htmlpurifier

mirrors/htmlpurifier

Fork 0

mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 05:11:52 +00:00

Commit Graph

Select branches

Hide Pull Requests

chmod-msg

disable84

estrict

fix-ci

master

php8.4

revert-339-semantic-release

#1

#10

#10

#101

#104

#104

#109

#112

#118

#12

#12

#121

#123

#124

#129

#13

#13

#130

#136

#136

#137

#139

#14

#14

#140

#141

#143

#144

#148

#149

#15

#15

#150

#153

#155

#156

#157

#161

#161

#167

#170

#171

#174

#174

#175

#175

#176

#179

#186

#186

#189

#19

#19

#190

#193

#195

#197

#198

#2

#2

#20

#20

#200

#200

#202

#21

#21

#211

#214

#222

#224

#225

#227

#230

#233

#236

#239

#24

#24

#240

#242

#243

#244

#245

#249

#251

#253

#257

#260

#262

#266

#267

#27

#27

#273

#283

#285

#289

#292

#292

#293

#297

#298

#300

#300

#301

#303

#305

#306

#307

#308

#310

#317

#318

#319

#321

#323

#324

#326

#327

#328

#329

#33

#33

#330

#331

#332

#333

#335

#336

#337

#338

#339

#34

#34

#340

#341

#346

#347

#347

#348

#349

#350

#350

#351

#354

#356

#359

#36

#36

#360

#361

#363

#364

#367

#372

#373

#38

#38

#381

#381

#382

#384

#384

#389

#391

#396

#399

#4

#4

#401

#404

#406

#408

#410

#411

#412

#415

#419

#42

#42

#421

#423

#424

#424

#425

#425

#426

#429

#430

#44

#46

#46

#48

#48

#5

#5

#51

#51

#52

#52

#53

#53

#55

#55

#58

#58

#6

#6

#60

#62

#62

#65

#65

#70

#70

#72

#72

#74

#74

#8

#8

#80

#81

#84

#87

#87

#89

#89

#90

#90

#91

#94

4.8.0

gusev

v1.0.0

v1.0.0beta

v1.0.1

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.0-strict

v1.4.1

v1.4.1-strict

v1.5.0

v1.5.0-strict

v1.6.0

v1.6.0-strict

v1.6.1

v1.6.1-strict

v2.0.0

v2.0.0-strict

v2.0.1

v2.0.1-strict

v2.1.0

v2.1.0-strict

v2.1.1

v2.1.1-strict

v2.1.2

v2.1.2-strict

v2.1.3

v2.1.3-strict

v2.1.4

v2.1.5

v3.0.0

v3.1.0

v3.1.0rc1

v3.1.1

v3.1.1.1

v3.1.1.2

v3.2.0

v3.3.0

v4.0.0

v4.1.0

v4.1.1

v4.10.0

v4.11.0

v4.12.0

v4.13.0

v4.14.0

v4.15.0

v4.16.0

v4.17.0

v4.18.0

v4.2.0

v4.3.0

v4.4.0

v4.5.0

v4.6.0

v4.7.0

v4.8.0

v4.9.1

v4.9.2

v4.9.3

52fb35b0bb TODO + hooks Edward Z. Yang 2006-12-20 23:52:28 +0000
b6e222cbc2 [1.3.2] Added purifyArray(), which takes a list of HTML and purifies it all Edward Z. Yang 2006-12-20 23:51:09 +0000
dcfd8f5641 Update index with YouTube link. Edward Z. Yang 2006-12-20 03:03:03 +0000
48da08ab78 [1.3.2] Added enduser-youtube.html, explains how to embed YouTube videos. See also corresponding smoketest preserveYouTube.php. Edward Z. Yang 2006-12-20 02:59:19 +0000
360f984f63 [1.3.2] ! HTMLPurifier object now accepts configuration arrays, no need to manually instantiate a configuration object ! Context object now accessible to outside . HTMLPurifier_Config::create() added, takes mixed variable and converts into a HTMLPurifier_Config object. Edward Z. Yang 2006-12-15 02:12:03 +0000
41a25cb6b8 [1.3.2] printDefinition.php: added labels, added better clarification - Updated TODO Edward Z. Yang 2006-12-13 04:14:30 +0000
3b979ee846 Merged revisions for 1.3.1 release into branch, with local modifications to keep NEWS items in present. v1.3.1 Edward Z. Yang 2006-12-06 23:19:59 +0000
a0fd6a9f5c Release 1.3.1. Edward Z. Yang 2006-12-06 22:52:22 +0000
66e1d2732a [1.3.1] Add credit to bug report. Edward Z. Yang 2006-12-06 22:41:40 +0000
b73b5100fd [1.3.1] Add defense in depth measure: reject entire node if there is no child definition for the element. Edward Z. Yang 2006-12-06 22:38:25 +0000
