semantic-release-bot
bbc513d79a
chore(release): 4.17.0 [skip ci]
...
# [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0 ) (2023-11-17)
### Bug Fixes
* CSSTidy ImportantComments not handled properly ([#359 ](https://github.com/ezyang/htmlpurifier/issues/359 )) ([78a9b4d78a9b4d0da#361 ](https://github.com/ezyang/htmlpurifier/issues/361 )) ([9ec687c9ec687c904#363 ](https://github.com/ezyang/htmlpurifier/issues/363 )) ([0176ef40176ef4bb6#339 ](https://github.com/ezyang/htmlpurifier/issues/339 )) ([d82f3d9d82f3d996a#341 ](https://github.com/ezyang/htmlpurifier/issues/341 )) ([e55feade55fead09f#339 ](https://github.com/ezyang/htmlpurifier/issues/339 )
* Support for locales using decimal separators other than . (dot) ([#372 ](https://github.com/ezyang/htmlpurifier/issues/372 )) ([43f49ac43f49ac9a5#360 ](https://github.com/ezyang/htmlpurifier/issues/360 )) ([2d775c02d775c0187#389 ](https://github.com/ezyang/htmlpurifier/issues/389 )) ([ec92490ec92490139#388 ](https://github.com/ezyang/htmlpurifier/issues/388 )
### Reverts
* Revert "fix: semantic release (#339 )" (#340 ) ([3e832153e832152a6#339 ](https://github.com/ezyang/htmlpurifier/issues/339 ) [#340 ](https://github.com/ezyang/htmlpurifier/issues/340 )
2023-11-17 15:01:25 +00:00
Edward Z. Yang
8d9f4c9ec1
Release 4.15.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2022-09-18 02:23:57 -04:00
Edward Z. Yang
12ab42bd6e
Release 4.14.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2021-12-24 20:21:49 -05:00
Edward Z. Yang
08e27c97e4
Release 4.13.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2020-06-28 20:56:53 -04:00
Edward Z. Yang
a617e55bc6
Release 4.12.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2019-10-27 23:44:26 -04:00
Edward Z. Yang
83ab08bc1a
Release 4.11.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2019-07-14 14:58:38 -04:00
Edward Z. Yang
d85d39da45
Release 4.10.0
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-02-22 20:58:20 -05:00
Edward Z. Yang
95e1bae318
Release 4.9.3
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-06-02 22:28:16 -04:00
Edward Z. Yang
6d50e5282a
Release 4.9.2
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-12 23:30:53 -07:00
Edward Z. Yang
de82f9845f
Release 4.9.1 (sic)
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-08 00:22:36 -08:00
Edward Z. Yang
564af61809
Usage/includes update.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 23:06:56 -08:00
Bastian Hofmann
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
Bastian Hofmann
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00
Edward Z. Yang
d0c392f77d
Release 4.8.0
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-07-16 05:58:58 -07:00
Cameron Ball
1675fc7caf
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-06-30 21:53:43 -04:00
Wes Cossick
cc35c8eb8c
tel protocol support.
2016-06-30 21:19:49 -04:00
Edward Z. Yang
ae1828d955
Release 4.7.0.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2015-08-04 18:03:42 -07:00
Edward Z. Yang
6f389f0f25
Release 4.6.0.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2013-11-30 00:25:19 -08:00
Edward Z. Yang
b3640e1af6
Add conversion functions for our own tree format.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-10-20 15:05:11 -07:00
Edward Z. Yang
f17490f009
Implementation of a Zipper, for efficient splice.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-10-13 01:16:32 -07:00
Edward Z. Yang
412bae13b5
Fix quadratic behavior in DOMLex due to array_shift.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-09-17 00:48:42 -07:00
Edward Z. Yang
d516e2f8de
Release 4.5.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-02-17 16:04:08 -08:00
Edward Z. Yang
2189a9430f
Support for safe external scripts via explicit whitelist.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2012-04-27 17:44:49 -04:00
Edward Z. Yang
17af0e4fc1
Release 4.4.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2012-01-18 19:22:31 -05:00
Edward Z. Yang
1c7fedff5a
Tighter CSS selector validation.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2012-01-17 15:36:26 -05:00
Edward Z. Yang
e0354fecd9
Make forms work for transitional doctypes.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-30 22:56:44 +08:00
Bradley M. Froehle
4164b2eb2b
Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage.
