1
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-10-24 10:06:14 +02:00
Commit Graph

63 Commits

Author SHA1 Message Date
Edward Z. Yang
c5d4b1ec93 Fix missing version number in config directive, and add TODO item.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-11-05 02:56:13 -05:00
Edward Z. Yang
0e6e2c4edf Bump descriptions to 3.2.0.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-10-31 12:25:43 -04:00
David Morton
0b6ae1c3c1 Custom Injector to display URL address along with link text.
When viewing potentially hostile html, it may be helpful to see what
a given link was pointing to.  This new injector takes the href
attribute and adds the text after the link, and deletes the href
attribute.

Other forms of display could easily be contrived, but this seems to be
a good basic way to present the information.

Signed-off-by: David Morton <mortonda@dgrmm.net>
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-10-23 17:11:29 -04:00
Edward Z. Yang
f7bc0b0875 Implement %Attr.DefaultImageAlt, allowing overriding default behavior for alt attributes.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-10-06 14:51:03 -04:00
Edward Z. Yang
03dabec2c0 Fix documentation error in Filter.ExtractStyleBlocks and give better example.
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-08-01 18:58:47 -04:00
Edward Z. Yang
aa0fdeee30 Refine Lexers for parsing stray angled brackets; %Core.AggressivelyFixLt = true
By default, the DirectLex and DOMLex behavior with stray angled brackets
varied a great deal due to their implementations. A little known directive
%Core.AggressivelyFixLt attempted to match DOMLex's behavior with DirectLex's,
but it was off by default. By turning it on by default, users now enjoy these
benefits, and performance-minded users can turn it back off.

Also, several refinements to stray angled bracket parsing was made. Specifically:

* DirectLex: Handle each left angled bracket individually, which prevents
  strange behavior as reported by eon.
* DOMLex: Iterate aggressive lt fix, so that stacked brackets like << are
  handled.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-07-07 08:52:29 -04:00
Edward Z. Yang
700d5bcbfc Implement %AutoFormat.RemoveEmpty, end to start ref, and injector rewind.
Injector rewind: Injectors can now use the method rewind() in order to move
the input index backwards, so that they can reprocess tokens (other injectors
are not affected by a rewind). This functionality was necessary to implement
nested node removals in %AutoFormat.RemoveEmpty.

End to start ref: To facilitate rewinding, HTMLPurifier_Token_End now
maintains a reference called $start to the starting token for their node.

%AutoFormat.RemoveEmpty removes empty nodes. Lots of people have requested
it, so here is a partially effective implementation. Because it is implemented
as an Injector, it's not possible for it to handle newly introduced empty
nodes by later validators, specifically auto-closing and child validation.
The Injector is only meant to be used on HTML-ish languages.

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-06-27 16:09:14 -04:00
Edward Z. Yang
24f6db6fb2 [3.1.2] Add %Output.SortAttr to deal with FCKeditor bug
If %Output.SortAttr is true, attributes are sorted to be
in alphabetical order. This was requested by frank farmer.

See also: http://htmlpurifier.org/phorum/read.php?2,1576

Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-06-24 22:36:27 -04:00
Edward Z. Yang
6bb8c1fcac Handle CRLF discrepancies
Signed-off-by: Edward Z. Yang <edwardzyang@thewritingpot.com>
2008-06-24 21:10:51 -04:00
Edward Z. Yang
511dfe2d4a [3.1.1] Update Munge docs.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1804 48356398-32a2-884e-a903-53898d9a118a
2008-06-19 19:06:55 +00:00
Edward Z. Yang
463aa3a0fa [3.1.1] General munge improvements
- Add CurrentCSSProperty context variable
- Move Munge to its own class, derived off of SecureMunge.
- Rename %URI.SecureMunge to %URI.Munge
- Rename %URI.SecureMungeSecretKey to %URI.MungeSecretKey
- Add extra substitutions for munge

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1803 48356398-32a2-884e-a903-53898d9a118a
2008-06-18 03:29:27 +00:00
Edward Z. Yang
36bd06d53e [3.1.1] Implement SafeEmbed. Also, miscellaneous bugfixes.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1781 48356398-32a2-884e-a903-53898d9a118a
2008-06-10 01:18:03 +00:00
Edward Z. Yang
322288e6c0 [3.1.1] Implement %URI.SecureMunge and %URI.SecureMungeSecretKey, thanks Chris!
- URIFilter->prepare can return false in order to abort loading of the filter
- Implemented post URI filtering. Set member variable $post to true to set a URIFilter as such.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1772 48356398-32a2-884e-a903-53898d9a118a
2008-05-26 16:26:47 +00:00
Edward Z. Yang
917d2ea5ef [3.1.1] More ConfigSchema optimizations: degenerate form can accommodate type and allow_null
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1766 48356398-32a2-884e-a903-53898d9a118a
2008-05-23 17:10:26 +00:00
Edward Z. Yang
895141e0b5 [3.1.1] Further optimize ConfigSchema by eliminating stdclass when only type is set.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1765 48356398-32a2-884e-a903-53898d9a118a
2008-05-23 17:00:58 +00:00
Edward Z. Yang
8ab30e24b7 [3.1.1] Memory optimizations for ConfigSchema. Changes include:
- Elimination of ConfigDef and subclasses in favor of stdclass. Most property names stay the same
- Added benchmark script for ConfigSchema
- Types are internally handled as magic integers. Use HTMLPurifier_VarParser->getTypeName to convert to human readable form. HTMLPurifier_VarParser still accepts strings.
- Parser in config schema only used for legacy interface


