Commit Graph

40 Commits (45dced3b8f70bbc7b2fe76c165ff2ddce4006fb2)

Author SHA1 Message Date
Aleksander Machniak 23c06159ae Fix XSS issue in handling of CDATA in HTML messages 5 years ago
Aleksander Machniak 2348899a3f Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) 5 years ago
Aleksander Machniak c22c177e53 Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 2e3648b24f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak d9eed3625b Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak 24dcdb5414 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak 6dfa7ff419 Fix bug where HTML messages could have been rendered empty on some systems (#5957)
Consistently use $nodeName instead of $tagName property.
7 years ago
Thomas Bruederli 74e0852db2 Escape textarea contents in Washtml 7 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak edfd9da42a Support MathML in HTML message preview (#5182) 8 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak 6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 9 years ago
Aleksander Machniak 0e77b6f1b3 Fix regression where xml mode could be used to parse xhtml messages causing empty result 9 years ago
Aleksander Machniak ed1d212ae2 Improved SVG cleanup code 9 years ago
Aleksander Machniak 023d3eb031 Refactor wash_attribs() - fix regressions 9 years ago
Aleksander Machniak a1fdb205f8 Extend rcube_washtml with SVG support 9 years ago
Aleksander Machniak 9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago
Aleksander Machniak f4c512336d Fix "washing" of style elements wrapped into many lines 9 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak 759566fe99 Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291) 10 years ago
Aleksander Machniak 786aa0725e Fix XSS issue in style attribute handling (#1490227) 10 years ago
Aleksander Machniak 7b924535fd CS fixes 10 years ago
Aleksander Machniak 75bbada03b Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks 10 years ago
Aleksander Machniak c5bfe69e21 Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir 11 years ago
Aleksander Machniak 5bf83d551e Fix unintentional line-height style modification in HTML messages (#1489917) 11 years ago
Aleksander Machniak 82ed256f6e Fix incorrect handling of HTML comments in messages sanitization code (#1489904) 11 years ago
Aleksander Machniak f96fec6b8c Fix "washing" of unicoded style attributes (#1489777) 11 years ago
Aleksander Machniak c77a8497e7 Fix again xdebug.max_nesting_level limit handling (#1489110) 11 years ago
Aleksander Machniak c0dda0556c Allow single quote in style attribute values.
E.g. "font-family: 'Tahoma'" should not be removed.
11 years ago
Aleksander Machniak c7250749ab Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768) 11 years ago
Aleksander Machniak ffec857b69 Fix handling of invalid closing tags in HTML messages (#1489446) 11 years ago
Aleksander Machniak af79a7b837 Fixed issues where HTML comments inside style tag would hang Internet Explorer 11 years ago
Aleksander Machniak bfd24fcc04 Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#1489302) 11 years ago
rodrigo b6a640bdc9 replaces smart quotes with regular quotes. Fixes improper doctype declarations in html emails 12 years ago
Aleksander Machniak cb3e2fe0c2 Fix displaying messages with invalid self-closing HTML tags (#1489137) 12 years ago
Aleksander Machniak a8994090bb Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#1489110) 12 years ago
Aleksander Machniak 1bce142058 Fix handling of some conditional comment tags in HTML message (#1489004) 12 years ago
Aleksander Machniak 1f910cb50d Fix handling link href attribute value with (valid) newline characters (#1488940) 12 years ago
Aleksander Machniak 7ac94421bf Move washtml class into Roundcube Framework (rcube_washtml), add some improvements 12 years ago