0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 00:11:52 +00:00
Commit Graph

1708 Commits

Author SHA1 Message Date
Atsushi Matsuo
f0fbf51098
fix: Avoid a deprecated error when the attribute name is numeric and DirectLex is used (#412) 2024-07-30 22:06:23 -04:00
John Flatness
70754a2533
feat: Add allowfullscreen attr for iframe (#411) 2024-06-30 07:54:09 -04:00
John Flatness
972326785d
feat: Allow universal CSS values for all properties (#410) 2024-06-28 08:37:00 -04:00
Erik
93bee73349
feat: Add support for CSS aspect-ratio (#408) 2024-06-27 15:12:06 -04:00
Atsushi Matsuo
d9fbef8e27
fix: Adjust Core.AllowHostnameUnderscore to consider that "_" is defined as Unreserved Characters in RFC 3986 (#406) 2024-04-18 21:48:20 -04:00
charlie-curtis
c9d60c96d7
feat: add directive for removing blank nodes (#404) 2024-04-11 20:52:45 -04:00
Kent Oyer
4828fdf45a
fix: Ignore conditional comments (#401) 2024-03-12 23:41:45 -04:00
Christian Castelli
9ca5a3687b
fix: checking that node has property name (#399)
Co-authored-by: Christian Castelli <christian.castelli@docebo.com>
2024-03-05 10:58:42 -05:00
Edward Z. Yang
92da2473ff
fix: Support PHP 8.4 (#396)
Signed-off-by: Edward Z. Yang <ezyang@meta.com>
2024-02-22 00:05:10 -05:00
semantic-release-bot
bbc513d79a chore(release): 4.17.0 [skip ci]
# [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0) (2023-11-17)

### Bug Fixes

* CSSTidy ImportantComments not handled properly ([#359](https://github.com/ezyang/htmlpurifier/issues/359)) ([78a9b4d](78a9b4d0da))
* fix CI ([#361](https://github.com/ezyang/htmlpurifier/issues/361)) ([9ec687c](9ec687c904))
* Invalid scheme check in Attr.TargetBlank ([#363](https://github.com/ezyang/htmlpurifier/issues/363)) ([0176ef4](0176ef4bb6))
* semantic release ([#339](https://github.com/ezyang/htmlpurifier/issues/339)) ([d82f3d9](d82f3d996a))
* semantic release ([#341](https://github.com/ezyang/htmlpurifier/issues/341)) ([e55fead](e55fead09f)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339)
* Support for locales using decimal separators other than . (dot) ([#372](https://github.com/ezyang/htmlpurifier/issues/372)) ([43f49ac](43f49ac9a5))

### Features

* Add support for all text-decoration properties ([#360](https://github.com/ezyang/htmlpurifier/issues/360)) ([2d775c0](2d775c0187))
* Allows commas to be included in tel URI ([#389](https://github.com/ezyang/htmlpurifier/issues/389)) ([ec92490](ec92490139)), closes [#388](https://github.com/ezyang/htmlpurifier/issues/388)

### Reverts

* Revert "fix: semantic release (#339)" (#340) ([3e83215](3e832152a6)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339) [#340](https://github.com/ezyang/htmlpurifier/issues/340)
2023-11-17 15:01:25 +00:00
Edward Z. Yang
0f0fd36896 ci: upgrade semantic-release-action
Signed-off-by: Edward Z. Yang <ezyang@meta.com>
2023-11-17 10:00:42 -05:00
danbrellis
ec92490139
feat: Allows commas to be included in tel URI (#389)
* Allows commas in tel URI scheme validator (addresses #388)

* Adds comment explaining 8429f7b
2023-11-10 10:25:42 -05:00
Tim Düsterhus
ab21ea735a
chore: Add support for PHP 8.3 (#382)
* Add PHP 8.3 to CI

