0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-14 01:08:41 +00:00
Commit Graph

70 Commits

Author SHA1 Message Date
Edward Z. Yang
4bdc0446de [1.3.0] New directive %URI.HostBlacklist for blocking links to bad hosts. xssAttacks.php smoketest updated accordingly.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@586 48356398-32a2-884e-a903-53898d9a118a
2006-11-26 23:14:12 +00:00
Edward Z. Yang
775763c583 [1.3.0] New directive %URI.Munge, munges URI so you can use some sort of redirector service to avoid PageRank leaks or warn users that they are exiting your site.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@576 48356398-32a2-884e-a903-53898d9a118a
2006-11-24 00:29:16 +00:00
Edward Z. Yang
49cb2a4a7c [1.3.0] More control of URIs granted
# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false.
! New directives %URI.DisableExternalResources and %URI.DisableResources
! New directive %Attr.DisableURI, which eliminates all hyperlinking
- Missing "Available since" documentation added

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 23:59:20 +00:00
Edward Z. Yang
82afd890c4 [1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@528 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 23:09:10 +00:00
Edward Z. Yang
7a4c7b3777 [1.2.0] [BC] ID attributes now disabled by default. New directives:
+ %HTML.EnableAttrID - restores old behavior by allowing IDs
  + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs so that they don't collide with your IDs
  + %Attr.IDPrefixLocal - Same as above, but for when there are multiple instances of user content on the page
  + Profuse documentation on how to use these available in id.txt

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@526 48356398-32a2-884e-a903-53898d9a118a
2006-11-17 01:05:41 +00:00
Edward Z. Yang
d48f9b6b21 [1.2.0]
- Update TODO
  . Add another possible plaintext formatter
  . Reference config-ideas.txt for URI options
- Update code-quality.txt, removing issues that have been addressed and updating time for post-beta
- Update config-ideas.txt
  . Added more possible URI directives
  . Removed silly language control directive
- Improved documentation on Class, CSS and Host

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@524 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 19:26:49 +00:00
Edward Z. Yang
f38fe431ed [1.2.0]
- Added %URI.DisableExternal, which prevents links to external websites. You can also use %URI.Host to permit absolute linking to subdomains
- Fixed a few bugs involving null configuration values

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@522 48356398-32a2-884e-a903-53898d9a118a
2006-11-12 03:35:41 +00:00
Edward Z. Yang
d2fd193bc4 [1.2.0] Implement primitive email regexp to be used for mailto. There are many spotty implementation issues, so this code is not actually called anywhere else currently.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@517 48356398-32a2-884e-a903-53898d9a118a
2006-11-08 03:10:43 +00:00
Edward Z. Yang
504203c0f3 [1.2.0] Added percent encoding normalization
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@509 48356398-32a2-884e-a903-53898d9a118a
2006-11-07 17:15:28 +00:00
Edward Z. Yang
74ba9b8629 [1.2.0] Add context parameter to URIScheme and URISchemeRegistry classes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@500 48356398-32a2-884e-a903-53898d9a118a
2006-10-27 01:20:10 +00:00
Edward Z. Yang
7d2fe4c5d7 [1.2.0]
- Factor out Config and Context object population through arrays
- Bring dependent assertions together in IDTest.php
- AttrDefHarness.php now resets context and configuration between tests
- Add missing reference operator in AttrDef/ID.php

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@494 48356398-32a2-884e-a903-53898d9a118a
2006-10-21 18:18:36 +00:00
Edward Z. Yang
2d6bf12fe0 [1.2.0]
- All important classes that use Context were migrated. Todo: Classes that currently use $config but not $context are AttrTransform (done in r493) and URIScheme+Registry (done in r500). There may be more classes, incl TagTransform (done in r497) that should have both $config and $context added.
- Strategy unit tests now migrated to use HTMLPurifier_Harness

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@485 48356398-32a2-884e-a903-53898d9a118a
2006-10-01 21:55:13 +00:00
Edward Z. Yang
4f8d83506d [1.1.1]
- Shuffle around TODO items, we're going to handle the URI deficiencies first
- Fix bugs in documentation :-P

