Commit Graph

51 Commits (847193065249c06004574ed873195f5c58334c91)

Author SHA1 Message Date
Aleksander Machniak 21ebf3ff5a Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) 5 years ago
Aleksander Machniak 1afa46d28d PHPDoc and CS fixes 5 years ago
Aleksander Machniak 55cca61134 Workaround more invalid HTML cases parsed incorrectly by Mastermind/HTML5 (#6713) 6 years ago
Aleksander Machniak 57c67db029 Remove year(s) from copyright headers + some cleanup 6 years ago
Aleksander Machniak 92ed0154d5 Followup fix on handling HTML content w/o html/head/body tag (#6713) 6 years ago
Aleksander Machniak 03d56926d8 Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) 6 years ago
dsoares 00cc13a1b9 Fix bug where HTML messages with a xml:namespace tag were not rendered. 6 years ago
Aleksander Machniak 0a0ac045fe Fix bug where valid content between HTML comments could have been skipped in some cases (#6464) 6 years ago
Aleksander Machniak 4310046993 Remove redundant trim() 6 years ago
Aleksander Machniak c28242f63c Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak 73ea8f94d0 Use htmlspecialchars() with charset argument, simplify some code 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 72fe97ddfc Fix bug where HTML messages could have been rendered empty on some systems (#5957)
Consistently use $nodeName instead of $tagName property.
7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak edfd9da42a Support MathML in HTML message preview (#5182) 8 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak 6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 9 years ago
Aleksander Machniak 0e77b6f1b3 Fix regression where xml mode could be used to parse xhtml messages causing empty result 9 years ago
Aleksander Machniak ed1d212ae2 Improved SVG cleanup code 9 years ago
Aleksander Machniak 023d3eb031 Refactor wash_attribs() - fix regressions 9 years ago
Aleksander Machniak a1fdb205f8 Extend rcube_washtml with SVG support 9 years ago
Aleksander Machniak 9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago
Aleksander Machniak f4c512336d Fix "washing" of style elements wrapped into many lines 9 years ago
Aleksander Machniak a958748947 CS fixes 10 years ago
Aleksander Machniak 759566fe99 Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291) 10 years ago
Aleksander Machniak 786aa0725e Fix XSS issue in style attribute handling (#1490227) 10 years ago
Aleksander Machniak 7b924535fd CS fixes 10 years ago
Aleksander Machniak 75bbada03b Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks 10 years ago
Aleksander Machniak c5bfe69e21 Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir 11 years ago
Aleksander Machniak 5bf83d551e Fix unintentional line-height style modification in HTML messages (#1489917) 11 years ago
Aleksander Machniak 82ed256f6e Fix incorrect handling of HTML comments in messages sanitization code (#1489904) 11 years ago
Aleksander Machniak f96fec6b8c Fix "washing" of unicoded style attributes (#1489777) 11 years ago
Aleksander Machniak c77a8497e7 Fix again xdebug.max_nesting_level limit handling (#1489110) 11 years ago
Aleksander Machniak c0dda0556c Allow single quote in style attribute values.
E.g. "font-family: 'Tahoma'" should not be removed.
11 years ago
Aleksander Machniak c7250749ab Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768) 11 years ago
Aleksander Machniak ffec857b69 Fix handling of invalid closing tags in HTML messages (#1489446) 11 years ago
Aleksander Machniak af79a7b837 Fixed issues where HTML comments inside style tag would hang Internet Explorer 11 years ago
Aleksander Machniak bfd24fcc04 Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#1489302) 11 years ago
rodrigo b6a640bdc9 replaces smart quotes with regular quotes. Fixes improper doctype declarations in html emails 12 years ago
Aleksander Machniak cb3e2fe0c2 Fix displaying messages with invalid self-closing HTML tags (#1489137) 12 years ago
Aleksander Machniak a8994090bb Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#1489110) 12 years ago
Aleksander Machniak 1bce142058 Fix handling of some conditional comment tags in HTML message (#1489004) 12 years ago
Aleksander Machniak 1f910cb50d Fix handling link href attribute value with (valid) newline characters (#1488940) 12 years ago