Aleksander Machniak
87e4cd0cf2
Fix XSS issue in handling of CDATA in HTML messages
5 years ago
Aleksander Machniak
47d9ed6d0c
Add support for PHPUnit 6 and 7 ( #6870 )
...
Fixes composer dependencies: Package phpunit/phpunit-mock-objects is abandoned
We cannot support v8 yet because of errors like:
Declaration of MailFunc::setUp() must be compatible with PHPUnit\Framework\TestCase::setUp(): void
It would require dropping PHP < 7.1 support.
5 years ago
Aleksander Machniak
cf90c69ad7
Fix bug where 'text' attribute on body tag was ignored when displaying HTML message ( #7109 )
5 years ago
Aleksander Machniak
21ebf3ff5a
Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs ( #6896 )
5 years ago
Aleksander Machniak
55cca61134
Workaround more invalid HTML cases parsed incorrectly by Mastermind/HTML5 ( #6713 )
6 years ago
Aleksander Machniak
92ed0154d5
Followup fix on handling HTML content w/o html/head/body tag ( #6713 )
6 years ago
Aleksander Machniak
03d56926d8
Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag ( #6713 )
6 years ago
dsoares
00cc13a1b9
Fix bug where HTML messages with a xml:namespace tag were not rendered.
6 years ago
Aleksander Machniak
0a0ac045fe
Fix bug where valid content between HTML comments could have been skipped in some cases ( #6464 )
6 years ago
Aleksander Machniak
086e781b8f
Fix bug where some HTML comments could have been malformed by HTML parser ( #6333 )
7 years ago
Aleksander Machniak
0716d499bc
Fix bug where some escape sequences in html styles could bypass security checks
7 years ago
Aleksander Machniak
63d3ad11fb
Use Masterminds/HTML5 parser for HTML5 support ( #5761 )
7 years ago
Aleksander Machniak
5e08a6ac59
Handle remote stylesheets the same as remote images, ask the user to allow them ( #5994 )
...
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak
3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Thomas Bruederli
919338d4ba
Escape textarea contents in Washtml
7 years ago
Aleksander Machniak
e08f22ef28
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
8 years ago
Aleksander Machniak
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
Aleksander Machniak
bf5b3072c4
Fix MathML test on older PHP versions
8 years ago
Aleksander Machniak
edfd9da42a
Support MathML in HTML message preview ( #5182 )
8 years ago
Aleksander Machniak
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
Aleksander Machniak
ca9ad75d96
Add some more tests for HREF attribute washing
9 years ago
Aleksander Machniak
6652367d65
Fix XSS issue in href attribute on area tag ( #5240 , #5241 )
9 years ago
Aleksander Machniak
ed1d212ae2
Improved SVG cleanup code
9 years ago
Aleksander Machniak
9234903287
Fix HTML sanitizer to skip <!-- node type X --> in output ( #1490583 )
9 years ago
Aleksander Machniak
f4c512336d
Fix "washing" of style elements wrapped into many lines
9 years ago
Aleksander Machniak
786aa0725e
Fix XSS issue in style attribute handling ( #1490227 )
10 years ago
Aleksander Machniak
5bf83d551e
Fix unintentional line-height style modification in HTML messages ( #1489917 )
11 years ago
Aleksander Machniak
82ed256f6e
Fix incorrect handling of HTML comments in messages sanitization code ( #1489904 )
11 years ago
Aleksander Machniak
f96fec6b8c
Fix "washing" of unicoded style attributes ( #1489777 )
11 years ago
Aleksander Machniak
5e3ee8418e
Add test case for #1489777
11 years ago
Aleksander Machniak
68cf8f19d2
Add some tests
11 years ago
Aleksander Machniak
c7250749ab
Fix issue where deprecated syntax for HTML lists was not handled properly ( #1488768 )
11 years ago
Aleksander Machniak
ffec857b69
Fix handling of invalid closing tags in HTML messages ( #1489446 )
11 years ago
Aleksander Machniak
cb3e2fe0c2
Fix displaying messages with invalid self-closing HTML tags ( #1489137 )
12 years ago
Aleksander Machniak
f773259412
Fix washtml test after "unsupported node type" fix
12 years ago
Aleksander Machniak
1e2468e4b9
Added two tests for HTML comments handling in rcube_washtml class
12 years ago
Aleksander Machniak
1f910cb50d
Fix handling link href attribute value with (valid) newline characters ( #1488940 )
12 years ago
Aleksander Machniak
7ac94421bf
Move washtml class into Roundcube Framework (rcube_washtml), add some improvements
12 years ago