5e08a6ac59
Handle remote stylesheets the same as remote images, ask the user to allow them ( #5994 )
...
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
3196d656db
Fix css conflicts in user interface and e-mail content ( #5891 )
...
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
5d16751ed8
Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
7 years ago
e5e37928d4
Add Travis CI
7 years ago
1cfc024036
Modify links in html messages during Washtml DOM traversal
...
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago
919338d4ba
Escape textarea contents in Washtml
7 years ago
21e7d873ce
Fix so links over images are not removed in plain text signatures converted from HTML ( #4473 )
7 years ago
1fcf7bfab3
Fix bug where HTML messages with @media styles could moddify style of page body ( #5811 )
7 years ago
8f22c3287d
Fix bug where comment notation within style tag would cause the whole style to be ignored ( #5747 )
8 years ago
ce61c8210e
Added test for rcube_db::parse_dsn()
8 years ago
89a4134064
Add support for DelSp=Yes messages ( #5702 )
8 years ago
522565b400
Add tests for XSS vulnerabilities in style tags
8 years ago
0b385dc946
Skip iconv for problematic ISO-2022-JP strings ( #5668 )
...
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
e08f22ef28
Fix bug where external content in src attribute of input/video tags was not secured ( #5583 )
8 years ago
7340360e79
Fix bug where image data URIs in css style were treated as evil/remote in mail preview ( #5580 )
8 years ago
bbab6a6db7
Identicon plugin
...
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
8 years ago
dd714b33a8
replace old trac links ( #5514 )
8 years ago
0485275a75
Merge branch 'dev/drop-legacy-browsers'
8 years ago
94f8ce3334
Make html::parse_attrib_string() more robust
...
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
8 years ago
829442a4cd
Removed legacy_browsr plugin
8 years ago
dcabc1d814
Merge remote-tracking branch 'upstream/master'
...
Conflicts:
tests/Framework/Washtml.php
8 years ago
906cf101c3
Better time handling in rcube_utils::clean_datestr()
8 years ago
ed35267b9b
Managesieve: Fix parsing of vacation date-time with non-default date_format ( #5372 )
...
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
d91bad5975
Fix handling of blockquote tags with mixed case on html2text conversion ( #5363 )
8 years ago
bf5b3072c4
Fix MathML test on older PHP versions
8 years ago
edfd9da42a
Support MathML in HTML message preview ( #5182 )
8 years ago
6737e293bb
Wash position:fixed style in HTML mail for better security ( #5264 )
9 years ago
afd090672c
Small performance optimization
9 years ago
ca9ad75d96
Add some more tests for HREF attribute washing
9 years ago
6652367d65
Fix XSS issue in href attribute on area tag ( #5240 , #5241 )
9 years ago
a0f38f5fd8
Small code style improvements
9 years ago
e8ab3d96bd
Fix converting mail addresses with @www. into mailto links ( #5197 )
9 years ago
ed1d212ae2
Improved SVG cleanup code
9 years ago
cbe701ac4a
Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844)
9 years ago
9234903287
Fix HTML sanitizer to skip <!-- node type X --> in output ( #1490583 )
9 years ago
26086981a2
Improve randomness of security tokens ( #1490529 )
9 years ago
a63f14ec40
Emoticons-related code refactoring
...
- Emoticons: All emoticons-related functionality is handled by the plugin now
- Emoticons: Added option to switch on/off emoticons in compose editor (#1485732 )
- Emoticons: Added option to switch on/off emoticons in plain text messages
- Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook
- Plugin API: Added html2text hook
9 years ago
7a42173a16
Simplify rcube_utils::check_ip()
9 years ago
f4c512336d
Fix "washing" of style elements wrapped into many lines
9 years ago
1b39d9a6c7
PHP7: Fixed some E_WARNING errors that previously were E_STRICT
9 years ago
1b8ca08e5b
Added GSSAPI/Kerberos authentication plugin - krb_authentication
9 years ago
2d73205ec8
Skip rcube_ldap_generic test if Net_LDAP3 is not available
9 years ago
8447bae77c
Require Mbstring and OpenSSL extensions ( #1490415 ) - remove redundant code
9 years ago
f7427f151e
Get rid of Mail_mimeDecode package dependency ( #1490416 )
9 years ago
25c8fe4eeb
Fix handling of non-break spaces in html to text conversion ( #1490436 )
10 years ago
ff40683404
Fix so links with href == content aren't added to links list on html to text conversion ( #1490434 )
10 years ago
c5ca818118
Adapt washtml test to pass with different versions of iconv (i.e. on CentOS7)
10 years ago
7eefdc8149
Adapt charset cleanup tests to pass with different versions of iconv propucing slightyl different output
10 years ago
9311fea09b
Add utility functiion to get an elemet's text content also when running tests in PhantomJS
10 years ago
3994b3a26c
Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key ( #1490402 )
10 years ago
Aleksander Machniak