Commit Graph

148 Commits (1b87ec31449f4a81821498318ca2eea94788f4fc)

Author SHA1 Message Date
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak 21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 7 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 7 years ago
Aleksander Machniak 8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Aleksander Machniak ce61c8210e Added test for rcube_db::parse_dsn() 8 years ago
dfukagaw28 89a4134064 Add support for DelSp=Yes messages (#5702) 8 years ago
Thomas Bruederli 522565b400 Add tests for XSS vulnerabilities in style tags 8 years ago
Shin Kojima 0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668)
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak 7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 8 years ago
JohnDoh dd714b33a8 replace old trac links (#5514) 8 years ago
Aleksander Machniak 94f8ce3334 Make html::parse_attrib_string() more robust
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak 906cf101c3 Better time handling in rcube_utils::clean_datestr() 8 years ago
Aleksander Machniak ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak d91bad5975 Fix handling of blockquote tags with mixed case on html2text conversion (#5363) 8 years ago
Aleksander Machniak bf5b3072c4 Fix MathML test on older PHP versions 8 years ago
Aleksander Machniak edfd9da42a Support MathML in HTML message preview (#5182) 8 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak afd090672c Small performance optimization 9 years ago
Aleksander Machniak ca9ad75d96 Add some more tests for HREF attribute washing 9 years ago
Aleksander Machniak 6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 9 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak e8ab3d96bd Fix converting mail addresses with @www. into mailto links (#5197) 9 years ago
Aleksander Machniak ed1d212ae2 Improved SVG cleanup code 9 years ago
Aleksander Machniak cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 9 years ago
Aleksander Machniak 9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago
Aleksander Machniak 26086981a2 Improve randomness of security tokens (#1490529) 9 years ago
Aleksander Machniak 7a42173a16 Simplify rcube_utils::check_ip() 9 years ago
Aleksander Machniak f4c512336d Fix "washing" of style elements wrapped into many lines 9 years ago
Aleksander Machniak 1b39d9a6c7 PHP7: Fixed some E_WARNING errors that previously were E_STRICT 9 years ago
Aleksander Machniak 2d73205ec8 Skip rcube_ldap_generic test if Net_LDAP3 is not available 9 years ago
Aleksander Machniak 8447bae77c Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code 10 years ago
Aleksander Machniak f7427f151e Get rid of Mail_mimeDecode package dependency (#1490416) 10 years ago
Aleksander Machniak 25c8fe4eeb Fix handling of non-break spaces in html to text conversion (#1490436) 10 years ago
Aleksander Machniak ff40683404 Fix so links with href == content aren't added to links list on html to text conversion (#1490434) 10 years ago
Thomas Bruederli 7eefdc8149 Adapt charset cleanup tests to pass with different versions of iconv propucing slightyl different output 10 years ago
Aleksander Machniak 3994b3a26c Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402) 10 years ago
Thomas Bruederli 0bfc862283 Specify test groups for inclusion/exclusion 10 years ago
Aleksander Machniak c4ad7edd53 Fix font artifacts in text2html conversion (#1490353)
Use white-space:nowrap elements instead of unicode word-joiner character
10 years ago
Aleksander Machniak 389f70996c Skip some tests on PHP 5.3.3 10 years ago
Aleksander Machniak f7565da34b Add some more tests for rcube_charset::clean() 10 years ago
Aleksander Machniak eb58b6c537 Fix failing rcube_utils::strtotime() test if system timezone was different than expected 10 years ago
Aleksander Machniak d86ff98339 Fix font artifact in Google Chrome on Windows (#1490353) 10 years ago
Aleksander Machniak 53cbebf8ad Fix handling spaces after <br> on html2text conversion 10 years ago
Aleksander Machniak 496972bf95 Fix backtick character handling in sql queries (#1490312) 10 years ago
Aleksander Machniak 13e0a6556f Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] (#1490284) 10 years ago