mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-12-23 08:51:53 +00:00
d3abcb90e3
The new logic is as follows: * Given a URL to insert into url(), check that it is properly URL encoded (in particular, a doublequote and backslash never occurs within it) and then place it as url("http://example.com"). * Given a font name, if it is strictly alphanumeric, it is safe to omit quotes. Otherwise, wrap in double quotes and replace '"' with '\22 ' (note trailing space) and '\' with '\5C ' (ditto). We introduce expandCSSEscape() which is a hack for common parsing idioms in CSS; this means that CSS escapes are now recognized inside URLs as well as unquoted font names. Signed-off-by: Edward Z. Yang <ezyang@mit.edu> |
||
---|---|---|
.. | ||
AlphaValueTest.php | ||
BackgroundPositionTest.php | ||
BackgroundTest.php | ||
BorderTest.php | ||
ColorTest.php | ||
CompositeTest.php | ||
FilterTest.php | ||
FontFamilyTest.php | ||
FontTest.php | ||
ImportantDecoratorTest.php | ||
LengthTest.php | ||
ListStyleTest.php | ||
MultipleTest.php | ||
NumberTest.php | ||
PercentageTest.php | ||
TextDecorationTest.php | ||
URITest.php |