mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-09-20 03:05:18 +00:00
Code Releases Activity
1,364 Commits 5 Branches 65 Tags 9.1 MiB
cfc4ee1faf
Commit Graph

135 Commits

Author SHA1 Message Date
Edward Z. Yang
cfc4ee1faf Add initial implementation of CSS.Trusted. 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2010-11-12 18:45:03 +00:00
Edward Z. Yang
eac628f490 Add %CSS.ForbiddenProperties directive. 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2010-09-04 02:59:03 -04:00
Edward Z. Yang
d3abcb90e3 Rewrite CSS url() and font-family output logic. 
The new logic is as follows:

* Given a URL to insert into url(), check that it is properly URL
  encoded (in particular, a doublequote and backslash never occurs
  within it) and then place it as url("http://example.com").

* Given a font name, if it is strictly alphanumeric, it is safe to omit
  quotes. Otherwise, wrap in double quotes and replace '"' with '\22 '
  (note trailing space) and '\' with '\5C ' (ditto).

We introduce expandCSSEscape() which is a hack for common parsing
idioms in CSS; this means that CSS escapes are now recognized inside
URLs as well as unquoted font names.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2010-05-31 18:45:21 -07:00
Edward Z. Yang
3166b8a10f Fix bug in background-position with center keyword. 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2010-05-05 15:08:57 -04:00
Edward Z. Yang
da94d3d6ac Always quote the contents of url() in CSS. 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2010-04-26 12:10:15 -04:00
Edward Z. Yang
84abae08f5 Relax allowed values of class for certain doctypes, see %Attr.ClassUseCDATA 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2009-05-26 01:07:40 -04:00
Edward Z. Yang
baf053b016 Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses. 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2009-05-25 22:08:45 -04:00
Edward Z. Yang
86ca784da3 Convert all to new configuration get/set format. 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2009-02-21 03:00:34 -05:00
Edward Z. Yang
12b811d749 Add vim modelines to all files. 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-12-06 04:24:59 -05:00
Edward Z. Yang
2c955af135 Remove trailing whitespace. 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-12-06 02:28:20 -05:00
Edward Z. Yang
f5cd2c07ea Implement 'overflow' CSS property. 
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
 2008-11-27 16:14:50 -05:00
Edward Z. Yang
643ed1bddc [3.1.1] Fix text-decoration: none bug 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1799 48356398-32a2-884e-a903-53898d9a118a
 2008-06-17 03:12:50 +00:00
Edward Z. Yang
32025a12e1 [3.1.1] Allow injectors to be specified by modules. 
- Make method for URI implemented
- Split out checkNeeded in Injector from prepare

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1779 48356398-32a2-884e-a903-53898d9a118a
 2008-06-09 01:23:05 +00:00
Edward Z. Yang
322288e6c0 [3.1.1] Implement %URI.SecureMunge and %URI.SecureMungeSecretKey, thanks Chris! 
- URIFilter->prepare can return false in order to abort loading of the filter
- Implemented post URI filtering. Set member variable $post to true to set a URIFilter as such.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1772 48356398-32a2-884e-a903-53898d9a118a
 2008-05-26 16:26:47 +00:00
Edward Z. Yang
bb16d8eae5 [3.1.1] Fix Shift_JIS encoding wonkiness with yen symbols and whatnot 
- Improve parseCDATA algorithm to take into account newline normalization
- Fix regression in FontFamily validator. We now have a legit parser in place, albeit somewhat limited in use. Will be superseded by parser for entire grammar
- Convert EncoderTest to new format

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1769 48356398-32a2-884e-a903-53898d9a118a
 2008-05-25 05:40:20 +00:00
Edward Z. Yang
10530d7f81 [3.1.1] Fix stray backslashes in font-family. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1768 48356398-32a2-884e-a903-53898d9a118a
 2008-05-24 18:19:36 +00:00
Edward Z. Yang
eb9f9bc7f6 [3.1.1] Round up imagecrash support with HTML.MaxImgLength 
- Add $max to AttrDef/HTML/Pixels.php
- Add %HTML.MaxImgLength
- CSS width/height allows percents when MaxImgLength is disabled


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1762 48356398-32a2-884e-a903-53898d9a118a
 2008-05-23 02:09:43 +00:00
Edward Z. Yang
1a95852007 [3.1.1] Implement more robust imagecrash protection for CSS width/height. 
- Change API for HTMLPurifier_AttrDef_CSS_Length
- Implement HTMLPurifier_AttrDef_Switch class
- Implement HTMLPurifier_Length->compareTo, and make make() accept object instances

