mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-08-02 12:21:09 +02:00
Code Issues Releases Wiki Activity
1,725 Commits 7 Branches 66 Tags
master
Commit Graph

989 Commits

Author SHA1 Message Date
Kieran
418eeb7dc0 fix: catastrophic backtracking in Core.AggressivelyFixLt (#440) 2025-06-05 23:49:52 -04:00
Tim Otten
77ebd08632 feat: Define option URI.AllowedSymbols (#447) 2025-06-05 22:46:45 -04:00
Saeid Dadkhah
127ee2f252 Update Serializer.php (#443) 2025-06-05 22:43:51 -04:00
Kieran
ff005f6edc feat: PHP 8.4 support (#441) 2025-03-19 13:25:28 -04:00
Pieter Oliver
c2bc3549a3 fix: non-substantive typos (#434) 
Co-authored-by: Viktor Szépe <viktor@szepe.net>
Co-authored-by: Edward Z. Yang <ezyang@mit.edu>
 2025-01-14 16:31:27 -05:00
simonLeary42
b21a59101f fix: add warning for misleading option (#433) 2025-01-09 23:09:09 -05:00
Tim Otten
00a0748427 feat: Allow more image widths by default (#430) 2024-12-11 14:15:46 -05:00
Morgan Klonteig
63e631ebd3 feat: Add CSS direction support (#429) 2024-11-21 23:46:53 -05:00
nikkii94
5d154a2393 fix: Deprecated: preg_replace(): Passing null to parameter #3 ($subject) o… (#421) 
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
 2024-11-09 22:06:41 -05:00
rio
d5150073e9 refactor: #414 remove method substrCount (#415) 
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
 2024-11-09 22:06:09 -05:00
Eli Barbosa
b5cbf0cc3d feat: Add option for safe iframe hosts using array lookup (#423) 
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
 2024-11-09 22:02:09 -05:00
semantic-release-bot
cb56001e54 chore(release): 4.18.0 [skip ci] 
# [4.18.0](https://github.com/ezyang/htmlpurifier/compare/v4.17.0...v4.18.0) (2024-11-01)

### Bug Fixes

* Adjust Core.AllowHostnameUnderscore to consider that "_" is defined as Unreserved Characters in RFC 3986 ([#406](https://github.com/ezyang/htmlpurifier/issues/406)) ([d9fbef8](d9fbef8e27))
* Avoid a deprecated error when the attribute name is numeric and DirectLex is used ([#412](https://github.com/ezyang/htmlpurifier/issues/412)) ([f0fbf51](f0fbf51098))
* checking that node has property name ([#399](https://github.com/ezyang/htmlpurifier/issues/399)) ([9ca5a36](9ca5a3687b))
* Ignore conditional comments ([#401](https://github.com/ezyang/htmlpurifier/issues/401)) ([4828fdf](4828fdf45a))
* Support PHP 8.4 ([#396](https://github.com/ezyang/htmlpurifier/issues/396)) ([92da247](92da2473ff))
* undefined array key warning ([#419](https://github.com/ezyang/htmlpurifier/issues/419)) ([01be377](01be377f93))

### Features

* Add allowfullscreen attr for iframe ([#411](https://github.com/ezyang/htmlpurifier/issues/411)) ([70754a2](70754a2533))
* add directive for removing blank nodes ([#404](https://github.com/ezyang/htmlpurifier/issues/404)) ([c9d60c9](c9d60c96d7))
* Add support for CSS aspect-ratio ([#408](https://github.com/ezyang/htmlpurifier/issues/408)) ([93bee73](93bee73349))
* Allow universal CSS values for all properties ([#410](https://github.com/ezyang/htmlpurifier/issues/410)) ([9723267](972326785d))
 2024-11-01 03:51:45 +00:00
Olek Kaim
01be377f93 fix: undefined array key warning (#419) 2024-10-30 22:57:29 -04:00
Atsushi Matsuo
f0fbf51098 fix: Avoid a deprecated error when the attribute name is numeric and DirectLex is used (#412) 2024-07-30 22:06:23 -04:00
John Flatness
70754a2533 feat: Add allowfullscreen attr for iframe (#411) 2024-06-30 07:54:09 -04:00
John Flatness
972326785d feat: Allow universal CSS values for all properties (#410) 2024-06-28 08:37:00 -04:00
Erik
93bee73349 feat: Add support for CSS aspect-ratio (#408) 2024-06-27 15:12:06 -04:00
Atsushi Matsuo
d9fbef8e27 fix: Adjust Core.AllowHostnameUnderscore to consider that "_" is defined as Unreserved Characters in RFC 3986 (#406) 2024-04-18 21:48:20 -04:00
charlie-curtis
c9d60c96d7 feat: add directive for removing blank nodes (#404) 2024-04-11 20:52:45 -04:00
Kent Oyer
4828fdf45a fix: Ignore conditional comments (#401) 2024-03-12 23:41:45 -04:00
Christian Castelli
9ca5a3687b fix: checking that node has property name (#399) 
Co-authored-by: Christian Castelli <christian.castelli@docebo.com>
 2024-03-05 10:58:42 -05:00
semantic-release-bot
bbc513d79a chore(release): 4.17.0 [skip ci] 
# [4.17.0](https://github.com/ezyang/htmlpurifier/compare/v4.16.0...v4.17.0) (2023-11-17)

