cb56001e54
chore(release): 4.18.0 [skip ci]
...
# [4.18.0](https://github.com/ezyang/htmlpurifier/compare/v4.17.0...v4.18.0 ) (2024-11-01)
### Bug Fixes
* Adjust Core.AllowHostnameUnderscore to consider that "_" is defined as Unreserved Characters in RFC 3986 ([#406 ](https://github.com/ezyang/htmlpurifier/issues/406 )) ([d9fbef8d9fbef8e27#412 ](https://github.com/ezyang/htmlpurifier/issues/412 )) ([f0fbf51f0fbf51098#399 ](https://github.com/ezyang/htmlpurifier/issues/399 )) ([9ca5a369ca5a3687b#401 ](https://github.com/ezyang/htmlpurifier/issues/401 )) ([4828fdf4828fdf45a#396 ](https://github.com/ezyang/htmlpurifier/issues/396 )) ([92da24792da2473ff#419 ](https://github.com/ezyang/htmlpurifier/issues/419 )) ([01be37701be377f93#411 ](https://github.com/ezyang/htmlpurifier/issues/411 )) ([70754a270754a2533#404 ](https://github.com/ezyang/htmlpurifier/issues/404 )) ([c9d60c9c9d60c96d7#408 ](https://github.com/ezyang/htmlpurifier/issues/408 )) ([93bee7393bee73349#410 ](https://github.com/ezyang/htmlpurifier/issues/410 )) ([9723267972326785d
2024-11-01 03:51:45 +00:00
bbc513d79a
chore(release): 4.17.0 [skip ci]
...
# [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0 ) (2023-11-17)
### Bug Fixes
* CSSTidy ImportantComments not handled properly ([#359 ](https://github.com/ezyang/htmlpurifier/issues/359 )) ([78a9b4d78a9b4d0da#361 ](https://github.com/ezyang/htmlpurifier/issues/361 )) ([9ec687c9ec687c904#363 ](https://github.com/ezyang/htmlpurifier/issues/363 )) ([0176ef40176ef4bb6#339 ](https://github.com/ezyang/htmlpurifier/issues/339 )) ([d82f3d9d82f3d996a#341 ](https://github.com/ezyang/htmlpurifier/issues/341 )) ([e55feade55fead09f#339 ](https://github.com/ezyang/htmlpurifier/issues/339 )
* Support for locales using decimal separators other than . (dot) ([#372 ](https://github.com/ezyang/htmlpurifier/issues/372 )) ([43f49ac43f49ac9a5#360 ](https://github.com/ezyang/htmlpurifier/issues/360 )) ([2d775c02d775c0187#389 ](https://github.com/ezyang/htmlpurifier/issues/389 )) ([ec92490ec92490139#388 ](https://github.com/ezyang/htmlpurifier/issues/388 )
### Reverts
* Revert "fix: semantic release (#339 )" (#340 ) ([3e832153e832152a6#339 ](https://github.com/ezyang/htmlpurifier/issues/339 ) [#340 ](https://github.com/ezyang/htmlpurifier/issues/340 )
2023-11-17 15:01:25 +00:00
8d9f4c9ec1
Release 4.15.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2022-09-18 02:23:57 -04:00
12ab42bd6e
Release 4.14.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2021-12-24 20:21:49 -05:00
08e27c97e4
Release 4.13.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2020-06-28 20:56:53 -04:00
a617e55bc6
Release 4.12.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2019-10-27 23:44:26 -04:00
83ab08bc1a
Release 4.11.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2019-07-14 14:58:38 -04:00
d85d39da45
Release 4.10.0
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2018-02-22 20:58:20 -05:00
95e1bae318
Release 4.9.3
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-06-02 22:28:16 -04:00
6d50e5282a
Release 4.9.2
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-12 23:30:53 -07:00
de82f9845f
Release 4.9.1 (sic)
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-08 00:22:36 -08:00
564af61809
Usage/includes update.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-06 23:06:56 -08:00
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00
d0c392f77d
Release 4.8.0
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-07-16 05:58:58 -07:00
1675fc7caf
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-06-30 21:53:43 -04:00
cc35c8eb8c
tel protocol support.
