Aleksander Machniak
0716d499bc
Fix bug where some escape sequences in html styles could bypass security checks
7 years ago
Aleksander Machniak
63d3ad11fb
Use Masterminds/HTML5 parser for HTML5 support ( #5761 )
7 years ago
Aleksander Machniak
b2bebe531a
Fix bug where usernames without domain part could be malformed or converted to lower-case on logon ( #6224 )
7 years ago
Aleksander Machniak
f36e23b778
Fix parsing date strings (e.g. from a Date: mail header) with comments ( #6216 )
7 years ago
Aleksander Machniak
0f3ad342f7
Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() ( #6212 )
7 years ago
Aleksander Machniak
1058924e21
Move some framework classes to sub-directories
7 years ago
Aleksander Machniak
d07b032bcd
Refactor cache code with separate engine-specific classes
7 years ago
Aleksander Machniak
9d2b303b51
Fix bug in remote content blocking on HTML image and style tags ( #6178 )
7 years ago
Daniel Kesselberg
a8d5547163
Update idn convertion methods ( #6115 )
...
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak
63a7d2313f
Improve SMTPUTF8 support and fix relaxed email validation issues
7 years ago
Daniel Kesselberg
a3504cb3b8
Add unit test for IDN ( #6114 )
7 years ago
Aleksander Machniak
a0374f3c45
Fix mangled non-ASCII characters in links in HTML messages ( #6028 )
7 years ago
Aleksander Machniak
5e08a6ac59
Handle remote stylesheets the same as remote images, ask the user to allow them ( #5994 )
...
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak
3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
Filippo Tessarotto
e5e37928d4
Add Travis CI
7 years ago
Thomas Bruederli
1cfc024036
Modify links in html messages during Washtml DOM traversal
...
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago
Thomas Bruederli
919338d4ba
Escape textarea contents in Washtml
7 years ago
Aleksander Machniak
21e7d873ce
Fix so links over images are not removed in plain text signatures converted from HTML ( #4473 )
8 years ago
Aleksander Machniak
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
8 years ago
Aleksander Machniak
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
Aleksander Machniak
ce61c8210e
Added test for rcube_db::parse_dsn()
8 years ago
dfukagaw28
89a4134064
Add support for DelSp=Yes messages ( #5702 )
8 years ago
Thomas Bruederli
522565b400
Add tests for XSS vulnerabilities in style tags
8 years ago
Shin Kojima
0b385dc946
Skip iconv for problematic ISO-2022-JP strings ( #5668 )
...
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak
e08f22ef28
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
8 years ago
Aleksander Machniak
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
Aleksander Machniak
bbab6a6db7
Identicon plugin
...
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
8 years ago
JohnDoh
dd714b33a8
replace old trac links ( #5514 )
8 years ago
Aleksander Machniak
0485275a75
Merge branch 'dev/drop-legacy-browsers'
8 years ago
Aleksander Machniak
94f8ce3334
Make html::parse_attrib_string() more robust
...
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
8 years ago
Aleksander Machniak
829442a4cd
Removed legacy_browsr plugin
8 years ago
Aleksander Machniak
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
Aleksander Machniak
906cf101c3
Better time handling in rcube_utils::clean_datestr()
8 years ago
Aleksander Machniak
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak
d91bad5975
Fix handling of blockquote tags with mixed case on html2text conversion ( #5363 )
8 years ago
Aleksander Machniak
bf5b3072c4
Fix MathML test on older PHP versions
8 years ago
Aleksander Machniak
edfd9da42a
Support MathML in HTML message preview ( #5182 )
8 years ago
Aleksander Machniak
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
Aleksander Machniak
afd090672c
Small performance optimization
9 years ago
Aleksander Machniak
ca9ad75d96
Add some more tests for HREF attribute washing
9 years ago
Aleksander Machniak
6652367d65
Fix XSS issue in href attribute on area tag ( #5240 , #5241 )
9 years ago
Aleksander Machniak
a0f38f5fd8
Small code style improvements
9 years ago
Aleksander Machniak
e8ab3d96bd
Fix converting mail addresses with @www. into mailto links ( #5197 )
9 years ago
Aleksander Machniak
ed1d212ae2
Improved SVG cleanup code
9 years ago
Aleksander Machniak
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
9 years ago
Aleksander Machniak
9234903287
Fix HTML sanitizer to skip <!-- node type X --> in output ( #1490583 )
9 years ago
Aleksander Machniak
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
Aleksander Machniak
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
Aleksander Machniak
7a42173a16
Simplify rcube_utils::check_ip()
9 years ago