d886ed59fd [1.3.1] Standardized all attribute handling variables to attr, made it plural Edward Z. Yang 2006-12-06 22:29:08 +0000
cbb492c52c [1.3.1] Fixed bug in RemoveInvalidImg code that caused all images to be dropped Edward Z. Yang 2006-12-06 22:12:44 +0000
4f8f022eac [1.3.1] Added HTMLPurifier.func.php stub for a convenient function to call the library Edward Z. Yang 2006-12-06 22:04:16 +0000
301b2585ae Add TODO: allow array input. Edward Z. Yang 2006-12-02 02:18:46 +0000
8e733a52fb Update change-log with new version numbers. Edward Z. Yang 2006-11-27 00:15:43 +0000
d151ffd9e6 Create 1.3 release series. v1.3.0 Edward Z. Yang 2006-11-26 23:30:22 +0000
2a01cf786e Release 1.3.0 (bumped TODO items) Edward Z. Yang 2006-11-26 23:21:19 +0000
825b0671b5 [1.3.0] Bump version numbers. Edward Z. Yang 2006-11-26 23:18:32 +0000
4bdc0446de [1.3.0] New directive %URI.HostBlacklist for blocking links to bad hosts. xssAttacks.php smoketest updated accordingly. Edward Z. Yang 2006-11-26 23:14:12 +0000
45a70e8ae4 [1.3.0] Update xssAttacks.xml. Edward Z. Yang 2006-11-26 00:46:57 +0000
1fe60c9b9d [1.3.0] Clarify docs on what printDefinition is for Edward Z. Yang 2006-11-26 00:14:03 +0000
dc0e2c6b3e Revise character estimate upwards. Edward Z. Yang 2006-11-25 21:18:20 +0000
9bbbb87ffa [1.3.0] Add Printer_CSSDefinition. - Added @public identifiers to properties that the Printers are using. - Augmented Printer::getClass() to include meta-info about the object (contained inside parentheses). Currently supports: enum, composite and multiple. - Remove all linebreaks from Printer output - Document Printer_HTMLDefinition's methods. Edward Z. Yang 2006-11-25 05:05:32 +0000
b63b0be21f [1.3.0] Some housekeeping after the last commit - Add a few missing unit tests - Allow for spaces between comma separated strings to be transformed into arrays - smoketests/printDefinition.php now has documentation, links to more documentation and a friendly user-interface Edward Z. Yang 2006-11-24 07:12:16 +0000
73a1e31fad [1.3.0] Added spiffy new smoketest printDefinition.php, which lets you twiddle with the configuration settings and see how the internal rules are affected. (currently only complete for HTMLDefinition). - HTMLPurifier -> HTML Purifier . HTMLPurifier_Config->getBatch($namespace) added . More lenient casting to bool from string in HTMLPurifier_ConfigSchema . <?xml ... tags added to all smoketests Edward Z. Yang 2006-11-24 06:26:02 +0000
775763c583 [1.3.0] New directive %URI.Munge, munges URI so you can use some sort of redirector service to avoid PageRank leaks or warn users that they are exiting your site. Edward Z. Yang 2006-11-24 00:29:16 +0000
49cb2a4a7c [1.3.0] More control of URIs granted # Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false. ! New directives %URI.DisableExternalResources and %URI.DisableResources ! New directive %Attr.DisableURI, which eliminates all hyperlinking - Missing "Available since" documentation added Edward Z. Yang 2006-11-23 23:59:20 +0000
61b6ee7183 Update filter levels document in light of fact that user can now specify tags. We may want to upgrade this to HTML so users can be helped out in choosing things to allow. Edward Z. Yang 2006-11-23 22:40:59 +0000
d7ce6b4587 Add code quality advisory about demo.php. Edward Z. Yang 2006-11-23 22:34:41 +0000
f67ee19f31 [1.3.0] Add some forward thinking documents. Edward Z. Yang 2006-11-23 22:33:07 +0000
92b3f0e817 [1.3.0] <li value="4"> and <ul start="2"> now allowed in loose mode - Updated progress with some more impl-no decisions - Loose vs. Strict now has better tallying on current behavior - Document what we're not allowing in loose - Strict boolean indicator added to HTMLDefinition - Added XHTML 1.1 to TODO. Edward Z. Yang 2006-11-23 22:15:35 +0000