2016-06-30 21:19:49 -04:00
ae1828d955
Release 4.7.0.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2015-08-04 18:03:42 -07:00
6f389f0f25
Release 4.6.0.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2013-11-30 00:25:19 -08:00
b3640e1af6
Add conversion functions for our own tree format.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-20 15:05:11 -07:00
f17490f009
Implementation of a Zipper, for efficient splice.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-13 01:16:32 -07:00
412bae13b5
Fix quadratic behavior in DOMLex due to array_shift.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-09-17 00:48:42 -07:00
d516e2f8de
Release 4.5.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-02-17 16:04:08 -08:00
2189a9430f
Support for safe external scripts via explicit whitelist.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-04-27 17:44:49 -04:00
17af0e4fc1
Release 4.4.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-18 19:22:31 -05:00
1c7fedff5a
Tighter CSS selector validation.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2012-01-17 15:36:26 -05:00
e0354fecd9
Make forms work for transitional doctypes.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-30 22:56:44 +08:00
4164b2eb2b
Implement Iframe module, and provide %HTML.SafeIframe and %URI.SafeIframeRegexp for untrusted usage.
...
The purpose of this addition is twofold. In trusted mode, iframes are
now unconditionally allowed.
However, many online video providers (YouTube, Vimeo) and other web
applications (Google Maps, Google Calendar, etc) provide embed code in
iframe format, which is useful functionality in untrusted mode.
You can specify iframes as trusted elements with %HTML.SafeIframe;
however, you need to additionally specify a whitelist mechanism such as
%URI.SafeIframeRegexp to say what iframe embeds are OK (by default
everything is rejected).
Note: As iframes are invalid in strict doctypes, you will not be able to
use them there.
We also added an always_load parameter to URIFilters in order to support
the strange nature of the SafeIframe URIFilter (it always needs to be
loaded, due to the inability of accessing the %HTML.SafeIframe directive
to see if it's needed!) We expect this URIFilter can expand in the future
to offer more complex validation mechanisms.
Signed-off-by: Bradley M. Froehle <brad.froehle@gmail.com >
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 21:50:53 +08:00
3570c9985a
Properly handle nested sublists by folding into previous list item.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 14:00:34 +08:00
8d572993b4
Implement %HTML.TargetBlank
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-12-26 08:36:00 +08:00
f1439f0af5
Release 4.3.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2011-03-27 23:02:49 +01:00
8c80349f9d
Implement HTML.Nofollow for external links.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-09-28 12:01:57 -04:00
882ffed9ba
Release 4.2.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-09-15 02:52:57 -04:00
9573f0933d
Make newline normalization optional.
2010-09-14 23:49:28 -04:00
eac628f490
Add %CSS.ForbiddenProperties directive.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-09-04 02:59:03 -04:00
18e538317a
Release 4.1.1.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-05-31 20:17:31 -07:00
f4c6e10ff7
Release 4.1.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-04-26 18:31:40 -04:00
97125ed18b
Implement data URI scheme.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-03-07 21:45:39 -05:00
9a9036c689
Implement auto-formatter that removes empty span tags.
...
Signed-off-by: Paul Stone <patches@pdjs.co.uk >
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2010-03-07 18:59:33 -05:00
53ff3e2744
Release 4.0.0.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2009-07-07 22:41:01 -04:00
baf053b016
Implement %Attr.AllowedClasses and %Attr.ForbiddenClasses.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2009-05-25 22:08:45 -04:00
fcbf724e6e
Make name="" and id="" play nicely together.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2009-02-21 02:58:30 -05:00
e9f529e78f
Release 3.3.0.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2009-02-16 17:18:31 -05:00
0c9dfc6c3d
Don't add vimline to auto-generated files.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-12-12 15:44:13 -05:00
12b811d749
Add vim modelines to all files.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-12-06 04:24:59 -05:00
2c955af135
Remove trailing whitespace.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-12-06 02:28:20 -05:00
280211f70b
Release 3.2.0.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-10-31 16:30:54 -04:00
0b6ae1c3c1
Custom Injector to display URL address along with link text.
...
When viewing potentially hostile html, it may be helpful to see what
a given link was pointing to. This new injector takes the href
attribute and adds the text after the link, and deletes the href
attribute.
Other forms of display could easily be contrived, but this seems to be
a good basic way to present the information.
Signed-off-by: David Morton <mortonda@dgrmm.net >
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-10-23 17:11:29 -04:00
d0fdcc103e
Add support for proprietary "background" attribute in table elements.
...
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-09-27 21:19:35 -04:00
6a06b92f0c
Setup ErrorCollector to maintain new error format, and output that HTML.
...
Also changed:
- DirectLex keeps track of column numbers in context
- New class HTMLPurifier_ErrorStruct
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com >
2008-09-15 19:08:58 -04:00
