f145f64bf4
Fix #122 : correct surrogate pair range
2017-03-04 15:38:01 +09:00
8e4cacf0a7
Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set
2017-02-03 16:54:51 -08:00
c82051c3e1
Add HTML.Noopener to add a noopener rel to every external link
...
This has performance benefits https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/ but most importantly also security benefits https://mathiasbynens.github.io/rel-noopener/
Adresses https://github.com/ezyang/htmlpurifier/issues/96
2017-02-03 16:54:51 -08:00
1b7d684d07
Remove $a = array($a) which is miscompiled by Zend OpCache.
...
Fixes #108 .
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2017-01-04 14:35:52 -05:00
5070404376
Handle semicolons in strings in CSS correctly.
...
Fixes http://htmlpurifier.org/phorum/read.php?3,7522,8096
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-29 00:01:19 -07:00
59463c5c39
Allow %URI.DefaultScheme to be null.
...
Fixes #103 .
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-27 17:30:44 -07:00
3ba9133b21
Don't assume that idn_to_ascii does validation.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-27 02:00:46 -07:00
4dc68aa920
FIX directory not closing
...
#100
2016-10-15 16:20:47 +03:00
08eee90e15
Delete asserts, fixes #97 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-10-02 00:14:41 -07:00
1ef4375dbb
Proposed fix to Serializer code.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-09-05 15:24:08 -07:00
246fc8946a
css properties: min-width, max-width, min-height, max-height
2016-09-05 10:45:58 +03:00
1f982d279f
rollback change to permissions
2016-07-29 08:56:36 +09:00
8be8cee9b3
changed chmod behaviour in Serializer
2016-07-27 12:56:03 +09:00
d0c392f77d
Release 4.8.0
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-07-16 05:58:58 -07:00
d1c5d75027
Fix #73 with Attr.ID.HTML5
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-07-16 05:52:45 -07:00
3747cb7efb
avoid exif_imagetype exception with small files/corrupt data URI
2016-07-16 05:23:17 -07:00
0166c3728b
Stop trying to chmod if SerializerPermissions is null, fixes #71
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-07-01 16:04:11 -04:00
ed180f595d
Hack to fix #85
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-07-01 15:52:09 -04:00
44baee6a82
Partial border-radius support.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-06-30 22:22:13 -04:00
1675fc7caf
Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-06-30 21:53:43 -04:00
cc35c8eb8c
tel protocol support.
2016-06-30 21:19:49 -04:00
43a9f052fd
Fix #57 , make flashvars check (and others) case-insensitive.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-27 15:56:30 -07:00
b4981c3395
Fix #67 , don't use <body> tags in comments for %Core.ConvertDocumentToFragment
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-27 15:19:32 -07:00
f14076dc3e
Fix #49 ; prevent readdir infinite loop when cache directory not listable.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-27 14:53:31 -07:00
91fd55c857
Fix #45 , errors when ul/ol allowed without li.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-26 22:41:54 -07:00
6e00b443cd
Bug with tempnam("/tmp", "");
...
Some hostings have a different temporary path than "/tmp".
2016-03-24 20:19:57 -07:00
1f3e282fde
Fix a bounds error which now errors in PHP 7.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-24 00:13:08 -07:00
753c830239
Update to work with Git version of SimpleTest.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-24 00:08:03 -07:00
45161b4fb1
Accept leading digits in hostnames as per RFC 1123.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-23 22:42:21 -07:00
92aabf2b23
Fix #76 , linkify includes dots at end of URL.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-02 02:05:54 -08:00
aebe1c02a2
Use idn_to_ascii when available.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2016-03-02 01:35:07 -08:00
913ac6955b
CSS.AllowDuplicates for duplicate properties.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2015-12-20 11:53:54 -08:00
958ba65595
Don't truncate alts.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2015-09-29 15:36:53 -07:00
ae1828d955
Release 4.7.0.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2015-08-04 18:03:42 -07:00
2c963dcc7f
Missing @return
...
Adding PHPDoc @return statement for code completion in IDE
2015-08-03 10:21:47 +02:00
c67e4c2f7e
All values, including empty, are valid HTML bools.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2015-02-11 16:36:44 -08:00
0c3e68dd03
Stop using umask to make definition cache. Fixes #32
...
This is not really the right way to solve the ACL problem,
but there isn't really any reason we should be mucking about
with the umask.
Mucked around with the test case to make it pass, but I think
it's probably a bit delicate now.
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-12-08 18:30:54 -08:00
cd60294ada
Fix rgb in border attribute with spaces, fixes #30 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-08-31 12:12:38 +01:00
39d3df1fd7
Add AutoFormat.RemoveEmpty.Predicate, fixes #35 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-08-31 12:12:17 +01:00
4da38aca80
Update YouTube embed code to new style, fixes #28
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-08-31 09:30:16 +01:00
bf84df4f7d
Move opacity to tricky. Fixes #16 .
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-08-31 09:24:11 +01:00
15d1a3003a
Don't truncate in DOMLex when seeing closing div
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-08-31 08:50:33 +01:00
80ebd4322e
Typo in docs, thanks Soleil Golden for reporting.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2014-02-04 12:17:24 -08:00
6f389f0f25
Release 4.6.0.
...
Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu >
2013-11-30 00:25:19 -08:00
8cd08620dc
Conditionalize hash_hmac tests for 5.0
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-11-29 22:27:01 -08:00
54477c172b
Fix infinite loop in Lexer.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-27 21:41:08 -07:00
e52d1fe310
Fix < PHP 5.4 compatibility break. Thanks GromNaN for submitting the patch.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-22 14:17:41 -07:00
0767bbc12d
Rewrite FixNesting implementation to be tree-based.
...
This mega-patch rips out the FixNesting implementation and the related
ChildDef components. The primary algorithmic change is to convert from
use of tokens to tree nodes, which are far more amenable to the style
of processing that FixNesting uses. Additionally, FixNesting has been
changed to go bottom-up rather than top-down, in order to avoid needing
to implement backtracking.
This patch simplifies a good deal of the relevant logic, since we no
longer need to continually recalculate the nesting structure when
processing things. However, the conversion to the alternate format
incurs some overhead, so for small inputs these changes are not a win.
One possibility to greatly reduce the constant factors here is to switch
to entirely using libxml's representation, and never serializing tokens;
this would require one to rewrite injectors, however.
The iterative post-order traversal in FixNesting is a bit subtle, but
we have essentially reified the stack and continuations.
We've removed support for %Core.EscapeInvalidChildren.
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-20 22:37:01 -07:00
b3640e1af6
Add conversion functions for our own tree format.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-20 15:05:11 -07:00
be5769804a
Make the Token class abstract.
...
Signed-off-by: Edward Z. Yang <ezyang@mit.edu >
2013-10-17 16:13:04 -07:00
