mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-19 04:12:31 +02:00
Code Issues Releases Wiki Activity

Fix CSS URL innerHTML/cssText escaping bug.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
2011-03-27 21:24:32 +01:00
parent afb007d22f
commit 0124605918
3 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@@ -20,8 +20,9 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
reverted using %Output.FixInnerHTML. Reported by Neike Taika-Tessaro
and Mario Heiderich.
# Protect against cssText/innerHTML by restricting allowed characters
used in fonts further than mandated by the specification. Reported
by Neike Taika-Tessaro and Mario Heiderich.
used in fonts further than mandated by the specification and encoding
some extra special characters in URLs. Reported by Neike
Taika-Tessaro and Mario Heiderich.
! Added %HTML.Nofollow to add rel="nofollow" to external links.
! More types of SPL autoloaders allowed on later versions of PHP.
! Implementations for position, top, left, right, bottom, z-index