0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-10 07:38:41 +00:00
Commit Graph

32 Commits

Author SHA1 Message Date
f.godfrin
bd92f3531b Remove double % 2017-02-09 23:37:36 +01:00
f.godfrin
0d5ab2fe13 Include hsl and hsla support 2017-02-09 23:34:19 +01:00
f.godfrin
d41a59e422 Add rgba support for css color attribute definition 2017-02-09 22:18:15 +01:00
Edward Z. Yang
753c830239 Update to work with Git version of SimpleTest.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-24 00:08:03 -07:00
Synchro
25db9e1dd0 Don't use PHP4-style constructors 2016-03-16 17:09:41 -07:00
Marcus Bointon
fac747bdbd PSR-2 reformatting PHPDoc corrections
With minor corrections.

Signed-off-by: Marcus Bointon <marcus@synchromedia.co.uk>
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2013-08-17 22:27:26 -04:00
Edward Z. Yang
0124605918 Fix CSS URL innerHTML/cssText escaping bug.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-03-27 21:24:32 +01:00
Edward Z. Yang
afb007d22f Protect against font family innerHTML/cssText attacks.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-03-27 20:35:43 +01:00
Edward Z. Yang
94ed3b1231 Implement CSS.AllowedFonts.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-03-24 22:54:39 +00:00
Edward Z. Yang
d3abcb90e3 Rewrite CSS url() and font-family output logic.
The new logic is as follows:

* Given a URL to insert into url(), check that it is properly URL
  encoded (in particular, a doublequote and backslash never occurs
  within it) and then place it as url("http://example.com").

* Given a font name, if it is strictly alphanumeric, it is safe to omit
  quotes. Otherwise, wrap in double quotes and replace '"' with '\22 '
  (note trailing space) and '\' with '\5C ' (ditto).

We introduce expandCSSEscape() which is a hack for common parsing
idioms in CSS; this means that CSS escapes are now recognized inside
URLs as well as unquoted font names.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-05-31 18:45:21 -07:00
Edward Z. Yang
3166b8a10f Fix bug in background-position with center keyword.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-05-05 15:08:57 -04:00
Edward Z. Yang
da94d3d6ac Always quote the contents of url() in CSS.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2010-04-26 12:10:15 -04:00
Edward Z. Yang
12b811d749 Add vim modelines to all files.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-06 04:24:59 -05:00
Edward Z. Yang
2c955af135 Remove trailing whitespace.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-12-06 02:28:20 -05:00
Edward Z. Yang
643ed1bddc [3.1.1] Fix text-decoration: none bug
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1799 48356398-32a2-884e-a903-53898d9a118a
2008-06-17 03:12:50 +00:00
Edward Z. Yang
bb16d8eae5 [3.1.1] Fix Shift_JIS encoding wonkiness with yen symbols and whatnot
- Improve parseCDATA algorithm to take into account newline normalization
- Fix regression in FontFamily validator. We now have a legit parser in place, albeit somewhat limited in use. Will be superseded by parser for entire grammar
- Convert EncoderTest to new format

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1769 48356398-32a2-884e-a903-53898d9a118a
2008-05-25 05:40:20 +00:00
Edward Z. Yang
10530d7f81 [3.1.1] Fix stray backslashes in font-family.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1768 48356398-32a2-884e-a903-53898d9a118a
2008-05-24 18:19:36 +00:00
Edward Z. Yang
1a95852007 [3.1.1] Implement more robust imagecrash protection for CSS width/height.
- Change API for HTMLPurifier_AttrDef_CSS_Length
- Implement HTMLPurifier_AttrDef_Switch class
- Implement HTMLPurifier_Length->compareTo, and make make() accept object instances

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1754 48356398-32a2-884e-a903-53898d9a118a
2008-05-21 01:56:48 +00:00
Edward Z. Yang
3b5effcb72 - Removed tally(), swallowErrors(), assertNoErrors()
- Removed unnecessary ampersands

