mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 19:30:21 +02:00
Code Issues Releases Wiki Activity

Protect against font family innerHTML/cssText attacks.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
2011-03-27 20:35:38 +01:00
parent 0dd9e4faf4
commit afb007d22f
10 changed files with 188 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
configdoc/usage.xml
View File

@@ -96,27 +96,32 @@
</directive>
<directive id="Output.CommentScriptContents">
<file name="HTMLPurifier/Generator.php">
<line>56</line>
<line>61</line>
</file>
</directive>
<directive id="Output.FixInnerHTML">
<file name="HTMLPurifier/Generator.php">
<line>62</line>
</file>
</directive>
<directive id="Output.SortAttr">
<file name="HTMLPurifier/Generator.php">
<line>57</line>
<line>63</line>
</file>
</directive>
<directive id="Output.FlashCompat">
<file name="HTMLPurifier/Generator.php">
<line>58</line>
<line>64</line>
</file>
</directive>
<directive id="Output.TidyFormat">
<file name="HTMLPurifier/Generator.php">
<line>87</line>
<line>93</line>
</file>
</directive>
<directive id="Core.NormalizeNewlines">
<file name="HTMLPurifier/Generator.php">
<line>101</line>
<line>107</line>
</file>
<file name="HTMLPurifier/Lexer.php">
<line>266</line>
@@ -124,7 +129,7 @@
</directive>
<directive id="Output.Newline">
<file name="HTMLPurifier/Generator.php">
<line>102</line>
<line>108</line>
</file>
</directive>
<directive id="HTML.BlockWrapper">
@@ -254,6 +259,9 @@
<file name="HTMLPurifier/URIDefinition.php">
<line>64</line>
</file>
<file name="HTMLPurifier/URIScheme.php">
<line>75</line>
</file>
</directive>
<directive id="URI.Base">
<file name="HTMLPurifier/URIDefinition.php">
@@ -288,6 +296,11 @@
<line>12</line>
</file>
</directive>
<directive id="CSS.AllowedFonts">
<file name="HTMLPurifier/AttrDef/CSS/FontFamily.php">
<line>50</line>
</file>
</directive>
<directive id="Attr.AllowedClasses">
<file name="HTMLPurifier/AttrDef/HTML/Class.php">
<line>18</line>
@@ -454,7 +467,7 @@
</directive>
<directive id="Core.EscapeInvalidTags">
<file name="HTMLPurifier/Strategy/MakeWellFormed.php">
<line>45</line>
<line>53</line>
</file>
<file name="HTMLPurifier/Strategy/RemoveForeignElements.php">
<line>19</line>