1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-10-24 10:06:14 +02:00
Commit Graph

50 Commits

Author SHA1 Message Date
Edward Z. Yang
b73b5100fd [1.3.1] Add defense in depth measure: reject entire node if there is no child definition for the element.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@601 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:38:25 +00:00
Edward Z. Yang
d886ed59fd [1.3.1] Standardized all attribute handling variables to attr, made it plural
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@600 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:29:08 +00:00
Edward Z. Yang
cbb492c52c [1.3.1] Fixed bug in RemoveInvalidImg code that caused all images to be dropped
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@599 48356398-32a2-884e-a903-53898d9a118a
2006-12-06 22:12:44 +00:00
Edward Z. Yang
49cb2a4a7c [1.3.0] More control of URIs granted
# Invalid images are now removed, rather than replaced with a dud <img src="" alt="Invalid image" />. Previous behavior can be restored with new directive %Core.RemoveInvalidImg set to false.
! New directives %URI.DisableExternalResources and %URI.DisableResources
! New directive %Attr.DisableURI, which eliminates all hyperlinking
- Missing "Available since" documentation added

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@575 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 23:59:20 +00:00
Edward Z. Yang
925a07b828 [1.3.0] New directives %HTML.AllowedElements and %HTML.AllowedAttributes to let users narrow the set of allowed tags
. Added HTMLPurifier->info_parent_def, parent child processing made special

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@565 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 13:51:19 +00:00
Edward Z. Yang
b1b3377b9c [1.3.0] Huge upgrade, (X)HTML Strict now supported
+ Transparently handles inline elements in block context (blockquote)
! Added GET method to demo for easier validation, added 50kb max input size
! New directive %HTML.BlockWrapper, for block-ifying inline elements
! New directive %HTML.Parent, allows you to only allow inline content
- Added missing type to ChildDef_Chameleon
. ChildDef_Required guards against empty tags
. Lookup table HTMLDefinition->info_flow_elements added
. Added peace-of-mind variable initialization to Strategy_FixNesting

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@560 48356398-32a2-884e-a903-53898d9a118a
2006-11-23 03:23:35 +00:00
Edward Z. Yang
6ff78d2f79 Add $config and $context to TagTransform transform() calls.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@497 48356398-32a2-884e-a903-53898d9a118a
2006-10-22 15:56:38 +00:00
Edward Z. Yang
f3646a3a06 [1.2.0]
- Add context parameter to AttrTransform objects.
- Update documentation on attribute transformations in ValidateAttributes.php


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@493 48356398-32a2-884e-a903-53898d9a118a
2006-10-21 17:27:51 +00:00
Edward Z. Yang
2d6bf12fe0 [1.2.0]
- All important classes that use Context were migrated. Todo: Classes that currently use $config but not $context are AttrTransform (done in r493) and URIScheme+Registry (done in r500). There may be more classes, incl TagTransform (done in r497) that should have both $config and $context added.
- Strategy unit tests now migrated to use HTMLPurifier_Harness

