Kieran
ce9cf2ec99
Fix creation of dynamic property ( #337 )
2022-09-10 14:03:42 -04:00
Kieran
36e06603a8
Fix creation of dynamic property ( #333 )
2022-09-06 13:05:15 -04:00
Kieran
dbbd3e59f9
Add contenteditable attribute definition ( #332 )
...
* Add contenteditable attribute definition
* gate behind html.trusted
* use enum
2022-09-06 13:04:45 -04:00
Tim Düsterhus
1b80051115
Fix some more PHP 8.2 deprecations ( #330 )
...
* Define HTMLPurifier_AttrTransform_SafeParam::$wmode
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_EntityParserTest::$_entity_lookup
This fixes a PHP 8.2 deprecation.
2022-09-02 21:38:58 -04:00
Tim Düsterhus
c60bba1fe4
Fix test selection logic in tests/test_files.php ( #329 )
...
Selecting the `fstools` tests also executed the `htmlt` tests.
2022-09-02 21:35:32 -04:00
Kieran
3fc193c755
Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter ( #323 )
2022-06-27 17:20:36 -04:00
Tim Düsterhus
1db36fb09d
Fix some PHP 8.2 deprecations ( #319 )
...
* Define HTMLPurifier_Lexer::$_entity_parser property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_URIFilterHarness::$filter property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_AttrTransform_NameSync::$idDef property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_AttrTransform_NameSyncTest::$accumulator property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_AttrValidator_ErrorsTest::$language property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_ChildDef_List::$whitespace property
This fixes a PHP 8.2 deprecation.
* Do not modify incoming tokens in RemoveSpansWithoutAttributes
Previously the undefined property `->markForDeletion` was added to the incoming
tokens. This causes a deprecation in PHP 8.2. Fix this by storing to-be-deleted
tokens inside SplObjectStorage. In PHP 8 a WeakMap would be preferable, as that
prevents leaks if `handleEnd` is never called for the token.
2022-06-10 16:30:01 -04:00
Václav Smítal
6f9aac9325
CSS: Add "background-size" tag support ( #289 )
2021-04-22 10:01:00 -04:00
Marcus Artner
214cb8a693
Fixed Issue #264 : <thead> element removed from <table> if there are no <tbody> or <tr> elements ( #283 )
2021-01-26 11:11:50 -05:00
Edward Z. Yang
ce7efc11b2
Delete language tests that are interfering with PSR-0 compatibility
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2020-06-28 20:38:16 -04:00
Mateusz Turcza
3bdc031224
Add %HTML.Forms config directive ( #260 )
...
The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted
value. This adds support for form elements without enabling other unsafe
modules, such as Scripts, Iframe or Object.
To achieve the same effect without this directive one has to explicitly list
all enabled modules in %HTML.AllowedModules, and any not listed will be
removed. This however is not very convenient, as the allowed modules may vary
between doctypes.
Resolves #213 .
2020-06-28 20:26:33 -04:00
Fräntz Miccoli
ced089434d
Make purifyArray work with empty array ( #245 )
2020-02-22 12:12:02 -05:00
lubomirbartos
df923d1f15
Issue 238 remove leading zeroes except if there is only zero ( #239 )
...
* Issue 238 remove leading zeroes except if there is only zero
* Issue-238 unit test fixes
2019-11-21 10:05:07 -05:00
Sandro Miguel Marques
b91833877a
Method purifyArray() updated ( #143 )
...
* Methof purifyArray() updated
Now it works with multidimensional arrays
* Add test case.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2019-07-14 14:10:33 -04:00
Edward Z. Yang
abba77a80b
Recent PHPs default to display_error=0, override this in index.php
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2019-07-14 14:04:12 -04:00
Michael Kliewe
7cfc44654a
CSS: added "initial" and "inherit" to width + height ( #144 )
...
* CSS: added "initial" and "inherit" to width + height
CSS: added "initial" and "inherit" to min-width + min-height, removed "auto"
CSS: added "initial" and "inherit" and "none" to max-width + max-height, removed "auto"
* Fixed test: min-width:auto; should be false
2019-07-14 13:20:58 -04:00
msuzuki
8c153eef3a
Supported hundreds of nested HTML ( #202 )
...