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1764 48356398-32a2-884e-a903-53898d9a118a
2008-05-23 16:43:24 +00:00
Edward Z. Yang
eb9f9bc7f6 [3.1.1] Round up imagecrash support with HTML.MaxImgLength
- Add $max to AttrDef/HTML/Pixels.php
- Add %HTML.MaxImgLength
- CSS width/height allows percents when MaxImgLength is disabled


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1762 48356398-32a2-884e-a903-53898d9a118a
2008-05-23 02:09:43 +00:00
Edward Z. Yang
1a95852007 [3.1.1] Implement more robust imagecrash protection for CSS width/height.
- Change API for HTMLPurifier_AttrDef_CSS_Length
- Implement HTMLPurifier_AttrDef_Switch class
- Implement HTMLPurifier_Length->compareTo, and make make() accept object instances

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1754 48356398-32a2-884e-a903-53898d9a118a
2008-05-21 01:56:48 +00:00
Edward Z. Yang
84aa2ca390 [3.1.0] Implement tag@attr for Allowed and Forbidden
- Fix (or null) bug in configdoc

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1695 48356398-32a2-884e-a903-53898d9a118a
2008-04-26 03:14:01 +00:00
Edward Z. Yang
eaabccdd9b [3.1.0] More PHP4->PHP5 conversions, notably reference removal of most methods that return objects
- Removed HTMLPurifier_Error
- Documentation updates
- Removed more copy() methods in favor of clone
- HTMLPurifier::getInstance() to HTMLPurifier::instance()
- Fix InterchangeBuilder to use HTMLPURIFIER_PREFIX

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1689 48356398-32a2-884e-a903-53898d9a118a
2008-04-23 02:40:17 +00:00
Edward Z. Yang
1ba77fedd4 [3.1.0] Implement DenyElementDecorator for imagecrash-protection against CSS width/height
- Misc doc changes
- Add missing inheritance for AttrDef_CSS decorators


git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1684 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 22:28:54 +00:00
Edward Z. Yang
f46aef698e Post rc skirmishes.
- Update docs
- Update source code comments in generated files
- release1-update.php now flushes after it finishes
- Make InterchangeBuilder alphabetize

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1676 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 16:20:45 +00:00
Edward Z. Yang
4fe475c57f [3.1.0] Implement %HTML.Forbidden*
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1671 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 07:16:49 +00:00
Edward Z. Yang
e1876c18ad [3.1.0] Deprecate addFilter; set up Filter namespace
- Added EXTERNAL dependency config-schema value
- Fix safe bug in Printer_HTMLDefinition
- Fixed broken smoketests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1669 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 06:40:04 +00:00
Edward Z. Yang
39be09ee14 [3.1.0] Add support for deprecated and version in configdoc
- Hide deprecated elements from ToC
- %HTML.Doctype takes null instead of empty string; this shouldn't affect anyone

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1666 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 02:19:40 +00:00
Edward Z. Yang
949f605857 [3.1.0] Feature parity with configdoc rewrite
- Abolish most classes in ConfigDoc except for HTMLXSLTProcessor
- Implement Builder_Xml using XmlWriter
- Add some convenience functions

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1665 48356398-32a2-884e-a903-53898d9a118a
2008-04-22 01:58:06 +00:00
Edward Z. Yang
27ba8f2192 [3.1.0] Document Config Schema, also, fix bug with null defaults
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1651 48356398-32a2-884e-a903-53898d9a118a
2008-04-05 18:37:08 +00:00
Edward Z. Yang
d467af6c4b [3.1.0] Feature-parity achieved for validator! Implement alias checking.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1648 48356398-32a2-884e-a903-53898d9a118a
2008-04-04 22:04:10 +00:00
Edward Z. Yang
0ee090bc7b [3.1.0] Continue building up validation functions
- Remove incorrect parsing of value aliases
- Implement most allowed and value alias checks
- Add assertIsBool, assertIsArray and assertIsLookup to ValidatorAtom
- Publish string types in VarParser

