mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-20 03:05:18 +00:00
Code Releases Activity
1,441 Commits 5 Branches 65 Tags 9.1 MiB
6e37ecd1c8
Commit Graph

5 Commits

Author SHA1 Message Date
Edward Z. Yang
c0ad68108a Do checks against iconvAvailable because PHP 5.4 has botched iconv support. 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2012-10-27 02:27:57 -07:00
Edward Z. Yang
afb007d22f Protect against font family innerHTML/cssText attacks. 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2011-03-27 20:35:43 +01:00
Edward Z. Yang
d3abcb90e3 Rewrite CSS url() and font-family output logic. 
The new logic is as follows:

* Given a URL to insert into url(), check that it is properly URL
  encoded (in particular, a doublequote and backslash never occurs
  within it) and then place it as url("http://example.com").

* Given a font name, if it is strictly alphanumeric, it is safe to omit
  quotes. Otherwise, wrap in double quotes and replace '"' with '\22 '
  (note trailing space) and '\' with '\5C ' (ditto).

We introduce expandCSSEscape() which is a hack for common parsing
idioms in CSS; this means that CSS escapes are now recognized inside
URLs as well as unquoted font names.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2010-05-31 18:45:21 -07:00
Edward Z. Yang
12b811d749 Add vim modelines to all files. 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-12-06 04:24:59 -05:00
Edward Z. Yang
e05bd77344 Implement HTMLT tests, and migrate HTMLPurifierTest to this format. 
HTMLT tests are a compact and easy-to-use way of making assertPurification
type tests. They take the format of:

--INI--
Ns.Directive = "directive value"
--HTML--
Input HTML
--EXPECT--
Expected HTML

Expect more features and migration to be coming soon.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-07-07 08:59:33 -04:00