* Supported hundreds of nested HTML (#201 )
* Add Core.AllowParseManyTags
2019-07-14 13:15:31 -04:00
Darko Hrgovic
f03e1a2c48
Fixed reserved words in constants for PHP 7 as per https://www.php.net/manual/en/reserved.other-reserved-words.php ( #222 )
2019-07-10 22:24:27 -04:00
Edward Z. Yang
3d15f5253b
Don't define __autoload; rely on spl_autoload_register
...
Fixes #196
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:55:01 -05:00
Edward Z. Yang
0f7b138aaf
Make SafeScripting case-sensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2018-11-11 16:21:58 -05:00
Dimitri Gritsajuk
5a01e6535d
[SafeScripting] disable autoclosing of <script /> tag ( #198 )
2018-11-11 15:04:11 -05:00
Jan Dageförde
67c3798922
Add relative length units from CSS 3
...
cf. https://www.w3schools.com/cssref/css_units.asp
2017-12-22 21:59:47 -05:00
Marina Glancy
ce0ede24de
Use IDNA2008 for converting domains to ASCII
2017-10-03 11:19:50 -04:00
Edward Z. Yang
5bc7c72608
Add tests for new entity decoding codepath.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-12 20:05:09 -07:00
Edward Z. Yang
9d2d75d8bc
Add test case for removing empty list items.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-08 00:11:32 -08:00
Edward Z. Yang
7e11c271b9
Revamp entity decoding to be more like HTML5.
...
See %Core.LegacyEntityDecoder for more details.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-07 17:34:59 -08:00
Edward Z. Yang
5886326cd0
Test for catastrophic backtracking.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 23:26:55 -08:00
Edward Z. Yang
0c31b22240
Merge pull request #118 from fxbt/master
...
Add hsl, hsla and rgba support for css color attribute definition
2017-03-06 23:01:06 -08:00
Edward Z. Yang
5662efc936
Fix #78 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2017-03-06 22:54:54 -08:00
mpyw
d16e73e63e
Add test for #122
2017-03-04 15:40:44 +09:00
f.godfrin
0bab4b9fd0
Fix mungeRgb to handle percent, float and hsl values
2017-02-10 00:38:05 +01:00
f.godfrin
bd92f3531b
Remove double %
2017-02-09 23:37:36 +01:00
f.godfrin
0d5ab2fe13
Include hsl and hsla support
2017-02-09 23:34:19 +01:00
f.godfrin
d41a59e422
Add rgba support for css color attribute definition
2017-02-09 22:18:15 +01:00
Bastian Hofmann
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
Bastian Hofmann
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00
Edward Z. Yang
5070404376
Handle semicolons in strings in CSS correctly.
...
Fixes http://htmlpurifier.org/phorum/read.php?3,7522,8096
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-29 00:01:19 -07:00
Edward Z. Yang
59463c5c39
Allow %URI.DefaultScheme to be null.
...
Fixes #103 .
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 17:30:44 -07:00
Edward Z. Yang
20b40a5441
Travis support.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 02:00:47 -07:00
Edward Z. Yang
8b28e571fe
Handle case when IDNAs are supported.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 02:00:46 -07:00
Edward Z. Yang
3ae21ce511
PHP 7.0 warnings fix: don't pass rvalue by reference.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-10-27 02:00:46 -07:00
zema
246fc8946a
css properties: min-width, max-width, min-height, max-height
2016-09-05 10:45:58 +03:00
Edward Z. Yang
d1c5d75027
Fix #73 with Attr.ID.HTML5
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-07-16 05:52:45 -07:00
Bart Butler
3747cb7efb
avoid exif_imagetype exception with small files/corrupt data URI
2016-07-16 05:23:17 -07:00
Edward Z. Yang
44baee6a82
Partial border-radius support.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-06-30 22:22:13 -04:00
Cameron Ball
1675fc7caf
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-06-30 21:53:43 -04:00
Wes Cossick
cc35c8eb8c
tel protocol support.
2016-06-30 21:19:49 -04:00
Edward Z. Yang
43a9f052fd
Fix #57 , make flashvars check (and others) case-insensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-27 15:56:30 -07:00
Edward Z. Yang
b4981c3395
Fix #67 , don't use <body> tags in comments for %Core.ConvertDocumentToFragment
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-27 15:19:32 -07:00
Edward Z. Yang
f14076dc3e
Fix #49 ; prevent readdir infinite loop when cache directory not listable.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2016-03-27 14:53:31 -07:00