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1647 48356398-32a2-884e-a903-53898d9a118a
2008-04-04 21:33:37 +00:00
Edward Z. Yang
1d25be875d [3.1.0] Maintenance scripts emit and honor proper exit codes
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1640 48356398-32a2-884e-a903-53898d9a118a
2008-04-03 20:52:08 +00:00
Edward Z. Yang
51cbb72649 [3.1.0] Landed modified patch by Braden Anderson for %CSS.AllowedProperties
- Fix broken ConfigSchema build, as well as broken aliases
- Remove another advisory property from runtime ConfigSchema classes
- Reorder flush script to more accurately reflect dependencies
- Remove some aliases from unit tests

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1635 48356398-32a2-884e-a903-53898d9a118a
2008-03-30 21:44:16 +00:00
Edward Z. Yang
7e59923029 Fix PHP 5.0 and other early version compatibility by removing use of __toString
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1629 48356398-32a2-884e-a903-53898d9a118a
2008-03-23 02:50:42 +00:00
Edward Z. Yang
77302f845f [3.1.0] Implemented redundant validators and tests
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1627 48356398-32a2-884e-a903-53898d9a118a
2008-03-23 02:35:47 +00:00
Edward Z. Yang
82c9a737f4 [3.1.0] Implement more validators, add in missing DEFAULTs for many tests.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1626 48356398-32a2-884e-a903-53898d9a118a
2008-03-23 01:29:57 +00:00
Edward Z. Yang
aedfbd1e93 [3.1.0] Define *.vtest test hierarchy, and continue work on validator.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1625 48356398-32a2-884e-a903-53898d9a118a
2008-03-23 01:06:35 +00:00
Edward Z. Yang
b8f00ace1a [3.1.0]
- Add tests for the atoms.
- Add Id validation for Directives

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1623 48356398-32a2-884e-a903-53898d9a118a
2008-03-22 21:06:55 +00:00
Edward Z. Yang
34ba0e408f [3.1.0] Initial validator implementation for namespaces.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1622 48356398-32a2-884e-a903-53898d9a118a
2008-03-22 20:26:04 +00:00
Edward Z. Yang
56cfcba5d1 [3.1.0] Make StringHash system-agnostic.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1621 48356398-32a2-884e-a903-53898d9a118a
2008-03-22 19:30:37 +00:00
Edward Z. Yang
ec59062a9d [3.1.0] De-crudify the ConfigSchema space; we're starting over again
- Optimize ConfigSchema by removing non-essential runtime data. We can probably optimize even more by collapsing object structures to arrays.
- Removed validation data from ConfigSchema; this will be reimplemented on Interchange
- Implement a sane Interchange composite hierarchy that doesn't use arrays
- Implement StringHash -> Interchange -> ConfigSchema, and rewrite maintenance file to account for this

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1615 48356398-32a2-884e-a903-53898d9a118a
2008-03-22 03:55:59 +00:00
Edward Z. Yang
c0dd6944a3 Implement If validator.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1609 48356398-32a2-884e-a903-53898d9a118a
2008-03-05 06:04:08 +00:00
Edward Z. Yang
e83573a3ad Implement ParseDefault.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1608 48356398-32a2-884e-a903-53898d9a118a
2008-03-05 05:49:18 +00:00
Edward Z. Yang
b65942a2c5 Implement "Or" composite validator.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1607 48356398-32a2-884e-a903-53898d9a118a
2008-03-05 05:38:28 +00:00
Edward Z. Yang
e4ab6d584e Implement composite validator, and make Interchange use that.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1606 48356398-32a2-884e-a903-53898d9a118a
2008-03-05 05:20:28 +00:00
Edward Z. Yang
bd64a8346d Reorganize VarParser; there may be multiple implementations.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1602 48356398-32a2-884e-a903-53898d9a118a
2008-03-05 03:51:09 +00:00
Edward Z. Yang
7480e7b956 [3.1.0] Split out VarParser from ConfigSchema
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1601 48356398-32a2-884e-a903-53898d9a118a
2008-03-04 15:06:00 +00:00
Edward Z. Yang
b9eb44bf03 Add ParseType validator.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1600 48356398-32a2-884e-a903-53898d9a118a
2008-03-04 14:33:38 +00:00
Edward Z. Yang
c0b5bc3eea [3.1.0] Implement NamespaceExists and ParseId
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1599 48356398-32a2-884e-a903-53898d9a118a
2008-03-04 05:21:04 +00:00
Edward Z. Yang
14437cbf47 - Rename Duplicate to Unique, as the name of validator indicates what we want the input to be
- Enable flush to work when includes are renamed

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1597 48356398-32a2-884e-a903-53898d9a118a
2008-03-04 04:20:55 +00:00
Edward Z. Yang
4c798bd17e [3.1.0] Implement Duplicate validator, also modify some design things
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1596 48356398-32a2-884e-a903-53898d9a118a
2008-03-04 04:13:07 +00:00
Edward Z. Yang
d8cb360f3b Refactor validators so that they can be reused between directives and namespaces.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1589 48356398-32a2-884e-a903-53898d9a118a
2008-03-02 04:39:14 +00:00