0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-10 07:38:41 +00:00
Commit Graph

1086 Commits

Author SHA1 Message Date
Edward Z. Yang
38e0485fcd Prevent image crash attacks.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@268 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 22:53:12 +00:00
Edward Z. Yang
52c598730e Urldecode the US-ASCII test.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@267 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 22:03:04 +00:00
Edward Z. Yang
5690c9e0a2 Further optimization: 20% - 12%. Also fixed broken benchmarks.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@266 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 21:19:45 +00:00
Edward Z. Yang
acd7ceb940 Major optimization on tokenizeDOM(), reduce execution time from 75% to 20% by passing tokens by reference and using a token factory.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@265 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 20:19:16 +00:00
Edward Z. Yang
ed79facadf Add profiling capabilities to demo.php .
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@264 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 15:33:24 +00:00
Edward Z. Yang
44e95dac34 Add more threads to Devnetwork.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@263 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 14:24:37 +00:00
Edward Z. Yang
386b5679d3 Spelling fix.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@262 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 12:59:41 +00:00
Edward Z. Yang
a20287e582 Add license document. We still haven't added notices to all the source files though.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@261 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 12:54:27 +00:00
Edward Z. Yang
cedcbb9e15 Update TODO, add extra fringe test-case for extractBody()
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@259 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 01:14:39 +00:00
Edward Z. Yang
9a35dfa6b9 Add support for full document parsing, aka discard everything that's not in-between body if applicable.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@258 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 00:53:24 +00:00
Edward Z. Yang
d7140f2e05 Outfit a bunch of other classes so they can accept a configuration object. Put in basic scaffolding for extractBody() functionality.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@257 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 00:31:12 +00:00
Edward Z. Yang
24c64dbbac Implement attribute transforms for required attributes. I can now confidently say that output will always be valid.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@256 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 23:11:28 +00:00
Edward Z. Yang
e770d994a7 Rename Definition to HTMLDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@255 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:22:49 +00:00
Edward Z. Yang
4ef26bbd31 Update docs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@254 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:21:54 +00:00
Edward Z. Yang
218eb67167 Remove legacy required code from AttrDef_URI, also explicitly disallow < and > in URIs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@253 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:06:57 +00:00
Edward Z. Yang
299236f695 Fix DOM bug where default encoding for HTML docs is not UTF-8.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@252 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 13:27:18 +00:00
Edward Z. Yang
ebf0da9b78 Add UTF-8 encoding declaration to htmlspecialchars.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@251 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 13:08:59 +00:00
Edward Z. Yang
8c1a4c63ba Fix minor mispelling.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@250 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 04:15:39 +00:00
Edward Z. Yang
25026cc168 Fix misleading statement: To say it's completely done is incorrect: if the URI is missing to begin with, the lenient output won't get it.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@249 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 04:14:09 +00:00
Edward Z. Yang
9ac52b51dd Bugfix: test overwrite another.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@248 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 04:01:05 +00:00
Edward Z. Yang
b8e6e16b5c Commit XSS cheatsheet-based smoketest.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@247 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 03:40:51 +00:00
Edward Z. Yang
d9d2fea769 Format config-ideas correctly.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@246 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 03:05:28 +00:00
Edward Z. Yang
4bf0398984 Add sample test file which demonstrates basic usage.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@245 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:57:16 +00:00
Edward Z. Yang
4cf7d4acfe Bugfix: add missing include Percentage
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@244 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:47:49 +00:00
Edward Z. Yang
238678871e - Fixed lots of bugs
- Defined new directive %Core.EscapeInvalidChildren, for previously commented out functionality
- Removed convenience configuration generation: you *have* to pass it unless you're interfacing with HTMLPurifier
- Homogenized function parameters even when only a few of them are used
- Rewrote unit tests that expected previous behavior
- Introduced configuration object to ChildDef tests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@243 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:46:34 +00:00
Edward Z. Yang
0170bb2120 Add Percentage, and font-size (not all styles fully realized yet though).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@242 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:08:45 +00:00
Edward Z. Yang
76b593e060 Have child definition drop invalid tags.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@241 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 01:40:44 +00:00
Edward Z. Yang
f72d8d3dc1 Add missing caption child definition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@240 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 01:24:01 +00:00
Edward Z. Yang
681e91b75f Rename to demo.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@239 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 00:29:25 +00:00
Edward Z. Yang
35fa08420d Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 00:27:15 +00:00
Edward Z. Yang
b5ff592157 Add CSSLength support, and roll out to all applicable styles.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@237 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 23:08:38 +00:00
Edward Z. Yang
ff7fdaca38 Commit AttrDef number, currently used by no styles right now, but percentage and length will piggy-back off it.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@236 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 22:35:55 +00:00
Edward Z. Yang
71c4a3c50c Commit dud AttrDef integer.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@235 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:59:52 +00:00
Edward Z. Yang
eca0f68c1f CSS parsed as CDATA.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@234 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:44:52 +00:00
Edward Z. Yang
a5ebf55d0e Make note that this is HTML specific.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@233 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:41:53 +00:00
Edward Z. Yang
61d977d09f Add slight documentation to CompositeTest.php
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@232 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:35:06 +00:00
Edward Z. Yang
4ffb2da238 Implement the color AttrDef.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@230 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:23:57 +00:00
Edward Z. Yang
415b7d3913 Add more information to progress document, fix an invalid definition in CSSDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@229 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 19:08:14 +00:00
Edward Z. Yang
8b45c7601a Implement Composite attribute definition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@228 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 18:16:30 +00:00
Edward Z. Yang
441a0cbe94 Minor formatting fixes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@227 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 17:05:30 +00:00
Edward Z. Yang
1e2f853f4f Implemented CSS properties whose valid values were enumerated. Accept inherit for all properties. Some composite unit tests.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@226 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 16:52:31 +00:00
Edward Z. Yang
d721066d27 Make CSS validator drop duplicate declarations.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@225 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 04:52:40 +00:00
Edward Z. Yang
bb2a30ee97 Update Progress document with more annotations and executive decisions about what not to implement.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@224 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 04:50:15 +00:00
Edward Z. Yang
7c86e3cc0f Commit initial implementation of AttrDef_CSS, with text-align being the only defined property. Further development will be going on in AttrDef and CSSDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@223 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 20:22:09 +00:00
Edward Z. Yang
df52406a88 Commit optimization document.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@222 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:59:49 +00:00
Edward Z. Yang
50e9784677 Commit code-quality tracking documentation.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@221 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:56:37 +00:00
Edward Z. Yang
4fe9d943e8 Hook in URI to Definition. Update progress documents.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@220 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:22:57 +00:00
Edward Z. Yang
4193fd018a Commit a very lenient mailto checker. We'll tighten it later.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:11:21 +00:00
Edward Z. Yang
d28bad648a Implement URIScheme and subclasses except for mailto. Remove fragment from components, as it is scheme independent.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@218 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 18:58:54 +00:00
Edward Z. Yang
e56c3fcd20 Update TODO with things we aren't going to fix right now.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@217 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 17:13:40 +00:00