mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 15:28:40 +00:00
f0fe829af4
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@536 48356398-32a2-884e-a903-53898d9a118a
107 lines
4.8 KiB
Plaintext
107 lines
4.8 KiB
Plaintext
NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
= KEY ====================
|
|
# Breaks back-compat
|
|
! Feature
|
|
- Bugfix
|
|
+ Sub-comment
|
|
. Internal change
|
|
==========================
|
|
|
|
1.2.0, unknown projected release date
|
|
# ID attributes now disabled by default. New directives:
|
|
+ %HTML.EnableAttrID - restores old behavior by allowing IDs
|
|
+ %Attr.IDPrefix - %Attr.IDBlacklist alternative that munges all user IDs
|
|
so that they don't collide with your IDs
|
|
+ %Attr.IDPrefixLocal - Same as above, but for when there are multiple
|
|
instances of user content on the page
|
|
+ Profuse documentation on how to use these available in docs/enduser-id.txt
|
|
! Added MODx plugin <http://modxcms.com/forums/index.php/topic,6604.0.html>
|
|
! Added percent encoding normalization
|
|
! XSS attacks smoketest given facelift
|
|
! Configuration documentation now has table of contents
|
|
! Added %URI.DisableExternal, which prevents links to external websites. You
|
|
can also use %URI.Host to permit absolute linking to subdomains
|
|
! Non-accessible resources (ex. mailto) blocked from embedded URIs (img src)
|
|
- Documentation updated
|
|
+ TODO added request Phalanger
|
|
+ TODO added request Native compression
|
|
+ TODO added request Remove redundant tags
|
|
+ TODO added possible plaintext formatter for HTML Purifier documentation
|
|
+ Updated ConfigDoc TODO
|
|
+ Improved inline comments in AttrDef/Class.php, AttrDef/CSS.php
|
|
and AttrDef/Host.php
|
|
+ Revamped documentation into HTML, along with misc updates
|
|
- HTMLPurifier_Context doesn't throw a variable reference error if you attempt
|
|
to retrieve a non-existent variable
|
|
. Switched to purify()-wide Context object registry
|
|
. Refactored unit tests to minimize duplication
|
|
. XSS attack sheet updated
|
|
. configdoc.xml now has xml:space attached to default value nodes
|
|
. Allow configuration directives to permit null values
|
|
. Cleaned up test-cases to remove unnecessary swallowErrors()
|
|
|
|
1.1.3, unknown projected release date
|
|
(bugfix release, may be dropped if no major bugs are found before features)
|
|
- Documentation updated
|
|
- Type variable in HTMLDefinition was not being set properly, fixed
|
|
|
|
1.1.2, released 2006-09-30
|
|
! Add HTMLPurifier.auto.php stub file that configures include_path
|
|
- Documentation updated
|
|
+ INSTALL document rewritten
|
|
+ TODO added semi-lossy conversion
|
|
+ API Doxygen docs' file exclusions updated
|
|
+ Added notes on HTML versus XML attribute whitespace handling
|
|
+ Noted that HTMLPurifier_ChildDef_Custom isn't being used
|
|
+ Noted that config object's definitions are cached versions
|
|
- Fixed lack of attribute parsing in HTMLPurifier_Lexer_PEARSax3
|
|
- ftp:// URIs now have their typecodes checked
|
|
- Hooked up HTMLPurifier_ChildDef_Custom's unit tests (they weren't being run)
|
|
. Line endings standardized throughout project (svn:eol-style standardized)
|
|
. Refactored parseData() to general Lexer class
|
|
. Tester named "HTML Purifier" not "HTMLPurifier"
|
|
|
|
1.1.1, released 2006-09-24
|
|
! Configuration option to optionally Tidy up output for indentation to make up
|
|
for dropped whitespace by DOMLex (pretty-printing for the entire application
|
|
should be done by a page-wide Tidy)
|
|
- Various documentation updates
|
|
- Fixed parse error in configuration documentation script
|
|
- Fixed fatal error in benchmark scripts, slightly augmented
|
|
- As far as possible, whitespace is preserved in-between table children
|
|
- Sample test-settings.php file included
|
|
|
|
1.1.0, released 2006-09-16
|
|
! Directive documentation generation using XSLT
|
|
! XHTML can now be turned off, output becomes <br>
|
|
- Made URI validator more forgiving: will ignore leading and trailing
|
|
quotes, apostrophes and less than or greater than signs.
|
|
- Enforce alphanumeric namespace and directive names for configuration.
|
|
- Table child definition made more flexible, will fix up poorly ordered elements
|
|
. Renamed ConfigDef to ConfigSchema
|
|
|
|
1.0.1, released 2006-09-04
|
|
- Fixed slight bug in DOMLex attribute parsing
|
|
- Fixed rejection of case-insensitive configuration values when there is a
|
|
set of allowed values. This manifested in %Core.Encoding.
|
|
- Fixed rejection of inline style declarations that had lots of extra
|
|
space in them. This manifested in TinyMCE.
|
|
|
|
1.0.0, released 2006-09-01
|
|
! Shorthand CSS properties implemented: font, border, background, list-style
|
|
! Basic color keywords translated into hexadecimal values
|
|
! Table CSS properties implemented
|
|
! Support for charsets other than UTF-8 (defined by iconv)
|
|
! Malformed UTF-8 and non-SGML character detection and cleaning implemented
|
|
- Fixed broken numeric entity conversion
|
|
- API documentation completed
|
|
. (HTML|CSS)Definition de-singleton-ized
|
|
|
|
1.0.0beta, released 2006-08-16
|
|
! First public release, most functionality implemented. Notable omissions are:
|
|
+ Shorthand CSS properties
|
|
+ Table CSS properties
|
|
+ Deprecated attribute transformations
|