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1754 48356398-32a2-884e-a903-53898d9a118a
 2008-05-21 01:56:48 +00:00
Edward Z. Yang
cb5d5d0648 [3.1.0] Revamp URI handling of percent encoding and validation. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1709 48356398-32a2-884e-a903-53898d9a118a
 2008-05-14 02:19:00 +00:00
Edward Z. Yang
eaabccdd9b [3.1.0] More PHP4->PHP5 conversions, notably reference removal of most methods that return objects 
- Removed HTMLPurifier_Error
- Documentation updates
- Removed more copy() methods in favor of clone
- HTMLPurifier::getInstance() to HTMLPurifier::instance()
- Fix InterchangeBuilder to use HTMLPURIFIER_PREFIX

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1689 48356398-32a2-884e-a903-53898d9a118a
 2008-04-23 02:40:17 +00:00
Edward Z. Yang
3b5effcb72 - Removed tally(), swallowErrors(), assertNoErrors() 
- Removed unnecessary ampersands

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1657 48356398-32a2-884e-a903-53898d9a118a
 2008-04-14 03:06:36 +00:00
Edward Z. Yang
93babf0a88 [3.1.0] Fix bug with rgb() w/ spaces inside shorthand CSS properties 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1612 48356398-32a2-884e-a903-53898d9a118a
 2008-03-16 19:14:39 +00:00
Edward Z. Yang
fa6b6fe85f [3.1.0] Reconfigure tester to glob for test files using *Test.php pattern. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1585 48356398-32a2-884e-a903-53898d9a118a
 2008-03-02 02:05:47 +00:00
Edward Z. Yang
2cc535ad84 [3.1.0] Support for display/visibility CSS with %CSS.AllowTricky 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1579 48356398-32a2-884e-a903-53898d9a118a
 2008-02-25 22:05:49 +00:00
Edward Z. Yang
30eb982961 [3.1.0] Add support for !important, with %CSS.AllowImportant 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1578 48356398-32a2-884e-a903-53898d9a118a
 2008-02-25 21:58:17 +00:00
Edward Z. Yang
fbc595ebed Remove includes from unit tests. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1569 48356398-32a2-884e-a903-53898d9a118a
 2008-02-18 04:41:42 +00:00
Edward Z. Yang
ae1c8f47cc [3.0.0] Allow filter:none for proprietary filter property 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1474 48356398-32a2-884e-a903-53898d9a118a
 2007-12-17 22:12:11 +00:00
Edward Z. Yang
0f961c6af4 [3.0.0] [BACKPORT] More work for hire from Chris 
! Experimental support for some proprietary CSS attributes allowed: opacity (and all of the browser-specific equivalents) and scrollbar colors. Enable by setting %CSS.Proprietary to true.
- Colors missing # but in hex form will be corrected
- CSS Number algorithm improved
. New classes:
  + HTMLPurifier_AttrDef_CSS_AlphaValue
  + HTMLPurifier_AttrDef_CSS_Filter

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1473 48356398-32a2-884e-a903-53898d9a118a
 2007-12-16 23:16:45 +00:00
Edward Z. Yang
7ddd9d0afe [3.0.0] [BACKPORT] Make CSS properties case-insensitive 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1461 48356398-32a2-884e-a903-53898d9a118a
 2007-12-01 17:00:55 +00:00
Edward Z. Yang
43f01925cd Convert to PHP 5 only codebase, adding visibility modifiers to all members and methods in the main library area (function only for test methods) 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1458 48356398-32a2-884e-a903-53898d9a118a
 2007-11-25 02:24:39 +00:00
Edward Z. Yang
5b3c8c5534 [2.1.2] Implement border-spacing 
- Fix PH5P testing in PHP4

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1401 48356398-32a2-884e-a903-53898d9a118a
 2007-09-03 15:16:33 +00:00
Edward Z. Yang
a19f30fdcf [2.1.2] Fix silly little typo with border-collapse:separate 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1379 48356398-32a2-884e-a903-53898d9a118a
 2007-08-11 06:52:26 +00:00
Edward Z. Yang
a40e16dd2e [2.1.0] Allow i18n font names 
- Minor typos fixed; we're release ready!