3c4da9666f - Update TODO: Caching and Configuration profiles - Added another code-quality issue Edward Z. Yang 2006-11-23 21:36:17 +0000
925a07b828 [1.3.0] New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let users narrow the set of allowed tags . Added HTMLPurifier->info_parent_def, parent child processing made special Edward Z. Yang 2006-11-23 13:51:19 +0000
94db380271 [1.3.0] Remove Tidy option from demo if there is not Tidy available Edward Z. Yang 2006-11-23 03:49:19 +0000
b9e7ba6a2f [1.3.0] Move valid XHTML 1.0 button link to better spot. Edward Z. Yang 2006-11-23 03:39:55 +0000
b1b3377b9c [1.3.0] Huge upgrade, (X)HTML Strict now supported + Transparently handles inline elements in block context (blockquote) ! Added GET method to demo for easier validation, added 50kb max input size ! New directive %HTML.BlockWrapper, for block-ifying inline elements ! New directive %HTML.Parent, allows you to only allow inline content - Added missing type to ChildDef_Chameleon . ChildDef_Required guards against empty tags . Lookup table HTMLDefinition->info_flow_elements added . Added peace-of-mind variable initialization to Strategy_FixNesting Edward Z. Yang 2006-11-23 03:23:35 +0000
d8673539ab - Add more documentation about proprietary tags - Link to all text memos Edward Z. Yang 2006-11-23 00:45:43 +0000
3b26e5dc5b [1.3.0] Refactored ChildDef classes into their own files Edward Z. Yang 2006-11-22 18:55:15 +0000
c5ea987069 Fix parse error. Edward Z. Yang 2006-11-22 18:19:44 +0000
b152448608 [1.3.0] Implement user-unfriendly implementation of Strict doctype. We will try not to ship this one. Edward Z. Yang 2006-11-22 18:17:39 +0000
b0575cb888 Add more TODO items: - Formatter caveat to strict XHTML - YouTube video embedding Edward Z. Yang 2006-11-22 17:46:38 +0000
224ef774f7 Commit two new docs: loose-vs-strict and proprietary-tags, both research/reference. Edward Z. Yang 2006-11-22 04:49:26 +0000
18a83acc5d Re-prioritize (X)HTML strict output TODO. Edward Z. Yang 2006-11-22 03:00:12 +0000
f9090e45c0 [1.3.0] Add items for projected 1.3.0 and 1.2.1 releases. Edward Z. Yang 2006-11-20 03:58:56 +0000
450523a9ca [1.2.0] [merged] Bump TODO items. Edward Z. Yang 2006-11-20 03:21:52 +0000
3af239c70f [1.2.0] [merge] Bump TODO items. v1.2.0 Edward Z. Yang 2006-11-20 03:20:08 +0000
c6d5016626 Branch 1.2 series. Edward Z. Yang 2006-11-20 03:18:47 +0000
1955527a11 Release 1.2.0. Edward Z. Yang 2006-11-20 03:16:32 +0000
a5751c7f20 [1.2.0] Update new directives file. Edward Z. Yang 2006-11-20 03:07:46 +0000
0960cf6ace [1.2.0] Converted enduser-id.txt to HTML. Fixed summary in index. Added extra style .subsubtitle Edward Z. Yang 2006-11-20 02:47:00 +0000
83ed9e0fe1 [1.2.0] - Converted dev-naming and dev-optimization to HTML - Fixed up failed validation in a few of the other HTML files Edward Z. Yang 2006-11-19 04:56:50 +0000
fe9238af3a [1.2.0] Nuke 1.1.3 release. Edward Z. Yang 2006-11-19 04:42:42 +0000
f0fe829af4 [1.2.0] Update documentation paths. Edward Z. Yang 2006-11-19 04:37:26 +0000
a3968a1ec7 [1.2.0] Update documentation infrastructure. - Add filings and link to index - Update descriptions - Add an index Edward Z. Yang 2006-11-19 04:31:48 +0000
a8298172e1 [1.2.0] Rename so that docs have specific categories. Edward Z. Yang 2006-11-19 03:35:57 +0000
90dd7f13ae [1.2.0] HTML-ization for code-quality and colors. Also added in missing $Id$ to progress, and allowed for subtitling in the style. Edward Z. Yang 2006-11-19 03:10:14 +0000