...
The purpose of this addition is twofold. In trusted mode, iframes are
now unconditionally allowed.
However, many online video providers (YouTube, Vimeo) and other web
applications (Google Maps, Google Calendar, etc) provide embed code in
iframe format, which is useful functionality in untrusted mode.
You can specify iframes as trusted elements with %HTML.SafeIframe;
however, you need to additionally specify a whitelist mechanism such as
%URI.SafeIframeRegexp to say what iframe embeds are OK (by default
everything is rejected).
Note: As iframes are invalid in strict doctypes, you will not be able to
use them there.
We also added an always_load parameter to URIFilters in order to support
the strange nature of the SafeIframe URIFilter (it always needs to be
loaded, due to the inability of accessing the %HTML.SafeIframe directive
to see if it's needed!) We expect this URIFilter can expand in the future
to offer more complex validation mechanisms.
Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-26 21:50:53 +08:00
Edward Z. Yang
3570c9985a
Properly handle nested sublists by folding into previous list item.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-26 14:00:34 +08:00
Edward Z. Yang
8d572993b4
Implement %HTML.TargetBlank
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-12-26 08:36:00 +08:00
Edward Z. Yang
f1439f0af5
Release 4.3.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-03-27 23:02:49 +01:00
Edward Z. Yang
8c80349f9d
Implement HTML.Nofollow for external links.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-09-28 12:01:57 -04:00
Edward Z. Yang
882ffed9ba
Release 4.2.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-09-15 02:52:57 -04:00
Tomasz Muras
9573f0933d
Make newline normalization optional.
2010-09-14 23:49:28 -04:00
Edward Z. Yang
eac628f490
Add %CSS.ForbiddenProperties directive.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-09-04 02:59:03 -04:00
Edward Z. Yang
18e538317a
Release 4.1.1.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-05-31 20:17:31 -07:00
Edward Z. Yang
f4c6e10ff7
Release 4.1.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-04-26 18:31:40 -04:00
Edward Z. Yang
97125ed18b
Implement data URI scheme.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-03-07 21:45:39 -05:00
Paul Stone
9a9036c689
Implement auto-formatter that removes empty span tags.
...
Signed-off-by: Paul Stone <patches@pdjs.co.uk>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-03-07 18:59:33 -05:00
Edward Z. Yang
53ff3e2744
Release 4.0.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2009-07-07 22:41:01 -04:00
Edward Z. Yang
baf053b016
Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2009-05-25 22:08:45 -04:00
Edward Z. Yang
fcbf724e6e
Make name="" and id="" play nicely together.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2009-02-21 02:58:30 -05:00
Edward Z. Yang
e9f529e78f
Release 3.3.0.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2009-02-16 17:18:31 -05:00
Edward Z. Yang
0c9dfc6c3d
Don't add vimline to auto-generated files.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-12 15:44:13 -05:00
Edward Z. Yang
12b811d749
Add vim modelines to all files.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-06 04:24:59 -05:00
Edward Z. Yang
2c955af135
Remove trailing whitespace.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-06 02:28:20 -05:00
Edward Z. Yang
280211f70b
Release 3.2.0.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-10-31 16:30:54 -04:00
David Morton
0b6ae1c3c1
Custom Injector to display URL address along with link text.
...
When viewing potentially hostile html, it may be helpful to see what
a given link was pointing to. This new injector takes the href
attribute and adds the text after the link, and deletes the href
attribute.
Other forms of display could easily be contrived, but this seems to be
a good basic way to present the information.
Signed-off-by: David Morton <mortonda@dgrmm.net>
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-10-23 17:11:29 -04:00
Edward Z. Yang
d0fdcc103e
Add support for proprietary "background" attribute in table elements.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-09-27 21:19:35 -04:00
Edward Z. Yang
6a06b92f0c
Setup ErrorCollector to maintain new error format, and output that HTML.
...
Also changed:
- DirectLex keeps track of column numbers in context
- New class HTMLPurifier_ErrorStruct
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-09-15 19:08:58 -04:00
Edward Z. Yang
c9b6f125aa
Forms implementation for %HTML.Trusted. Some backend changes:
...
* Added Charsets and Character attribute types
* Fix a heavily recursive form of ContentSets, this allows a content-set
to include another content-set which includes another content-set, and
so forth.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-08-15 18:57:44 -04:00