### Bug Fixes

* CSSTidy ImportantComments not handled properly ([#359](https://github.com/ezyang/htmlpurifier/issues/359)) ([78a9b4d](78a9b4d0da))
* fix CI ([#361](https://github.com/ezyang/htmlpurifier/issues/361)) ([9ec687c](9ec687c904))
* Invalid scheme check in Attr.TargetBlank ([#363](https://github.com/ezyang/htmlpurifier/issues/363)) ([0176ef4](0176ef4bb6))
* semantic release ([#339](https://github.com/ezyang/htmlpurifier/issues/339)) ([d82f3d9](d82f3d996a))
* semantic release ([#341](https://github.com/ezyang/htmlpurifier/issues/341)) ([e55fead](e55fead09f)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339)
* Support for locales using decimal separators other than . (dot) ([#372](https://github.com/ezyang/htmlpurifier/issues/372)) ([43f49ac](43f49ac9a5))

### Features

* Add support for all text-decoration properties ([#360](https://github.com/ezyang/htmlpurifier/issues/360)) ([2d775c0](2d775c0187))
* Allows commas to be included in tel URI ([#389](https://github.com/ezyang/htmlpurifier/issues/389)) ([ec92490](ec92490139)), closes [#388](https://github.com/ezyang/htmlpurifier/issues/388)

### Reverts

* Revert "fix: semantic release (#339)" (#340) ([3e83215](3e832152a6)), closes [#339](https://github.com/ezyang/htmlpurifier/issues/339) [#340](https://github.com/ezyang/htmlpurifier/issues/340)
 2023-11-17 15:01:25 +00:00
danbrellis
ec92490139 feat: Allows commas to be included in tel URI (#389) 
* Allows commas in tel URI scheme validator (addresses #388)

* Adds comment explaining 8429f7b
 2023-11-10 10:25:42 -05:00
Edward Z. Yang
6eb6123036 Don't suggest chmod to 777 (#373) 
Signed-off-by: Edward Z. Yang <ezyang@meta.com>
 2023-04-30 13:55:11 -04:00
cracksalad
43f49ac9a5 fix: Support for locales using decimal separators other than . (dot) (#372) 
* Bugfix UnitConverter expects float got string (strict types enabled)

* Bugfix for latest bugfix with huge numbers

* Bugfix for german locale

* Use number_format instead of str_replace(sprintf())
 2023-04-30 09:30:23 -04:00
George Peter Banyard
c05639e0c9 [refactor] Use range() function instead of string increment (#367) 
This was found during the analysis for https://wiki.php.net/rfc/saner-inc-dec-operators

I don't know what is the minimal version targeted, so the line which defines ``$c`` may need to be changes to use ``array_merge()``
 2023-02-23 13:11:13 -05:00
Steve Bauman
b4136da73c Remove unnecessary disablement of autoload (#364) 2023-02-05 21:40:57 -05:00
Jeff Standen
0176ef4bb6 fix: Invalid scheme check in Attr.TargetBlank (#363) 2023-01-26 19:06:28 -05:00
Francis Lévesque
78a9b4d0da fix: CSSTidy ImportantComments not handled properly (#359) 
* fix: CSSTidy ImportantComments not handled properly

Signed-off-by: Francis Lévesque <wolfrank2164@gmail.com>

* fix: CSSTidy ImportantComments not handled properly -> remove comments

Signed-off-by: Francis Lévesque <wolfrank2164@gmail.com>
Co-authored-by: Edward Z. Yang <ezyang@meta.com>
 2023-01-21 22:44:44 -05:00
Raheel Hsn
2d775c0187 feat: Add support for all text-decoration properties (#360) 
* CSS: add support for all text-decoration related properties