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1657 48356398-32a2-884e-a903-53898d9a118a
2008-04-14 03:06:36 +00:00
Edward Z. Yang
93babf0a88 [3.1.0] Fix bug with rgb() w/ spaces inside shorthand CSS properties
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1612 48356398-32a2-884e-a903-53898d9a118a
2008-03-16 19:14:39 +00:00
Edward Z. Yang
30eb982961 [3.1.0] Add support for !important, with %CSS.AllowImportant
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1578 48356398-32a2-884e-a903-53898d9a118a
2008-02-25 21:58:17 +00:00
Edward Z. Yang
fbc595ebed Remove includes from unit tests.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1569 48356398-32a2-884e-a903-53898d9a118a
2008-02-18 04:41:42 +00:00
Edward Z. Yang
ae1c8f47cc [3.0.0] Allow filter:none for proprietary filter property
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1474 48356398-32a2-884e-a903-53898d9a118a
2007-12-17 22:12:11 +00:00
Edward Z. Yang
0f961c6af4 [3.0.0] [BACKPORT] More work for hire from Chris
! Experimental support for some proprietary CSS attributes allowed: opacity (and all of the browser-specific equivalents) and scrollbar colors. Enable by setting %CSS.Proprietary to true.
- Colors missing # but in hex form will be corrected
- CSS Number algorithm improved
. New classes:
  + HTMLPurifier_AttrDef_CSS_AlphaValue
  + HTMLPurifier_AttrDef_CSS_Filter

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1473 48356398-32a2-884e-a903-53898d9a118a
2007-12-16 23:16:45 +00:00
Edward Z. Yang
43f01925cd Convert to PHP 5 only codebase, adding visibility modifiers to all members and methods in the main library area (function only for test methods)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1458 48356398-32a2-884e-a903-53898d9a118a
2007-11-25 02:24:39 +00:00
Edward Z. Yang
a40e16dd2e [2.1.0] Allow i18n font names
- Minor typos fixed; we're release ready!

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1350 48356398-32a2-884e-a903-53898d9a118a
2007-08-03 02:48:52 +00:00
Edward Z. Yang
e99520ab96 Remove trailing ?> in PHP library files, add trailing newlines to all other files.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1253 48356398-32a2-884e-a903-53898d9a118a
2007-06-27 13:58:32 +00:00
Edward Z. Yang
ae90bb919d Remove unnecessary $this parameters from mock instantiation; SimpleTest doesn't use it!
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1243 48356398-32a2-884e-a903-53898d9a118a
2007-06-26 15:40:04 +00:00
Edward Z. Yang
0ea04db559 [1.7.0] Finish implementing legacy elements, begin implementing legacy attributes
- Migrated most unit tests over to XHTML 1.0 Strict to preserve transformation behavior
- Created %Core.ColorKeywords to be shared between CSS_Color and HTML_Color
- Added AttrDef_HTML_Color as AttrType Color
- HTMLPurifier_Config::create(HTMLPurifier_Config $config) now clones the object
- Attribute minimization for HTML implemented in Generator
- Move div@align fix from proprietary to regular set
- Color keywords now map to full six digit hexadecimal codes
- Harness will now tack on per-use-case configuration

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1084 48356398-32a2-884e-a903-53898d9a118a
2007-05-21 01:36:15 +00:00
Edward Z. Yang
0167f8aa84 [1.5.1] Try separating out declarations, might stop segfaulting.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@911 48356398-32a2-884e-a903-53898d9a118a
2007-03-27 23:15:01 +00:00
Edward Z. Yang
f1a90e684b [1.5.1] Separate out trouble area that's having segfaults. (note: this commit actually inadvertently let us discover a fix for the segfault, applied in the next revision).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@910 48356398-32a2-884e-a903-53898d9a118a
2007-03-27 23:07:21 +00:00
Edward Z. Yang
c05eebee15 [1.5.0] AttrDef partitioned into HTML, CSS and URI segments. Also, some minor bugs with MultiLength fixed.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@747 48356398-32a2-884e-a903-53898d9a118a
2007-02-14 20:38:51 +00:00