780c7fd309 [1.2.0] Revamp docs - Style existing HTML files (taken from AuthTools) - Add svn:eol-style=native and svn:keywords=Id to all file - Add metadata to HTML files - Trim DevNetwork by using <base> Edward Z. Yang 2006-11-19 02:36:47 +0000
dec6c52695 [1.2.0] Add a i18n documentation text. Edward Z. Yang 2006-11-18 23:58:41 +0000
1ea3c1e968 Ignore incubator/ directory. Edward Z. Yang 2006-11-18 03:40:39 +0000
bdab77b59e [1.2.0] Update Devnetwork topic document. Edward Z. Yang 2006-11-18 03:33:30 +0000
82afd890c4 [1.2.0] Non-accessible resources (ex. mailto) blocked from embedded URIs (img src) Edward Z. Yang 2006-11-17 23:09:10 +0000
b0df2f292f [1.2.0] Migrate feature requests in the code quality document to TODO. Edward Z. Yang 2006-11-17 22:13:16 +0000
7a4c7b3777 [1.2.0] [BC] ID attributes now disabled by default. New directives: + %HTML.EnableAttrID - restores old behavior by allowing IDs + %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs so that they don't collide with your IDs + %Attr.IDPrefixLocal - Same as above, but for when there are multiple instances of user content on the page + Profuse documentation on how to use these available in id.txt Edward Z. Yang 2006-11-17 01:05:41 +0000
2dc8e9c3d5 [1.2.0] Unit test housekeeping: - HTMLPurifier_Context doesn't throw a variable reference error if you attempt to retrieve a non-existent variable . Cleaned up test-cases to remove unnecessary swallowErrors() Edward Z. Yang 2006-11-16 23:58:33 +0000
d48f9b6b21 [1.2.0] - Update TODO . Add another possible plaintext formatter . Reference config-ideas.txt for URI options - Update code-quality.txt, removing issues that have been addressed and updating time for post-beta - Update config-ideas.txt . Added more possible URI directives . Removed silly language control directive - Improved documentation on Class, CSS and Host Edward Z. Yang 2006-11-12 19:26:49 +0000
2df5896324 [1.2.0] Add more projected URI control values. Edward Z. Yang 2006-11-12 04:02:27 +0000
f38fe431ed [1.2.0] - Added %URI.DisableExternal, which prevents links to external websites. You can also use %URI.Host to permit absolute linking to subdomains - Fixed a few bugs involving null configuration values Edward Z. Yang 2006-11-12 03:35:41 +0000
926b94bdd3 [1.2.0] Allow configuration directives to permit null values. ConfigDoc updated accordingly. Edward Z. Yang 2006-11-12 02:59:36 +0000
ad934540da [1.2.0] Merge two comment strings. Edward Z. Yang 2006-11-12 02:01:39 +0000
afee1ea9bf [1.2.0] - Updated ConfigDoc TODO - configdoc.xml now has xml:space attached to default value nodes Edward Z. Yang 2006-11-12 00:05:27 +0000
a6bbe60e7c [1.2.0] Configuration documentation now has table of contents Edward Z. Yang 2006-11-08 14:21:06 +0000
d2fd193bc4 [1.2.0] Implement primitive email regexp to be used for mailto. There are many spotty implementation issues, so this code is not actually called anywhere else currently. Edward Z. Yang 2006-11-08 03:10:43 +0000
e1b29d7c25 [1.2.0] XSS attacks smoketest given facelift. Edward Z. Yang 2006-11-08 01:31:38 +0000
9668ac1e38 [1.2.0] Add protection against stdclasses into HTMLDefinition. Edward Z. Yang 2006-11-08 00:11:10 +0000
eb6950d7d0 [1.2.0] Fix improper instantiation of stdclasses for '' and '#PCDATA' Edward Z. Yang 2006-11-08 00:07:42 +0000
4a724d0230 [1.2.0] Add documentation to PercentEncoder.php Edward Z. Yang 2006-11-07 17:42:41 +0000
504203c0f3 [1.2.0] Added percent encoding normalization Edward Z. Yang 2006-11-07 17:15:28 +0000
e998b034d1 [1.2.0] Update TODO, reorganized and added an item Edward Z. Yang 2006-11-04 05:05:19 +0000
