Commit Graph

37 Commits (28e18c75ef693740edc05e7474cf52452cc76157)

Author SHA1 Message Date
thomascube 98c2d69acf Be more strict in style attribute filtering 13 years ago
thomascube 2b017e7f79 Allow clean background:url(...) styles in safe mode. This will make Roundcube pass the Email Standards Acid Test 13 years ago
alecpl af4b3be87d - Fix handling of empty <U> tags in HTML messages (#1488225) 13 years ago
alecpl 2eeb128d06 - Fix washing styles with quoted values e.g. font-family 13 years ago
alecpl c1fcd1b838 - Fix handling of HTML form elements in messages (#1485137) 13 years ago
alecpl e4d0947550 - Fix invalid comments handling (see example message in #1487915) 14 years ago
alecpl 968754b09e - Fix regression in html conditional comments handling by washtml class 14 years ago
thomascube b1d31eea94 Fix stripping invalid comments. Changes from r4483 also stripped entire CSS blocks packed in comments 14 years ago
alecpl 9ebac6616d - Fix handling of invalid HTML comments in messages (#1487759) 14 years ago
alecpl 4d268b1fae - Don't return empty I and B tags in short form 14 years ago
alecpl 1d3596dd61 - Don't allow short form of empty <strong> tag 14 years ago
alecpl be6f3a9d28 - Improve parsing of styled empty tags in HTML messages (#1486812) 15 years ago
alecpl a0d29e518f - Fix RFC2397 handling in wash_style() 15 years ago
alecpl b6f04054d1 - support base URL for inline images 15 years ago
alecpl 0b7f3a8ab2 - Add support for data URI scheme [RFC2397] (#1486740) 15 years ago
alecpl 9ef5fa51fb - fix <span>0</span> (#1486645) 15 years ago
alecpl a72ad65724 - Fix invalid font tags which cause HTML message rendering problems (#1486521) 15 years ago
alecpl 7435e3bc32 - fix empty A tag handling (#1486272) 15 years ago
svncommit e98f249172 Added # to washtml's regex for safe links (some list digests have tables of contents that use internal links). 15 years ago
svncommit 5f8d31f9be better solution for HTML washing encoding issue 16 years ago
svncommit 659672ebf9 fix washing of HTML encoded in something other than UTF-8 16 years ago
alecpl 2337a82f72 - Fix displaying of HTML messages with unknown/malformed tags (#1486003)
- Some other changes for styled HTML display
16 years ago
alecpl 503e019a56 - Fix HTML messages output with empty block elements (#1485974) 16 years ago
alecpl f7fff8f682 - Allow WBR tag in HTML message (#1485960) 16 years ago
thomascube 4cc74f7269 Treat 'background' attributes the same way as 'src' (another XSS vulnerability) 16 years ago
alecpl 7f62581c10 - Smart Tags and NOBR tag support in html messages (#1485363, #1485327) 16 years ago
thomascube a47acc56c6 Allow content of HTML head sections to be processes 16 years ago
thomascube c505e59a6d Respect Content-Location headers in multipart/related messages (#1484946) 16 years ago
thomascube d368a68ed7 Reverted r1607. See #1485137 for explanations 17 years ago
alecpl 4897adcbd4 #1485137: added 'form' to allowed elements list 17 years ago
thomascube 21e724153e Improve HTML sanitization with washtml 17 years ago
alecpl 18ebb902d5 #1485097: Re-enable background attribute in HTML messages 17 years ago
thomascube 350459486d Change meta-charset specififcation in HTML to UTF-8; no need for mb_convert_encoding() anymore 17 years ago
thomascube a8755664af Allow <body> tag in HTML messages which will be converted to <div class='rcmBody'> 17 years ago
thomascube 65cc1c196f Chech for mb_convert_encoding first because mbstring is optional for RoundCube + add some phpdoc 17 years ago
alecpl 68217c548a -add convert encoding before html parsing 17 years ago
thomascube 45f56c1c40 Replace our crappy html sanitization with the dom-based washtml script + fix inline message parts + remove old code + add some doc comments 17 years ago