Commit Graph

30 Commits (74fe74bf7d01b72b828e134f48d279581f221b45)

Author SHA1 Message Date
Aleksander Machniak 0a0ac045fe Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak bf5b3072c4 Fix MathML test on older PHP versions 8 years ago
Aleksander Machniak edfd9da42a Support MathML in HTML message preview (#5182) 8 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak ca9ad75d96 Add some more tests for HREF attribute washing 9 years ago
Aleksander Machniak 6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 9 years ago
Aleksander Machniak ed1d212ae2 Improved SVG cleanup code 9 years ago
Aleksander Machniak 9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago
Aleksander Machniak f4c512336d Fix "washing" of style elements wrapped into many lines 9 years ago
Aleksander Machniak 786aa0725e Fix XSS issue in style attribute handling (#1490227) 10 years ago
Aleksander Machniak 5bf83d551e Fix unintentional line-height style modification in HTML messages (#1489917) 11 years ago
Aleksander Machniak 82ed256f6e Fix incorrect handling of HTML comments in messages sanitization code (#1489904) 11 years ago
Aleksander Machniak f96fec6b8c Fix "washing" of unicoded style attributes (#1489777) 11 years ago
Aleksander Machniak 5e3ee8418e Add test case for #1489777 11 years ago
Aleksander Machniak 68cf8f19d2 Add some tests 11 years ago
Aleksander Machniak c7250749ab Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768) 11 years ago
Aleksander Machniak ffec857b69 Fix handling of invalid closing tags in HTML messages (#1489446) 11 years ago
Aleksander Machniak cb3e2fe0c2 Fix displaying messages with invalid self-closing HTML tags (#1489137) 12 years ago
Aleksander Machniak f773259412 Fix washtml test after "unsupported node type" fix 12 years ago
Aleksander Machniak 1e2468e4b9 Added two tests for HTML comments handling in rcube_washtml class 12 years ago
Aleksander Machniak 1f910cb50d Fix handling link href attribute value with (valid) newline characters (#1488940) 12 years ago
Aleksander Machniak 7ac94421bf Move washtml class into Roundcube Framework (rcube_washtml), add some improvements 12 years ago