* Allow PHP 8.3 in composer.json
2023-08-24 11:15:30 -04:00
Edward Z. Yang
6eb6123036
Don't suggest chmod to 777 (#373)
Signed-off-by: Edward Z. Yang <ezyang@meta.com>
2023-04-30 13:55:11 -04:00
cracksalad
43f49ac9a5
fix: Support for locales using decimal separators other than . (dot) (#372)
* Bugfix UnitConverter expects float got string (strict types enabled)

* Bugfix for latest bugfix with huge numbers

* Bugfix for german locale

* Use number_format instead of str_replace(sprintf())
2023-04-30 09:30:23 -04:00
George Peter Banyard
c05639e0c9
[refactor] Use range() function instead of string increment (#367)
This was found during the analysis for https://wiki.php.net/rfc/saner-inc-dec-operators

I don't know what is the minimal version targeted, so the line which defines ``$c`` may need to be changes to use ``array_merge()``
2023-02-23 13:11:13 -05:00
Steve Bauman
b4136da73c
Remove unnecessary disablement of autoload (#364) 2023-02-05 21:40:57 -05:00
Jeff Standen
0176ef4bb6
fix: Invalid scheme check in Attr.TargetBlank (#363) 2023-01-26 19:06:28 -05:00
Francis Lévesque
78a9b4d0da
fix: CSSTidy ImportantComments not handled properly (#359)
* fix: CSSTidy ImportantComments not handled properly

Signed-off-by: Francis Lévesque <wolfrank2164@gmail.com>

* fix: CSSTidy ImportantComments not handled properly -> remove comments

Signed-off-by: Francis Lévesque <wolfrank2164@gmail.com>
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
2023-01-21 22:44:44 -05:00
Edward Z. Yang
9ec687c904
fix: fix CI (#361)
Signed-off-by: Edward Z. Yang <ezyang@meta.com>

Signed-off-by: Edward Z. Yang <ezyang@meta.com>
2023-01-21 22:42:38 -05:00
Raheel Hsn
2d775c0187
feat: Add support for all text-decoration properties (#360)
* CSS: add support for all text-decoration related properties

* updated arrays to use short syntex

Co-authored-by: Raheel Hasan <raheel.hasan@luciditysoftware.com.au>
2023-01-12 08:41:13 -05:00
jw2(kit rio)
da35a5e0d7
Drop supporting PHP 5.2 (#335) (#356) 2022-12-04 13:22:17 -06:00
Michael S
1424f17cf3
Add support for encoded tel URI schemes. (#354) 2022-11-24 16:31:20 -05:00
Michael Kliewe
becc9d40cf
Fixed missing return value (#349) 2022-11-19 14:26:34 -08:00
Michael Kliewe
909dda6621
Fixed wrong return PHPDoc (#348) 2022-11-18 21:03:18 -08:00
Michael Kliewe
2d1314820e
Added class_exists('Net_IDNA2') around optional external class (#351) 2022-11-18 20:56:21 -08:00
Michael Kliewe
d567de85e6
Fixed undefined property (#346) 2022-11-18 20:42:06 -08:00
Kieran
e55fead09f
fix: semantic release (#341)
Same as #339 but stops library/standalone and library/HTMLPurifier.standalone.phpfrom being commit
2022-09-20 12:45:11 -04:00
Edward Z. Yang
3e832152a6
Revert "fix: semantic release (#339)" (#340)
This reverts commit d82f3d996a.
2022-09-18 15:21:20 -04:00
Kieran
d82f3d996a
fix: semantic release (#339)
* fix: semantic release

* update git assets
2022-09-18 15:15:38 -04:00
semantic-release-bot
523407fb06 chore(release): 4.16.0 [skip ci]
# [4.16.0](https://github.com/ezyang/htmlpurifier/compare/v4.15.0...v4.16.0) (2022-09-18)

