mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-10 07:38:41 +00:00
d3abcb90e3
The new logic is as follows:
* Given a URL to insert into url(), check that it is properly URL
encoded (in particular, a doublequote and backslash never occurs
within it) and then place it as url("http://example.com").
* Given a font name, if it is strictly alphanumeric, it is safe to omit
quotes. Otherwise, wrap in double quotes and replace '"' with '\22 '
(note trailing space) and '\' with '\5C ' (ditto).
We introduce expandCSSEscape() which is a hack for common parsing
idioms in CSS; this means that CSS escapes are now recognized inside
URLs as well as unquoted font names.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
|
||
|---|---|---|
| .. | ||
| AlphaValueTest.php | ||
| BackgroundPositionTest.php | ||
| BackgroundTest.php | ||
| BorderTest.php | ||
| ColorTest.php | ||
| CompositeTest.php | ||
| FilterTest.php | ||
| FontFamilyTest.php | ||
| FontTest.php | ||
| ImportantDecoratorTest.php | ||
| LengthTest.php | ||
| ListStyleTest.php | ||
| MultipleTest.php | ||
| NumberTest.php | ||
| PercentageTest.php | ||
| TextDecorationTest.php | ||
| URITest.php | ||