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@485 48356398-32a2-884e-a903-53898d9a118a
2006-10-01 21:55:13 +00:00
Edward Z. Yang
8f515b9cda [1.2.0]
- Partially finished migrating to new Context object (done in r485).
- Created HTMLPurifier_Harness to assist with testing, ChildDefTest migrated to that framework.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@484 48356398-32a2-884e-a903-53898d9a118a
2006-10-01 20:47:07 +00:00
Edward Z. Yang
3b30c2ca5b Renamed ConfigDef to ConfigSchema. (Required major internal restructuring but should not affect end-users)
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@424 48356398-32a2-884e-a903-53898d9a118a
2006-09-16 22:36:58 +00:00
Edward Z. Yang
e440f25bce [1.1] Table child definition made more flexible, will fix up poorly ordered elements
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@417 48356398-32a2-884e-a903-53898d9a118a
2006-09-15 01:52:22 +00:00
Edward Z. Yang
14aeafcf22 De-singleton-ized (HTML|CSS)Definition, tying them to the configuration and making them more amenable to changes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@350 48356398-32a2-884e-a903-53898d9a118a
2006-08-31 20:33:07 +00:00
Edward Z. Yang
784e7356d1 Fix missing inheritance declaration.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@336 48356398-32a2-884e-a903-53898d9a118a
2006-08-28 20:29:36 +00:00
Edward Z. Yang
24cde9c891 Revamp configuration files so that more rules can be added, internal organization is more logical, and descriptions are captured.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@327 48356398-32a2-884e-a903-53898d9a118a
2006-08-27 18:49:16 +00:00
Edward Z. Yang
f7760c8cb6 Document Strategies.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@310 48356398-32a2-884e-a903-53898d9a118a
2006-08-20 21:59:41 +00:00
Edward Z. Yang
0da17072d1 Change unacceptable value default behavior to drop silently.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@269 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 23:58:18 +00:00
Edward Z. Yang
d7140f2e05 Outfit a bunch of other classes so they can accept a configuration object. Put in basic scaffolding for extractBody() functionality.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@257 48356398-32a2-884e-a903-53898d9a118a
2006-08-15 00:31:12 +00:00
Edward Z. Yang
24c64dbbac Implement attribute transforms for required attributes. I can now confidently say that output will always be valid.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@256 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 23:11:28 +00:00
Edward Z. Yang
e770d994a7 Rename Definition to HTMLDefinition.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@255 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 21:22:49 +00:00
Edward Z. Yang
238678871e - Fixed lots of bugs
- Defined new directive %Core.EscapeInvalidChildren, for previously commented out functionality
- Removed convenience configuration generation: you *have* to pass it unless you're interfacing with HTMLPurifier
- Homogenized function parameters even when only a few of them are used
- Rewrote unit tests that expected previous behavior
- Introduced configuration object to ChildDef tests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@243 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 02:46:34 +00:00
Edward Z. Yang
35fa08420d Commit live demo, implement unified interface, and fix some security bugs (involving forgotten calls to strategies).
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@238 48356398-32a2-884e-a903-53898d9a118a
2006-08-14 00:27:15 +00:00
Edward Z. Yang
a2880bdff2 Generalize IDAccumulator into AttrContext. Modify tests and classes accordingly. Also, this allows us to make the validate() parameters uniform among all AttrDef subclasses.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@212 48356398-32a2-884e-a903-53898d9a118a
2006-08-12 16:04:40 +00:00
Edward Z. Yang
0db1cbb7ac Revamp Configuration classes, breaking backwards configuration compatibility (not that there was much to broken to begin with). Fix bug involving PHP 4 object typecasting.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@203 48356398-32a2-884e-a903-53898d9a118a
2006-08-11 20:23:41 +00:00
Edward Z. Yang
9cec089f97 Profusely comment FixNesting.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@183 48356398-32a2-884e-a903-53898d9a118a
2006-08-07 20:28:12 +00:00
Edward Z. Yang
7e2693fdea Update comments.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@182 48356398-32a2-884e-a903-53898d9a118a
2006-08-07 19:22:26 +00:00
Edward Z. Yang
2deb2fc285 Implement TextAlign and all hooks necessary, but it's kind of useless since CSS validation hasn't been built yet.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@166 48356398-32a2-884e-a903-53898d9a118a
2006-08-05 02:56:57 +00:00
Edward Z. Yang
9d390fca56 Refactor AttrTransform_Lang slightly by changing input output from token to attribute.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@163 48356398-32a2-884e-a903-53898d9a118a
2006-08-05 02:16:28 +00:00
Edward Z. Yang
8a23710405 Implement lang and xml:lang. Fixed a bunch of bugs too.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@162 48356398-32a2-884e-a903-53898d9a118a
2006-08-05 01:50:13 +00:00
Edward Z. Yang
50b3d5320e Correct slight hole involving AttrDefs that don't have a return value.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@159 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 03:01:45 +00:00
Edward Z. Yang
784b756b3f Add configuration as a parameter to all AttrDef objects. If we get another construction like accumulator, however, we'll have to create an AttrContext object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@156 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 01:52:54 +00:00
Edward Z. Yang
a0ee772423 Set up configuration class, implement attr_id_blacklist
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@155 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 01:47:48 +00:00
Edward Z. Yang
7d2bf08d2f Implement simple attribute transformations and roll them out.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@152 48356398-32a2-884e-a903-53898d9a118a
2006-08-04 00:11:54 +00:00
Edward Z. Yang
f0deae1fc0 Update documentation.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@147 48356398-32a2-884e-a903-53898d9a118a
2006-08-03 01:37:28 +00:00
Edward Z. Yang
26733183b7 Add support for hard exclusions that affect all child nodes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@146 48356398-32a2-884e-a903-53898d9a118a
2006-08-03 01:18:57 +00:00
Edward Z. Yang
aa249be067 Fix chameleon behavior with ins and del.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@145 48356398-32a2-884e-a903-53898d9a118a
2006-08-03 01:03:23 +00:00
Edward Z. Yang
145a51da5a Move out Stage 2 docs to correct class.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@141 48356398-32a2-884e-a903-53898d9a118a
2006-08-02 02:26:01 +00:00
Edward Z. Yang
626cfc1172 Implement center, menu and dir tag transformations. Font transform pending.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@140 48356398-32a2-884e-a903-53898d9a118a
2006-08-02 02:24:03 +00:00
Edward Z. Yang
9d411bd5cc - Implement double-checking in Strategy/FixNesting.php, fixes the table bugs.
- Move around child definitions so they make a little more sense (rename to Custom) and also add $allow_empty property to help FixNesting.php determine whether or not to double-check.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@136 48356398-32a2-884e-a903-53898d9a118a
2006-07-31 03:04:57 +00:00
Edward Z. Yang
9c6ae16764 Massively refactored Definition, moved MakeWellFormed HTML specific code out.
Add table functionality for nesting, don't know how I missed that. It's still broken though.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@135 48356398-32a2-884e-a903-53898d9a118a
2006-07-31 00:15:01 +00:00
Edward Z. Yang
2b5589c884 Factor some stuff into the Definition, add more docs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@134 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 22:57:54 +00:00
Edward Z. Yang
558c49a92d Make the definition format much more logical. Begin migrating specification docs to their respective classes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@133 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 19:11:18 +00:00
Edward Z. Yang
70bd80e66a Added ValidateAttributes strategy and associated unit tests. Amended Generator with some sanity checks. Made Definition include all necessary definitions. Note the two elements (bdo and br) that only use coreattrs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@132 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 18:37:42 +00:00
Edward Z. Yang
f8eaedb500 Factor out definitions to a ['child'] so that we could assign the ['attr'] definitions separately.
Also, added AttrDef/EnumTest.php