* updated arrays to use short syntex

Co-authored-by: Raheel Hasan <raheel.hasan@luciditysoftware.com.au>
 2023-01-12 08:41:13 -05:00
jw2(kit rio)
da35a5e0d7 Drop supporting PHP 5.2 (#335) (#356) 2022-12-04 13:22:17 -06:00
Michael S
1424f17cf3 Add support for encoded tel URI schemes. (#354) 2022-11-24 16:31:20 -05:00
Michael Kliewe
becc9d40cf Fixed missing return value (#349) 2022-11-19 14:26:34 -08:00
Michael Kliewe
909dda6621 Fixed wrong return PHPDoc (#348) 2022-11-18 21:03:18 -08:00
Michael Kliewe
2d1314820e Added class_exists('Net_IDNA2') around optional external class (#351) 2022-11-18 20:56:21 -08:00
Michael Kliewe
d567de85e6 Fixed undefined property (#346) 2022-11-18 20:42:06 -08:00
Edward Z. Yang
8d9f4c9ec1 Release 4.15.0 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2022-09-18 02:23:57 -04:00
Kieran
f1d6da13bc Fix contenteditable attribute definition (#336) 2022-09-12 07:53:24 -07:00
Kieran
dbbd3e59f9 Add contenteditable attribute definition (#332) 
* Add contenteditable attribute definition

* gate behind html.trusted

* use enum
 2022-09-06 13:04:45 -04:00
Tim Düsterhus
1b80051115 Fix some more PHP 8.2 deprecations (#330) 
* Define HTMLPurifier_AttrTransform_SafeParam::$wmode

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_EntityParserTest::$_entity_lookup

This fixes a PHP 8.2 deprecation.
 2022-09-02 21:38:58 -04:00
John Flatness
dff4746e13 Replace 8.1-deprecated utf8_ funcs with mbstring (#326) 2022-08-15 22:59:31 -04:00
Kieran
3fc193c755 Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter (#323) 2022-06-27 17:20:36 -04:00
Tim Düsterhus
1db36fb09d Fix some PHP 8.2 deprecations (#319) 
* Define HTMLPurifier_Lexer::$_entity_parser property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_URIFilterHarness::$filter property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrTransform_NameSync::$idDef property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrTransform_NameSyncTest::$accumulator property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_AttrValidator_ErrorsTest::$language property

This fixes a PHP 8.2 deprecation.

* Define HTMLPurifier_ChildDef_List::$whitespace property

This fixes a PHP 8.2 deprecation.

* Do not modify incoming tokens in RemoveSpansWithoutAttributes

Previously the undefined property `->markForDeletion` was added to the incoming
tokens. This causes a deprecation in PHP 8.2. Fix this by storing to-be-deleted
tokens inside SplObjectStorage. In PHP 8 a WeakMap would be preferable, as that
prevents leaks if `handleEnd` is never called for the token.
 2022-06-10 16:30:01 -04:00
David Rans
1dd3e52365 PHP 8.1: fix various deprecations/errors in newest version of PHP (#310) 
* Test on PHP 8.1

* PHP 8.1: fix deprecated NULL param to glob()

* PHP 8.1: fix PHP error when passing NULL to rawurlencode()

* PHP 8.1: calling ctype_lower with FALSE is deprecated

* PHP 8.1: passing NULL to setAttribute() is deprecated

* PHP 8.1: passing NULL to str_replace() is an error

* PHP 8.1: fix error passing NULL to str_replace()

* PHP 8.1: fix return type deprecation with backwards compatible attribute

* Revert typo
 2022-04-08 13:48:12 -04:00
Edward Z. Yang
12ab42bd6e Release 4.14.0 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
 2021-12-24 20:21:49 -05:00
Kieran
41fc223f96 feat: transform deprecated width attribute (#306) 
* Transform deprecated col@width attribute

* Transform deprecated table@width attribute

* reformat
 2021-12-23 21:26:14 -05:00
Arkadiusz Biczewski
996eaf4331 Remove unnecessary reference assigment (#301) 
* Remove unnecessary reference assigment

Proposed code is PHP5 and PHP7 compatible. PHP5 interpreted `$e->$type[$attr]` as `$e->{$type[$attr]}`, but the expected behavior based on workaround is consistent with PHP7 interpretation: `($e->$type)[$attr]`. By using curly braces `{$e->$type}[$attr]` there is a forced interpretation order working for both versions.
Details can be found on https://www.php.net/manual/en/migration70.incompatible.php (section "Changes to the handling of indirect variables, properties, and methods")

* Fix syntax

Use correct syntax for indirect variable evaluation order change.
 2021-09-07 14:16:55 -04:00
Václav Smítal
6f9aac9325 CSS: Add "background-size" tag support (#289) 2021-04-22 10:01:00 -04:00
Kieran
1354e7e8c5 Fix "Parameter must be an array or an object that implements Countable" (#285) 2021-02-27 20:42:20 -05:00
Marcus Artner
214cb8a693 Fixed Issue #264: <thead> element removed from <table> if there are no <tbody> or <tr> elements (#283) 2021-01-26 11:11:50 -05:00