### Features

* add semantic release ([#307](https://github.com/ezyang/htmlpurifier/issues/307)) ([db31243](db312435cb)), closes [#322](https://github.com/ezyang/htmlpurifier/issues/322) [#323](https://github.com/ezyang/htmlpurifier/issues/323) [#326](https://github.com/ezyang/htmlpurifier/issues/326) [#327](https://github.com/ezyang/htmlpurifier/issues/327) [#328](https://github.com/ezyang/htmlpurifier/issues/328) [#329](https://github.com/ezyang/htmlpurifier/issues/329) [#330](https://github.com/ezyang/htmlpurifier/issues/330) [#331](https://github.com/ezyang/htmlpurifier/issues/331) [#332](https://github.com/ezyang/htmlpurifier/issues/332) [#333](https://github.com/ezyang/htmlpurifier/issues/333) [#337](https://github.com/ezyang/htmlpurifier/issues/337) [#335](https://github.com/ezyang/htmlpurifier/issues/335) [ezyang/htmlpurifier#334](https://github.com/ezyang/htmlpurifier/issues/334) [#336](https://github.com/ezyang/htmlpurifier/issues/336) [#338](https://github.com/ezyang/htmlpurifier/issues/338)
2022-09-18 07:06:19 +00:00
Kieran
db312435cb
feat: add semantic release (#307)
* Add semantic release

* fix typo

* split from matrix

* remove only on push

* remove npm plugin

* write changelog to NEWS

* list assets to include in git commit

* fix update-for-release

* lint pr title

* split release into separate workflow that runs manually

* revert ci.yml changes

* remove references to WHATSNEW

* Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter (#323)

* Replace 8.1-deprecated utf8_ funcs with mbstring (#326)

* Treat PHP version numbers as strings in GitHub Actions (#327)

YAML will try to interpret numeric values as numbers, leading to `8.0` being
interpreted as `8` instead of `'8.0'`.

This doesn't result in a functional change, but cleans up the output of the
jobs a little (e.g. in the title line).

* Update to `actions/checkout@v3` (#328)

This does not introduce any functional difference and is intended as a
future-proofing change.

see https://github.com/actions/checkout/releases/tag/v3.0.0

* Fix test selection logic in tests/test_files.php (#329)

Selecting the `fstools` tests also executed the `htmlt` tests.

* Fix some more PHP 8.2 deprecations (#330)

* Define HTMLPurifier_AttrTransform_SafeParam::$wmode

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_EntityParserTest::$_entity_lookup

This fixes a PHP 8.2 deprecation.

* Increase minimum requirement to PHP 5.6 (#331)

* Add contenteditable attribute definition (#332)

* Add contenteditable attribute definition

* gate behind html.trusted

* use enum

* Fix creation of dynamic property (#333)

* Fix creation of dynamic property (#337)

* Add PHP 8.2 to CI (#335)

* Add PHP 8.2 to CI

see ezyang/htmlpurifier#334

* Add PHP 8.2 to composer.json

* Fix contenteditable attribute definition (#336)

* Run CSSTidy tests on CI (#338)

* Run CSSTidy tests on CI

* update dirname

* use compopser instead of git clone

* use composer

* use test-settings.sample.php

* enable ext-intl

* disable Net_IDNA2

* Release 4.15.0

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
Co-authored-by: John Flatness <john@zerocrates.org>
Co-authored-by: Tim Düsterhus <duesterhus@woltlab.com>
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
Co-authored-by: Edward Z. Yang <ezyang@mit.edu>
2022-09-18 02:44:00 -04:00
Edward Z. Yang
8d9f4c9ec1 Release 4.15.0
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2022-09-18 02:23:57 -04:00
Kieran
25824056ee
Run CSSTidy tests on CI (#338)
* Run CSSTidy tests on CI

* update dirname

* use compopser instead of git clone

* use composer

* use test-settings.sample.php

* enable ext-intl

* disable Net_IDNA2
2022-09-14 20:55:41 -07:00
Kieran
f1d6da13bc
Fix contenteditable attribute definition (#336) 2022-09-12 07:53:24 -07:00
Tim Düsterhus
dc27c78871
Add PHP 8.2 to CI (#335)
* Add PHP 8.2 to CI

see ezyang/htmlpurifier#334

* Add PHP 8.2 to composer.json
2022-09-11 19:51:02 -04:00
Kieran
ce9cf2ec99
Fix creation of dynamic property (#337) 2022-09-10 14:03:42 -04:00
Kieran
36e06603a8
Fix creation of dynamic property (#333) 2022-09-06 13:05:15 -04:00
Kieran
dbbd3e59f9
Add contenteditable attribute definition (#332)
* Add contenteditable attribute definition