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@441 48356398-32a2-884e-a903-53898d9a118a
2006-09-23 00:43:21 +00:00
Edward Z. Yang
3b30c2ca5b Renamed ConfigDef to ConfigSchema. (Required major internal restructuring but should not affect end-users)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@424 48356398-32a2-884e-a903-53898d9a118a
2006-09-16 22:36:58 +00:00
Edward Z. Yang
a5b4ed2126 [1.0.1] Fixed rejection of inline style declarations that had lots of extra space in them. This manifested in TinyMCE.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@382 48356398-32a2-884e-a903-53898d9a118a
2006-09-04 23:01:47 +00:00
Edward Z. Yang
b99573223d [1.1.0] Made URI validator more forgiving: will ignore leading and trailing quotes, apostrophes and less than or greater than signs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@380 48356398-32a2-884e-a903-53898d9a118a
2006-09-04 02:31:27 +00:00
Edward Z. Yang
14aeafcf22 De-singleton-ized (HTML|CSS)Definition, tying them to the configuration and making them more amenable to changes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@350 48356398-32a2-884e-a903-53898d9a118a
2006-08-31 20:33:07 +00:00
Edward Z. Yang
670d298a87 Implement list-style shorthand. Also, updated devnetwork.html with more recent threads.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@337 48356398-32a2-884e-a903-53898d9a118a
2006-08-29 02:01:58 +00:00
Edward Z. Yang
24cde9c891 Revamp configuration files so that more rules can be added, internal organization is more logical, and descriptions are captured.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@327 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 18:49:16 +00:00
Edward Z. Yang
0d4ee2ba37 Fix call-time pass by reference typos.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@326 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 02:08:50 +00:00
Edward Z. Yang
692a9abc0f Implement shorthand CSS property border.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@324 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 00:49:34 +00:00
Edward Z. Yang
ffe39d7f30 Basic color keywords translated into hexadecimal values.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@323 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 00:35:57 +00:00
Edward Z. Yang
80e79d906a Implement CSS property Font.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@321 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 00:11:13 +00:00
Edward Z. Yang
dcec92e7b3 Fix bug: number spans should not allow zero as a value. This required augmenting HTMLPurifier/AttrDef/Integer.php to have a richer negative/zero/positive specification interface that can be extrapolated to Number and friends.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@318 48356398-32a2-884e-a903-53898d9a118a
2006-08-25 02:48:49 +00:00
Edward Z. Yang
f46b15cb82 Document fact that inherit only works when its alone.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@315 48356398-32a2-884e-a903-53898d9a118a
2006-08-23 02:11:04 +00:00
Edward Z. Yang
f8839d56a0 Add missing extends.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@313 48356398-32a2-884e-a903-53898d9a118a
2006-08-21 00:36:36 +00:00
Edward Z. Yang
314a48373c Document all AttrDefs, also remove duplicant NumberSpan in favor of Integer.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@308 48356398-32a2-884e-a903-53898d9a118a
2006-08-20 21:47:15 +00:00
Edward Z. Yang
1cadb08fbb Commit IPv6 fix, with majoring factoring out. Thank you Feyd!
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@284 48356398-32a2-884e-a903-53898d9a118a
2006-08-17 01:05:35 +00:00
Edward Z. Yang
ed7e72f2e3 Commit FontFamily implementation. It's a little flaky, but should be reasonable for 99% of all fonts.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@282 48356398-32a2-884e-a903-53898d9a118a
2006-08-16 17:25:25 +00:00
Edward Z. Yang
cb463f9676 Commit text-decoration implementation.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@280 48356398-32a2-884e-a903-53898d9a118a
2006-08-16 15:12:48 +00:00
Edward Z. Yang
2d28380763 Commit Multiple AttrDef, forms scaffolding for a few more CSS properties.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@272 48356398-32a2-884e-a903-53898d9a118a
2006-08-16 00:34:37 +00:00
Edward Z. Yang
38e0485fcd Prevent image crash attacks.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@268 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 22:53:12 +00:00
Edward Z. Yang
218eb67167 Remove legacy required code from AttrDef_URI, also explicitly disallow < and > in URIs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@253 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:06:57 +00:00
Edward Z. Yang
0170bb2120 Add Percentage, and font-size (not all styles fully realized yet though).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@242 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:08:45 +00:00
Edward Z. Yang
35fa08420d Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 00:27:15 +00:00
Edward Z. Yang
b5ff592157 Add CSSLength support, and roll out to all applicable styles.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@237 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 23:08:38 +00:00
Edward Z. Yang
ff7fdaca38 Commit AttrDef number, currently used by no styles right now, but percentage and length will piggy-back off it.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@236 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 22:35:55 +00:00
Edward Z. Yang
71c4a3c50c Commit dud AttrDef integer.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@235 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:59:52 +00:00
Edward Z. Yang
eca0f68c1f CSS parsed as CDATA.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@234 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:44:52 +00:00
Edward Z. Yang
a5ebf55d0e Make note that this is HTML specific.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@233 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:41:53 +00:00
Edward Z. Yang
4ffb2da238 Implement the color AttrDef.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@230 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 21:23:57 +00:00
Edward Z. Yang
8b45c7601a Implement Composite attribute definition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@228 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 18:16:30 +00:00
Edward Z. Yang
1e2f853f4f Implemented CSS properties whose valid values were enumerated. Accept inherit for all properties. Some composite unit tests.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@226 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 16:52:31 +00:00
Edward Z. Yang
d721066d27 Make CSS validator drop duplicate declarations.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@225 48356398-32a2-884e-a903-53898d9a118a
2006-08-13 04:52:40 +00:00
Edward Z. Yang
7c86e3cc0f Commit initial implementation of AttrDef_CSS, with text-align being the only defined property. Further development will be going on in AttrDef and CSSDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@223 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 20:22:09 +00:00
Edward Z. Yang
4193fd018a Commit a very lenient mailto checker. We'll tighten it later.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@219 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 19:11:21 +00:00
Edward Z. Yang
d28bad648a Implement URIScheme and subclasses except for mailto. Remove fragment from components, as it is scheme independent.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@218 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 18:58:54 +00:00
Edward Z. Yang
6c3d364213 Augment URISchemeRegistry with the ability to overload/register your own schemes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@215 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 17:06:14 +00:00
Edward Z. Yang
ebe01a0a24 Fix a few errors that came with API change. I really should run the unit tests before committing.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@213 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 16:12:16 +00:00
Edward Z. Yang
a2880bdff2 Generalize IDAccumulator into AttrContext. Modify tests and classes accordingly. Also, this allows us to make the validate() parameters uniform among all AttrDef subclasses.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@212 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 16:04:40 +00:00