mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00
Code Releases Activity
e76f4b45d0
htmlpurifier/library/HTMLPurifier
History
Edward Z. Yang e76f4b45d0 Dramatically rewrite null host URI handling. 
Basically, browsers don't parse what should be valid URIs correctly, so
we have to go through some backbends to accomodate them.  Specifically,
for browseable URIs, the following URIs have unintended behavior:

    - ///example.com
    - http:/example.com
    - http:///example.com

Furthermore, if the path begins with //, modifying these URLs must
be done with care, as if you remove the host-name component, the
parse tree changes.

I've modified the engine to follow correct URI semantics as much
as possible while outputting browser compatible code, and invalidate
the URI in cases where we can't deal.  There has been a refactoring
of URIScheme so that this important check is always performed,
introducing a new member variable allow_empty_host which is true
on data, file, mailto and news schemes.

This also fixes bypass bugs on URI.Munge.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
2011-01-25 18:56:46 +00:00
..
AttrDef Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
AttrTransform Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
ChildDef Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
ConfigSchema Bump version number for Cache.SerializerPermissions. 2011-01-14 00:40:39 +00:00
DefinitionCache Add new Cache.SerializerPermissions option. 2011-01-13 22:57:40 +00:00
EntityLookup [1.2.0] 2006-09-30 20:18:08 +00:00
Filter Support YouTube slideshow embedding. 2010-03-07 18:57:22 -05:00
HTMLModule Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
Injector Implement HTML.FlashAllowFullScreen. 2010-09-08 23:39:20 -04:00
Language Emit errors when body is extracted. 2010-05-04 13:41:09 -04:00
Lexer Iterative traversal of DOM. 2011-01-19 22:06:40 +00:00
Printer Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Strategy Fix removal of id with DirectLex by preserving armor. 2010-10-28 17:25:31 +01:00
TagTransform Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
Token Fix removal of id with DirectLex by preserving armor. 2010-10-28 17:25:31 +01:00
URIFilter Actually make URI.DisableResources do something. 2010-06-30 05:59:17 -07:00
URIScheme Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
VarParser Add documentation about configuration directive types. 2010-09-04 02:28:53 -04:00
AttrCollections.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AttrDef.php Rewrite CSS url() and font-family output logic. 2010-05-31 18:45:21 -07:00
AttrTransform.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
AttrTypes.php Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses. 2009-05-25 22:08:45 -04:00
AttrValidator.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Bootstrap.php Fix bad interaction between bootstrap autoloader and Zend Debugger/APC. 2010-12-31 09:48:28 +00:00
ChildDef.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
Config.php Fix two bugs with caching of customized raw definitions. 2010-12-30 23:51:53 +00:00
ConfigSchema.php Check if schema.ser was corrupted. 2010-10-29 14:47:40 +01:00
ContentSets.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Context.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
CSSDefinition.php Add initial implementation of CSS.Trusted. 2010-11-12 18:45:03 +00:00
Definition.php Fix two bugs with caching of customized raw definitions. 2010-12-30 23:51:53 +00:00
DefinitionCache.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
DefinitionCacheFactory.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Doctype.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
DoctypeRegistry.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
ElementDef.php Handle <ol><ol> properly by adding missing <li> tag. 2010-03-10 00:58:37 -05:00
Encoder.php Don't have mute error handler be private. 2009-05-29 17:59:30 -04:00
EntityLookup.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
EntityParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
ErrorCollector.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
ErrorStruct.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Exception.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Filter.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Generator.php Fix embedding flash on non-IE browsers and allow more wmode. 2011-01-22 12:28:57 +00:00
HTMLDefinition.php Reword documentation to be clearer, and give warning on common user error. 2010-09-04 01:31:20 -04:00
HTMLModule.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
HTMLModuleManager.php Implement HTML.Nofollow for external links. 2010-09-28 12:01:57 -04:00
IDAccumulator.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Injector.php Fix allowsElement() bug manifesting in LinkifyTest. 2009-06-10 18:11:34 -04:00
Language.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
LanguageFactory.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
Length.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Lexer.php Escape CDATA before handling conditional comments. 2010-09-28 12:11:26 -04:00
PercentEncoder.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Printer.php Fix CSSDefinition Printer problems with important decorator. 2009-02-15 14:11:22 -05:00
PropertyList.php Convert HTMLPurifier_Config to use property list backend. 2009-02-02 18:42:23 -05:00
PropertyListIterator.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Strategy.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
StringHash.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
StringHashParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
TagTransform.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
Token.php Implement "carryover" functionality, requested by Kinderlehrer <bitweaver@7doves.com> 2008-12-20 13:06:00 -05:00
TokenFactory.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
UnitConverter.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URI.php Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
URIDefinition.php Convert all to new configuration get/set format. 2009-02-21 03:00:34 -05:00
URIFilter.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URIParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
URIScheme.php Dramatically rewrite null host URI handling. 2011-01-25 18:56:46 +00:00
URISchemeRegistry.php Remove PHP4 cruft from URISchemeRegistry. 2009-05-13 16:14:57 -04:00
VarParser.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
VarParserException.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00