Aleksander Machniak
|
0a0ac045fe
|
Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
|
6 years ago |
Aleksander Machniak
|
086e781b8f
|
Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
|
7 years ago |
Aleksander Machniak
|
0716d499bc
|
Fix bug where some escape sequences in html styles could bypass security checks
|
7 years ago |
Aleksander Machniak
|
63d3ad11fb
|
Use Masterminds/HTML5 parser for HTML5 support (#5761)
|
7 years ago |
Aleksander Machniak
|
5e08a6ac59
|
Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
|
7 years ago |
Aleksander Machniak
|
3196d656db
|
Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
|
7 years ago |
Thomas Bruederli
|
919338d4ba
|
Escape textarea contents in Washtml
|
7 years ago |
Aleksander Machniak
|
e08f22ef28
|
Fix bug where external content in src attribute of input/video tags was not secured (#5583)
|
8 years ago |
Aleksander Machniak
|
dcabc1d814
|
Merge remote-tracking branch 'upstream/master'
Conflicts:
tests/Framework/Washtml.php
|
8 years ago |
Aleksander Machniak
|
bf5b3072c4
|
Fix MathML test on older PHP versions
|
8 years ago |
Aleksander Machniak
|
edfd9da42a
|
Support MathML in HTML message preview (#5182)
|
8 years ago |
Aleksander Machniak
|
6737e293bb
|
Wash position:fixed style in HTML mail for better security (#5264)
|
9 years ago |
Aleksander Machniak
|
ca9ad75d96
|
Add some more tests for HREF attribute washing
|
9 years ago |
Aleksander Machniak
|
6652367d65
|
Fix XSS issue in href attribute on area tag (#5240, #5241)
|
9 years ago |
Aleksander Machniak
|
ed1d212ae2
|
Improved SVG cleanup code
|
9 years ago |
Aleksander Machniak
|
9234903287
|
Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
|
9 years ago |
Aleksander Machniak
|
f4c512336d
|
Fix "washing" of style elements wrapped into many lines
|
9 years ago |
Aleksander Machniak
|
786aa0725e
|
Fix XSS issue in style attribute handling (#1490227)
|
10 years ago |
Aleksander Machniak
|
5bf83d551e
|
Fix unintentional line-height style modification in HTML messages (#1489917)
|
11 years ago |
Aleksander Machniak
|
82ed256f6e
|
Fix incorrect handling of HTML comments in messages sanitization code (#1489904)
|
11 years ago |
Aleksander Machniak
|
f96fec6b8c
|
Fix "washing" of unicoded style attributes (#1489777)
|
11 years ago |
Aleksander Machniak
|
5e3ee8418e
|
Add test case for #1489777
|
11 years ago |
Aleksander Machniak
|
68cf8f19d2
|
Add some tests
|
11 years ago |
Aleksander Machniak
|
c7250749ab
|
Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768)
|
11 years ago |
Aleksander Machniak
|
ffec857b69
|
Fix handling of invalid closing tags in HTML messages (#1489446)
|
11 years ago |
Aleksander Machniak
|
cb3e2fe0c2
|
Fix displaying messages with invalid self-closing HTML tags (#1489137)
|
12 years ago |
Aleksander Machniak
|
f773259412
|
Fix washtml test after "unsupported node type" fix
|
12 years ago |
Aleksander Machniak
|
1e2468e4b9
|
Added two tests for HTML comments handling in rcube_washtml class
|
12 years ago |
Aleksander Machniak
|
1f910cb50d
|
Fix handling link href attribute value with (valid) newline characters (#1488940)
|
12 years ago |
Aleksander Machniak
|
7ac94421bf
|
Move washtml class into Roundcube Framework (rcube_washtml), add some improvements
|
12 years ago |