f1d6da13bc
Fix contenteditable attribute definition ( #336 )
2022-09-12 07:53:24 -07:00
ce9cf2ec99
Fix creation of dynamic property ( #337 )
2022-09-10 14:03:42 -04:00
36e06603a8
Fix creation of dynamic property ( #333 )
2022-09-06 13:05:15 -04:00
dbbd3e59f9
Add contenteditable attribute definition ( #332 )
...
* Add contenteditable attribute definition
* gate behind html.trusted
* use enum
2022-09-06 13:04:45 -04:00
1b80051115
Fix some more PHP 8.2 deprecations ( #330 )
...
* Define HTMLPurifier_AttrTransform_SafeParam::$wmode
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$cache
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$mock
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_DefinitionCache_DecoratorHarness::$def
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_EntityParserTest::$_entity_lookup
This fixes a PHP 8.2 deprecation.
2022-09-02 21:38:58 -04:00
3fc193c755
Fix #322 - PHP 8.1 deprecation notice in HostBlacklist URIFilter ( #323 )
2022-06-27 17:20:36 -04:00
1db36fb09d
Fix some PHP 8.2 deprecations ( #319 )
...
* Define HTMLPurifier_Lexer::$_entity_parser property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_URIFilterHarness::$filter property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_AttrTransform_NameSync::$idDef property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_AttrTransform_NameSyncTest::$accumulator property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_AttrValidator_ErrorsTest::$language property
This fixes a PHP 8.2 deprecation.
* Define HTMLPurifier_ChildDef_List::$whitespace property
This fixes a PHP 8.2 deprecation.
* Do not modify incoming tokens in RemoveSpansWithoutAttributes
Previously the undefined property `->markForDeletion` was added to the incoming
tokens. This causes a deprecation in PHP 8.2. Fix this by storing to-be-deleted
tokens inside SplObjectStorage. In PHP 8 a WeakMap would be preferable, as that
prevents leaks if `handleEnd` is never called for the token.
2022-06-10 16:30:01 -04:00
6f9aac9325
CSS: Add "background-size" tag support ( #289 )
2021-04-22 10:01:00 -04:00
214cb8a693
Fixed Issue #264 : <thead> element removed from <table> if there are no <tbody> or <tr> elements ( #283 )
2021-01-26 11:11:50 -05:00
ce7efc11b2
Delete language tests that are interfering with PSR-0 compatibility
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2020-06-28 20:38:16 -04:00
3bdc031224
Add %HTML.Forms config directive ( #260 )
...
The %HTML.Forms directive enables Forms module regardless of the %HTML.Trusted
value. This adds support for form elements without enabling other unsafe
modules, such as Scripts, Iframe or Object.
To achieve the same effect without this directive one has to explicitly list
all enabled modules in %HTML.AllowedModules, and any not listed will be
removed. This however is not very convenient, as the allowed modules may vary
between doctypes.
Resolves #213 .
2020-06-28 20:26:33 -04:00
df923d1f15
Issue 238 remove leading zeroes except if there is only zero ( #239 )
...
* Issue 238 remove leading zeroes except if there is only zero
* Issue-238 unit test fixes
2019-11-21 10:05:07 -05:00
7cfc44654a
CSS: added "initial" and "inherit" to width + height ( #144 )
...
* CSS: added "initial" and "inherit" to width + height
CSS: added "initial" and "inherit" to min-width + min-height, removed "auto"
CSS: added "initial" and "inherit" and "none" to max-width + max-height, removed "auto"
* Fixed test: min-width:auto; should be false
2019-07-14 13:20:58 -04:00
8c153eef3a
Supported hundreds of nested HTML ( #202 )
...
