Aleksander Machniak
|
23c06159ae
|
Fix XSS issue in handling of CDATA in HTML messages
|
5 years ago |
Aleksander Machniak
|
2348899a3f
|
Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
|
5 years ago |
Aleksander Machniak
|
c22c177e53
|
Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
|
6 years ago |
Aleksander Machniak
|
2e3648b24f
|
Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
|
7 years ago |
Aleksander Machniak
|
d9eed3625b
|
Fix bug where some escape sequences in html styles could bypass security checks
|
7 years ago |
Aleksander Machniak
|
24dcdb5414
|
Fix bug in remote content blocking on HTML image and style tags (#6178)
|
7 years ago |
Aleksander Machniak
|
6dfa7ff419
|
Fix bug where HTML messages could have been rendered empty on some systems (#5957)
Consistently use $nodeName instead of $tagName property.
|
7 years ago |
Thomas Bruederli
|
74e0852db2
|
Escape textarea contents in Washtml
|
7 years ago |
Aleksander Machniak
|
e08f22ef28
|
Fix bug where external content in src attribute of input/video tags was not secured (#5583)
|
8 years ago |
Aleksander Machniak
|
dcabc1d814
|
Merge remote-tracking branch 'upstream/master'
Conflicts:
tests/Framework/Washtml.php
|
8 years ago |
Aleksander Machniak
|
edfd9da42a
|
Support MathML in HTML message preview (#5182)
|
8 years ago |
Aleksander Machniak
|
6737e293bb
|
Wash position:fixed style in HTML mail for better security (#5264)
|
9 years ago |
Aleksander Machniak
|
6652367d65
|
Fix XSS issue in href attribute on area tag (#5240, #5241)
|
9 years ago |
Aleksander Machniak
|
0e77b6f1b3
|
Fix regression where xml mode could be used to parse xhtml messages causing empty result
|
9 years ago |
Aleksander Machniak
|
ed1d212ae2
|
Improved SVG cleanup code
|
9 years ago |
Aleksander Machniak
|
023d3eb031
|
Refactor wash_attribs() - fix regressions
|
9 years ago |
Aleksander Machniak
|
a1fdb205f8
|
Extend rcube_washtml with SVG support
|
9 years ago |
Aleksander Machniak
|
9234903287
|
Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
|
9 years ago |
Aleksander Machniak
|
f4c512336d
|
Fix "washing" of style elements wrapped into many lines
|
9 years ago |
Aleksander Machniak
|
a958748947
|
CS fixes
|
10 years ago |
Aleksander Machniak
|
759566fe99
|
Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291)
|
10 years ago |
Aleksander Machniak
|
786aa0725e
|
Fix XSS issue in style attribute handling (#1490227)
|
10 years ago |
Aleksander Machniak
|
7b924535fd
|
CS fixes
|
10 years ago |
Aleksander Machniak
|
75bbada03b
|
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
|
10 years ago |
Aleksander Machniak
|
c5bfe69e21
|
Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir
|
11 years ago |
Aleksander Machniak
|
5bf83d551e
|
Fix unintentional line-height style modification in HTML messages (#1489917)
|
11 years ago |
Aleksander Machniak
|
82ed256f6e
|
Fix incorrect handling of HTML comments in messages sanitization code (#1489904)
|
11 years ago |
Aleksander Machniak
|
f96fec6b8c
|
Fix "washing" of unicoded style attributes (#1489777)
|
11 years ago |
Aleksander Machniak
|
c77a8497e7
|
Fix again xdebug.max_nesting_level limit handling (#1489110)
|
11 years ago |
Aleksander Machniak
|
c0dda0556c
|
Allow single quote in style attribute values.
E.g. "font-family: 'Tahoma'" should not be removed.
|
11 years ago |
Aleksander Machniak
|
c7250749ab
|
Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768)
|
11 years ago |
Aleksander Machniak
|
ffec857b69
|
Fix handling of invalid closing tags in HTML messages (#1489446)
|
11 years ago |
Aleksander Machniak
|
af79a7b837
|
Fixed issues where HTML comments inside style tag would hang Internet Explorer
|
11 years ago |
Aleksander Machniak
|
bfd24fcc04
|
Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#1489302)
|
11 years ago |
rodrigo
|
b6a640bdc9
|
replaces smart quotes with regular quotes. Fixes improper doctype declarations in html emails
|
12 years ago |
Aleksander Machniak
|
cb3e2fe0c2
|
Fix displaying messages with invalid self-closing HTML tags (#1489137)
|
12 years ago |
Aleksander Machniak
|
a8994090bb
|
Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#1489110)
|
12 years ago |
Aleksander Machniak
|
1bce142058
|
Fix handling of some conditional comment tags in HTML message (#1489004)
|
12 years ago |
Aleksander Machniak
|
1f910cb50d
|
Fix handling link href attribute value with (valid) newline characters (#1488940)
|
12 years ago |
Aleksander Machniak
|
7ac94421bf
|
Move washtml class into Roundcube Framework (rcube_washtml), add some improvements
|
12 years ago |