* gate behind html.trusted

* use enum
2022-09-06 13:04:45 -04:00
Tim Düsterhus
1c2bae18e3
Increase minimum requirement to PHP 5.6 (#331) 2022-09-02 21:43:29 -04:00
Tim Düsterhus
1b80051115
Fix some more PHP 8.2 deprecations (#330)
* Define HTMLPurifier_AttrTransform_SafeParam::$wmode

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_EntityParserTest::$_entity_lookup

This fixes a PHP 8.2 deprecation.
2022-09-02 21:38:58 -04:00
Tim Düsterhus
c60bba1fe4
Fix test selection logic in tests/test_files.php (#329)
Selecting the `fstools` tests also executed the `htmlt` tests.
2022-09-02 21:35:32 -04:00
Tim Düsterhus
6ec13635ce
Update to actions/checkout@v3 (#328)
This does not introduce any functional difference and is intended as a
future-proofing change.

see https://github.com/actions/checkout/releases/tag/v3.0.0
2022-08-30 09:50:18 -04:00
Tim Düsterhus
be2a668e81
Treat PHP version numbers as strings in GitHub Actions (#327)
YAML will try to interpret numeric values as numbers, leading to `8.0` being
interpreted as `8` instead of `'8.0'`.

This doesn't result in a functional change, but cleans up the output of the
jobs a little (e.g. in the title line).
2022-08-30 09:46:59 -04:00
John Flatness
dff4746e13
Replace 8.1-deprecated utf8_ funcs with mbstring (#326) 2022-08-15 22:59:31 -04:00
Kieran
3fc193c755
Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter (#323) 2022-06-27 17:20:36 -04:00
Tim Düsterhus
1db36fb09d
Fix some PHP 8.2 deprecations (#319)
* Define HTMLPurifier_Lexer::$_entity_parser property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_URIFilterHarness::$filter property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrTransform_NameSync::$idDef property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrTransform_NameSyncTest::$accumulator property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrValidator_ErrorsTest::$language property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_ChildDef_List::$whitespace property

This fixes a PHP 8.2 deprecation.

* Do not modify incoming tokens in RemoveSpansWithoutAttributes

Previously the undefined property `->markForDeletion` was added to the incoming
tokens. This causes a deprecation in PHP 8.2. Fix this by storing to-be-deleted
tokens inside SplObjectStorage. In PHP 8 a WeakMap would be preferable, as that
prevents leaks if `handleEnd` is never called for the token.
2022-06-10 16:30:01 -04:00
func0der
38296c603b
Composer suggestions with extensions (#317)
* Add suggestion for usage of Filter.ExtractStyleBlocks

Resolves #316

* Add php extensions as suggestions

Resolves #316

* Correct typo in composer property
2022-06-02 23:03:44 -04:00
David Rans
1dd3e52365
PHP 8.1: fix various deprecations/errors in newest version of PHP (#310)
* Test on PHP 8.1

* PHP 8.1: fix deprecated NULL param to glob()

* PHP 8.1: fix PHP error when passing NULL to rawurlencode()

* PHP 8.1: calling ctype_lower with FALSE is deprecated

* PHP 8.1: passing NULL to setAttribute() is deprecated

* PHP 8.1: passing NULL to str_replace() is an error

* PHP 8.1: fix error passing NULL to str_replace()

* PHP 8.1: fix return type deprecation with backwards compatible attribute

* Revert typo
2022-04-08 13:48:12 -04:00
Edward Z. Yang
12ab42bd6e Release 4.14.0
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2021-12-24 20:21:49 -05:00