0680832d41
Use info_parent_def to get parent information, since it may not be present in info array.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-05-21 17:19:59 -07:00
19360ddb36
Ignore commas and nbsps for linkification. Thanks nAS for contributing.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-05-21 16:43:59 -07:00
3c903b7463
Doc fix.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-05-18 08:48:47 -07:00
6e37ecd1c8
Make URI parsing algorithm more strict.
...
Thanks Michael Gusev <mgusev@sugarcrm.com > for contributing this patch.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-04-16 13:56:43 -07:00
20eff0a3a0
Fix NEWS entry.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-02-21 14:08:36 -08:00
d516e2f8de
Release 4.5.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-02-17 16:04:08 -08:00
631021733b
Add %Core.DisableExcludes directive
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-02-17 15:47:38 -08:00
344e0640b6
Add required constant for composer autoloading
...
Signed-off-by: Michael Tibben <michael.tibben@99designs.com >
2012-12-21 16:16:16 +08:00
62d2550e16
Use SHA-1 instead of MD5.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-10-27 02:33:22 -07:00
087145a71b
Blacklist more tags from RemoveEmpty.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-10-27 02:32:48 -07:00
a44187a5c1
Cleanup after data validation.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-10-27 02:30:58 -07:00
c0ad68108a
Do checks against iconvAvailable because PHP 5.4 has botched iconv support.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-10-27 02:27:57 -07:00
83a574491e
Comment for bug that needs to get fixed.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-10-11 11:40:02 -07:00
3b537365a4
CSS properties page-break-*
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-10-11 11:39:52 -07:00
8a8b123d33
Autoloading support for Composer
2012-09-16 18:11:46 +02:00
72db575446
Fix bug with non-lower case color names in HTML.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-07-30 10:54:32 -04:00
d8bb73ce46
Permit underscores in font-families.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-07-27 18:28:29 -04:00
f90372f8ab
More support for white-space.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-06-16 17:10:36 -04:00
f38fca32a9
Don't lower-case components of background.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-06-02 11:22:58 -04:00
5a23004652
Support for inline-block.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-05-25 23:55:48 -04:00
6705140082
Fix in AttrTransform_Nofollow
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-05-14 23:07:27 -04:00
cb7162a995
Use prepend for autoloading on PHP 5.3+
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-05-02 11:07:24 -04:00
2189a9430f
Support for safe external scripts via explicit whitelist.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-04-27 17:44:49 -04:00
7291f19347
Fix problem where stacked AttrTransforms clobber each other.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-03-16 23:12:16 -04:00
9fcffd6533
Add composer.json file for easy install via composer.
...
Composer: http://getcomposer.org/
Since HTML Purifier is not completely psr-0 compatible (a classmap is
not enough for autoloading), the package-description does not contain
anything autoload-related. The user has to include the autoloader
himself.
This lets us create an entry on packagist which allows installing HTML
Purifier without the need to declare a repository in projects; it also
makes it easy to create libraries which want to use HTML Purifier using
composer.
Signed-off-by: Benjamin Steininger <robo47@robo47.net >
2012-03-16 01:05:02 -04:00
31dce298ea
Actually make URI.DisableResources do something.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-03-02 13:25:00 -05:00
8c9d461a62
Bugfix: _blank not blank.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-02-18 11:28:01 -05:00
7291a9647e
Update NEWS.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-25 07:06:30 -05:00
17af0e4fc1
Release 4.4.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-18 19:22:31 -05:00
70028f83d6
Make all of the tests work on all PHP versions.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-18 18:57:13 -05:00
5c5e3fe79f
Avoid doing stupidly clever reflection tricks that make old PHP versions sad.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-18 18:21:36 -05:00
56a26cab14
Modernize some of the testing facilities.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-18 18:10:16 -05:00
1c7fedff5a
Tighter CSS selector validation.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-17 15:36:26 -05:00
9de0785448
Remark about bypassing host list with punycode.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-06 05:32:53 -08:00
974fe3f25e
Optional support for IDNAs with PEAR Net_IDNA2
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-06 05:28:00 -08:00
94468f3c24
Remove PEARSax3 lexer.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-03 20:40:17 +08:00
e0354fecd9
Make forms work for transitional doctypes.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-30 22:56:44 +08:00
1bbbc624dd
Remove inscrutable TODO, optionalize another.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-27 23:50:02 +08:00
49879d2cc6
Add note about superseding modules in TODO.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-27 23:21:32 +08:00
5c9b5130c8
Bump minor version number to 4.4.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 21:55:14 +08:00
d2de8d976a
Add test for invalid SafeIframe usage.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 21:52:55 +08:00
4164b2eb2b
Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage.
...
The purpose of this addition is twofold. In trusted mode, iframes are
now unconditionally allowed.
However, many online video providers (YouTube, Vimeo) and other web
applications (Google Maps, Google Calendar, etc) provide embed code in
iframe format, which is useful functionality in untrusted mode.
You can specify iframes as trusted elements with %HTML.SafeIframe;
however, you need to additionally specify a whitelist mechanism such as
%URI.SafeIframeRegexp to say what iframe embeds are OK (by default
everything is rejected).
Note: As iframes are invalid in strict doctypes, you will not be able to
use them there.
We also added an always_load parameter to URIFilters in order to support
the strange nature of the SafeIframe URIFilter (it always needs to be
loaded, due to the inability of accessing the %HTML.SafeIframe directive
to see if it's needed!) We expect this URIFilter can expand in the future
to offer more complex validation mechanisms.
Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com >
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 21:50:53 +08:00
1e5293d9fe
Add more attributions.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 15:45:41 +08:00
6b643ede02
Implement %HTML.AllowedComments and %HTML.AllowedCommentsRegexp
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 15:34:42 +08:00
e41af46a8b
Fix broken table content model, easily seen in XHTML1.1
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 14:49:26 +08:00
3570c9985a
Properly handle nested sublists by folding into previous list item.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 14:00:34 +08:00
8d572993b4
Implement %HTML.TargetBlank
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 08:36:00 +08:00
1bacbc0563
Add isBenign and getDefaultScheme methods.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-25 23:31:15 +08:00
bfe2c10d07
Add a little bit of documentation about contexts for URIFilters.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-25 23:31:15 +08:00
9b10515fa4
Core.EscapeNonASCIICharacters now always works, even if target is UTF-8.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-25 23:31:15 +08:00