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1350 48356398-32a2-884e-a903-53898d9a118a
 2007-08-03 02:48:52 +00:00
Edward Z. Yang
22ef52a7f6 [2.1.0] Migrate host blacklist functionality to URIFilter. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1336 48356398-32a2-884e-a903-53898d9a118a
 2007-08-02 01:41:37 +00:00
Edward Z. Yang
4919187fc6 [2.1.0] Further refactoring of AttrDef_URI, creation of new URIFilter and URIDefinition subsystems. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1335 48356398-32a2-884e-a903-53898d9a118a
 2007-08-02 01:12:27 +00:00
Edward Z. Yang
797b899305 [2.1.0] Create new URI object and migrate URI validation systems to use it. URIScheme interface changed. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1334 48356398-32a2-884e-a903-53898d9a118a
 2007-08-01 18:34:46 +00:00
Edward Z. Yang
8c9dbe142d [2.1.0] Refactor AttrDef_URI: removed URIParser functionality 
- Genericized flush-definition-cache script

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1333 48356398-32a2-884e-a903-53898d9a118a
 2007-08-01 14:55:09 +00:00
Edward Z. Yang
2a002857ce [2.1.0] All unit tests inherit from HTMLPurifier_Harness, not UnitTestCase. prepareCommon() refactored to global test-case. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1332 48356398-32a2-884e-a903-53898d9a118a
 2007-08-01 14:06:59 +00:00
Edward Z. Yang
b0f3116b9e [2.1.0] URI scheme is munged off if there is no authority and the scheme is the default one 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1330 48356398-32a2-884e-a903-53898d9a118a
 2007-08-01 13:15:33 +00:00
Edward Z. Yang
b03a44abff Remove expectations from assertOutput in URITest. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1329 48356398-32a2-884e-a903-53898d9a118a
 2007-08-01 02:19:43 +00:00
Edward Z. Yang
cf257cabde [2.1.0] 
- AttrDef_URI unit tests refactored
- Block access to benchmarks: they should be called via command line

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1328 48356398-32a2-884e-a903-53898d9a118a
 2007-08-01 01:48:51 +00:00
Edward Z. Yang
e99520ab96 Remove trailing ?> in PHP library files, add trailing newlines to all other files. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1253 48356398-32a2-884e-a903-53898d9a118a
 2007-06-27 13:58:32 +00:00
Edward Z. Yang
ae90bb919d Remove unnecessary $this parameters from mock instantiation; SimpleTest doesn't use it! 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1243 48356398-32a2-884e-a903-53898d9a118a
 2007-06-26 15:40:04 +00:00
Edward Z. Yang
426fbd1f97 [1.7.0] Complete Legacy element and attribute native support. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1115 48356398-32a2-884e-a903-53898d9a118a
 2007-05-29 16:51:32 +00:00
Edward Z. Yang
e180b7689e [1.7.0] Implement HTMLDefinition cache (very hacked together, but long unit test times were driving me crazy!) 
- Add extra protection in AttrDef_URI against phantom Schemes
- Doctype moved from config to HTMLDefinition
- AttrDef_URITest mocks have more generic object parameters to deal with PHP4's copy-happy behavior

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1089 48356398-32a2-884e-a903-53898d9a118a
 2007-05-23 03:27:36 +00:00
Edward Z. Yang
7579932948 [1.7.0] New compact syntax for AttrDef objects that can be used to instantiate new objects via make() 
- Implemented make() for Enum and Bool
- Migrate classes over to this new syntax
- Add AttrDef_HTML_Bool unit test

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1088 48356398-32a2-884e-a903-53898d9a118a
 2007-05-23 00:39:07 +00:00
Edward Z. Yang
0ea04db559 [1.7.0] Finish implementing legacy elements, begin implementing legacy attributes 
- Migrated most unit tests over to XHTML 1.0 Strict to preserve transformation behavior
- Created %Core.ColorKeywords to be shared between CSS_Color and HTML_Color
- Added AttrDef_HTML_Color as AttrType Color
- HTMLPurifier_Config::create(HTMLPurifier_Config $config) now clones the object
- Attribute minimization for HTML implemented in Generator
- Move div@align fix from proprietary to regular set
- Color keywords now map to full six digit hexadecimal codes
- Harness will now tack on per-use-case configuration

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1084 48356398-32a2-884e-a903-53898d9a118a
 2007-05-21 01:36:15 +00:00
Edward Z. Yang
9728be4a52 [1.7.0] Configuration object now finalizes itself after first read operation 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1075 48356398-32a2-884e-a903-53898d9a118a
 2007-05-20 18:06:51 +00:00
Edward Z. Yang
3d978c961d [1.6.1] Implement target module/attribute. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1002 48356398-32a2-884e-a903-53898d9a118a
 2007-04-30 21:19:15 +00:00
Edward Z. Yang
b15e8c344e [1.6.0] Implement ID regexp matching. 
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@926 48356398-32a2-884e-a903-53898d9a118a
 2007-03-31 03:25:10 +00:00