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@127 48356398-32a2-884e-a903-53898d9a118a
2006-07-30 00:54:38 +00:00
Edward Z. Yang
9b7ad89ab5 - Added Composite and Core strategies.
- Added generate_mock() function for testing
- Factored out inputs/output tests to StrategyAbstractTest

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@124 48356398-32a2-884e-a903-53898d9a118a
2006-07-29 17:38:28 +00:00
Edward Z. Yang
619d5d9bc1 Migrate strategies to separate classes complete.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@119 48356398-32a2-884e-a903-53898d9a118a
2006-07-24 02:49:37 +00:00
Edward Z. Yang
d98f1742ec Extract FixNesting strategy from Definition object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@113 48356398-32a2-884e-a903-53898d9a118a
2006-07-24 01:54:25 +00:00
Edward Z. Yang
2e6a5c10b3 Add in a missing include. I'm seeing duplication...
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@112 48356398-32a2-884e-a903-53898d9a118a
2006-07-24 01:50:41 +00:00
Edward Z. Yang
4b8a206417 Extract RemoveForeignElements strategy from Definition object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@111 48356398-32a2-884e-a903-53898d9a118a
2006-07-24 01:50:02 +00:00
Edward Z. Yang
b251c4ed86 Extract MakeWellFormed strategy from Definition object.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@108 48356398-32a2-884e-a903-53898d9a118a
2006-07-23 23:29:12 +00:00