case-insensitive.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-27 15:56:30 -07:00 |
|
Edward Z. Yang
|
b4981c3395
|
Fix #67, don't use <body> tags in comments for %Core.ConvertDocumentToFragment
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-27 15:19:32 -07:00 |
|
Edward Z. Yang
|
f14076dc3e
|
Fix #49; prevent readdir infinite loop when cache directory not listable.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-27 14:53:31 -07:00 |
|
Edward Z. Yang
|
91fd55c857
|
Fix #45, errors when ul/ol allowed without li.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-26 22:41:54 -07:00 |
|
Chimpzee
|
6e00b443cd
|
Bug with tempnam("/tmp", "");
Some hostings have a different temporary path than "/tmp".
|
2016-03-24 20:19:57 -07:00 |
|
Edward Z. Yang
|
1f3e282fde
|
Fix a bounds error which now errors in PHP 7.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-24 00:13:08 -07:00 |
|
Edward Z. Yang
|
753c830239
|
Update to work with Git version of SimpleTest.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-24 00:08:03 -07:00 |
|
Edward Z. Yang
|
45161b4fb1
|
Accept leading digits in hostnames as per RFC 1123.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
|
2016-03-23 22:42:21 -07:00 |
|