84e3a28001 [1.2.0] Type variable in HTMLDefinition was not being set properly, fixed. Minor bug because no other code actually uses the feature (todo: add unit test). Edward Z. Yang 2006-11-04 05:03:53 +0000
4ee1bf94e3 [1.2.0] Assorted tinyfixes - Add TODO request about Phalanger, something to do if I'm really bored - Update XSS attacks - Minor formatting/grammar fixes in documentation Edward Z. Yang 2006-11-03 02:40:37 +0000
24f2771304 Add TODO items: - RTL/LTR override UTF-8 character treatment - Content compression by removing whitespace Edward Z. Yang 2006-10-31 02:17:52 +0000
74ba9b8629 [1.2.0] Add context parameter to URIScheme and URISchemeRegistry classes. Edward Z. Yang 2006-10-27 01:20:10 +0000
b9caa35bf4 [1.2.0] - Add missing reference operator to AttrTransform.php - Add note on error collection for EntityParser.php - Add note that IDAccumulator won't collect errors either. Edward Z. Yang 2006-10-22 16:09:36 +0000
6ff78d2f79 Add $config and $context to TagTransform transform() calls. Edward Z. Yang 2006-10-22 15:56:38 +0000
8256ca4376 [1.2.0] Migrate AttrTransform tests to use the Harness supertype. Edward Z. Yang 2006-10-22 03:38:32 +0000
7d2fe4c5d7 [1.2.0] - Factor out Config and Context object population through arrays - Bring dependent assertions together in IDTest.php - AttrDefHarness.php now resets context and configuration between tests - Add missing reference operator in AttrDef/ID.php Edward Z. Yang 2006-10-21 18:18:36 +0000
f3646a3a06 [1.2.0] - Add context parameter to AttrTransform objects. - Update documentation on attribute transformations in ValidateAttributes.php Edward Z. Yang 2006-10-21 17:27:51 +0000
29716bf8f4 Add version number to HTMLPurifier.php. It needs to be bumped on new releases. Edward Z. Yang 2006-10-21 17:18:40 +0000
fb38b02135 [1.2.0] Documentation updated - Moved docs from EntityParser to Encoder - Removed/updated docs in Generator Edward Z. Yang 2006-10-09 16:07:35 +0000
13790c6db2 Added MODx plugin. Edward Z. Yang 2006-10-02 16:56:47 +0000
2d6bf12fe0 [1.2.0] - All important classes that use Context were migrated. Todo: Classes that currently use $config but not $context are AttrTransform (done in r493) and URIScheme+Registry (done in r500). There may be more classes, incl TagTransform (done in r497) that should have both $config and $context added. - Strategy unit tests now migrated to use HTMLPurifier_Harness Edward Z. Yang 2006-10-01 21:55:13 +0000
8f515b9cda [1.2.0] - Partially finished migrating to new Context object (done in r485). - Created HTMLPurifier_Harness to assist with testing, ChildDefTest migrated to that framework. Edward Z. Yang 2006-10-01 20:47:07 +0000
58be73fcf7 [1.2.0] Added exists() method to HTMLPurifier_Context. Edward Z. Yang 2006-10-01 18:39:48 +0000
f432a40f50 [1.2.0] Commit initial implementation of Context object, we will be migrating all systems over to it next commit. Edward Z. Yang 2006-10-01 18:14:08 +0000
d660b9018b [1.2.0] - Add 1.1.3 section in NEWS - Replace tabs with four spaces in INSTALL - Renamed data.txt to entities.ser Edward Z. Yang 2006-09-30 20:18:08 +0000
4d96433c23 [1.1.2] Fix typo in NEWS file. Edward Z. Yang 2006-09-30 19:34:59 +0000
48ce521572 Fix typo in NEWS item. v1.1.2 Edward Z. Yang 2006-09-30 19:30:50 +0000
728e6c5b44 Sync 1.1 branch as much as possible with trunk. Edward Z. Yang 2006-09-30 19:25:51 +0000
8104145580 Merged 463:474 for 1.1.2 release. Edward Z. Yang 2006-09-30 19:10:07 +0000
a78f0f5f80 [1.1.2] Bump version number in Doxyfile Edward Z. Yang 2006-09-30 19:03:51 +0000