* Supported hundreds of nested HTML (#201 )
* Add Core.AllowParseManyTags
2019-07-14 13:15:31 -04:00
f03e1a2c48
Fixed reserved words in constants for PHP 7 as per https://www.php.net/manual/en/reserved.other-reserved-words.php ( #222 )
2019-07-10 22:24:27 -04:00
0f7b138aaf
Make SafeScripting case-sensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2018-11-11 16:21:58 -05:00
5a01e6535d
[SafeScripting] disable autoclosing of <script /> tag ( #198 )
2018-11-11 15:04:11 -05:00
67c3798922
Add relative length units from CSS 3
...
cf. https://www.w3schools.com/cssref/css_units.asp
2017-12-22 21:59:47 -05:00
ce0ede24de
Use IDNA2008 for converting domains to ASCII
2017-10-03 11:19:50 -04:00
5bc7c72608
Add tests for new entity decoding codepath.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-12 20:05:09 -07:00
9d2d75d8bc
Add test case for removing empty list items.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-08 00:11:32 -08:00
7e11c271b9
Revamp entity decoding to be more like HTML5.
...
See %Core.LegacyEntityDecoder for more details.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-07 17:34:59 -08:00
5886326cd0
Test for catastrophic backtracking.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-06 23:26:55 -08:00
0c31b22240
Merge pull request #118 from fxbt/master
...
Add hsl, hsla and rgba support for css color attribute definition
2017-03-06 23:01:06 -08:00
5662efc936
Fix #78 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-03-06 22:54:54 -08:00
d16e73e63e
Add test for #122
2017-03-04 15:40:44 +09:00
0bab4b9fd0
Fix mungeRgb to handle percent, float and hsl values
2017-02-10 00:38:05 +01:00
bd92f3531b
Remove double %
2017-02-09 23:37:36 +01:00
0d5ab2fe13
Include hsl and hsla support
2017-02-09 23:34:19 +01:00
d41a59e422
Add rgba support for css color attribute definition
2017-02-09 22:18:15 +01:00
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00
5070404376
Handle semicolons in strings in CSS correctly.
...
Fixes http://htmlpurifier.org/phorum/read.php?3,7522,8096
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-29 00:01:19 -07:00
59463c5c39
Allow %URI.DefaultScheme to be null.
...
Fixes #103 .
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-27 17:30:44 -07:00
8b28e571fe
Handle case when IDNAs are supported.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-27 02:00:46 -07:00
3ae21ce511
PHP 7.0 warnings fix: don't pass rvalue by reference.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-27 02:00:46 -07:00
246fc8946a
css properties: min-width, max-width, min-height, max-height
2016-09-05 10:45:58 +03:00
d1c5d75027
Fix #73 with Attr.ID.HTML5
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-07-16 05:52:45 -07:00
3747cb7efb
avoid exif_imagetype exception with small files/corrupt data URI
2016-07-16 05:23:17 -07:00
44baee6a82
Partial border-radius support.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-06-30 22:22:13 -04:00
1675fc7caf
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-06-30 21:53:43 -04:00
cc35c8eb8c
tel protocol support.
2016-06-30 21:19:49 -04:00
43a9f052fd
Fix #57 , make flashvars check (and others) case-insensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-27 15:56:30 -07:00
b4981c3395
Fix #67 , don't use <body> tags in comments for %Core.ConvertDocumentToFragment
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-27 15:19:32 -07:00
f14076dc3e
Fix #49 ; prevent readdir infinite loop when cache directory not listable.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-27 14:53:31 -07:00
91fd55c857
Fix #45 , errors when ul/ol allowed without li.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-26 22:41:54 -07:00
753c830239
Update to work with Git version of SimpleTest.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-24 00:08:03 -07:00
72123e23c9
Update ExtractStyleBlocks tests for modern CSSTidy at https://github.com/Cerdic/CSSTidy
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-23 23:39:38 -07:00
45161b4fb1
Accept leading digits in hostnames as per RFC 1123.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-23 22:42:21 -07:00
25db9e1dd0
Don't use PHP4-style constructors
2016-03-16 17:09:41 -07:00
