5e08a6ac59
Handle remote stylesheets the same as remote images, ask the user to allow them ( #5994 )
...
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
8 years ago
3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
8 years ago
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
919338d4ba
Escape textarea contents in Washtml
8 years ago
21e7d873ce
Fix so links over images are not removed in plain text signatures converted from HTML ( #4473 )
9 years ago
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
9 years ago
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
9 years ago
ce61c8210e
Added test for rcube_db::parse_dsn()
9 years ago
89a4134064
Add support for DelSp=Yes messages ( #5702 )
9 years ago
522565b400
Add tests for XSS vulnerabilities in style tags
9 years ago
0b385dc946
Skip iconv for problematic ISO-2022-JP strings ( #5668 )
...
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
9 years ago
e08f22ef28
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
9 years ago
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
9 years ago
dd714b33a8
replace old trac links ( #5514 )
9 years ago
94f8ce3334
Make html::parse_attrib_string() more robust
...
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
10 years ago
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
10 years ago
906cf101c3
Better time handling in rcube_utils::clean_datestr()
10 years ago
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
10 years ago
d91bad5975
Fix handling of blockquote tags with mixed case on html2text conversion ( #5363 )
10 years ago
bf5b3072c4
Fix MathML test on older PHP versions
10 years ago
edfd9da42a
Support MathML in HTML message preview ( #5182 )
10 years ago
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
10 years ago
afd090672c
Small performance optimization
10 years ago
ca9ad75d96
Add some more tests for HREF attribute washing
10 years ago
6652367d65
Fix XSS issue in href attribute on area tag ( #5240 , #5241 )
10 years ago
a0f38f5fd8
Small code style improvements
10 years ago
e8ab3d96bd
Fix converting mail addresses with @www. into mailto links ( #5197 )
10 years ago
ed1d212ae2
Improved SVG cleanup code
10 years ago
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
10 years ago
9234903287
Fix HTML sanitizer to skip <!-- node type X --> in output ( #1490583 )
10 years ago
26086981a2
Improve randomness of security tokens ( #1490529 )
10 years ago
7a42173a16
Simplify rcube_utils::check_ip()
11 years ago
f4c512336d
Fix "washing" of style elements wrapped into many lines
11 years ago
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
11 years ago
2d73205ec8
Skip rcube_ldap_generic test if Net_LDAP3 is not available
11 years ago
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
11 years ago
f7427f151e
Get rid of Mail_mimeDecode package dependency ( #1490416 )
11 years ago
25c8fe4eeb
Fix handling of non-break spaces in html to text conversion ( #1490436 )
11 years ago
ff40683404
Fix so links with href == content aren't added to links list on html to text conversion ( #1490434 )
11 years ago
7eefdc8149
Adapt charset cleanup tests to pass with different versions of iconv propucing slightyl different output
11 years ago
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
11 years ago
0bfc862283
Specify test groups for inclusion/exclusion
11 years ago
c4ad7edd53
Fix font artifacts in text2html conversion ( #1490353 )
...
Use white-space:nowrap elements instead of unicode word-joiner character
11 years ago
389f70996c
Skip some tests on PHP 5.3.3
11 years ago
f7565da34b
Add some more tests for rcube_charset::clean()
11 years ago
eb58b6c537
Fix failing rcube_utils::strtotime() test if system timezone was different than expected
11 years ago
d86ff98339
Fix font artifact in Google Chrome on Windows ( #1490353 )
11 years ago
53cbebf8ad
Fix handling spaces after <br> on html2text conversion
11 years ago
496972bf95
Fix backtick character handling in sql queries ( #1490312 )
11 years ago
13e0a6556f
Fix handling of some improper constructs in format=flowed text as per the RFC3676[4.5] ( #1490284 )
11 years ago
Aleksander Machniak