Aleksander Machniak
|
21ebf3ff5a
|
Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896)
|
5 years ago |
Aleksander Machniak
|
1afa46d28d
|
PHPDoc and CS fixes
|
5 years ago |
Aleksander Machniak
|
55cca61134
|
Workaround more invalid HTML cases parsed incorrectly by Mastermind/HTML5 (#6713)
|
6 years ago |
Aleksander Machniak
|
57c67db029
|
Remove year(s) from copyright headers + some cleanup
|
6 years ago |
Aleksander Machniak
|
92ed0154d5
|
Followup fix on handling HTML content w/o html/head/body tag (#6713)
|
6 years ago |
Aleksander Machniak
|
03d56926d8
|
Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713)
|
6 years ago |
dsoares
|
00cc13a1b9
|
Fix bug where HTML messages with a xml:namespace tag were not rendered.
|
6 years ago |
Aleksander Machniak
|
0a0ac045fe
|
Fix bug where valid content between HTML comments could have been skipped in some cases (#6464)
|
6 years ago |
Aleksander Machniak
|
4310046993
|
Remove redundant trim()
|
6 years ago |
Aleksander Machniak
|
c28242f63c
|
Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433)
|
6 years ago |
Aleksander Machniak
|
086e781b8f
|
Fix bug where some HTML comments could have been malformed by HTML parser (#6333)
|
7 years ago |
Aleksander Machniak
|
0716d499bc
|
Fix bug where some escape sequences in html styles could bypass security checks
|
7 years ago |
Aleksander Machniak
|
63d3ad11fb
|
Use Masterminds/HTML5 parser for HTML5 support (#5761)
|
7 years ago |
Aleksander Machniak
|
73ea8f94d0
|
Use htmlspecialchars() with charset argument, simplify some code
|
7 years ago |
Aleksander Machniak
|
9d2b303b51
|
Fix bug in remote content blocking on HTML image and style tags (#6178)
|
7 years ago |
Aleksander Machniak
|
5e08a6ac59
|
Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
|
7 years ago |
Aleksander Machniak
|
3196d656db
|
Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
|
7 years ago |
Aleksander Machniak
|
72fe97ddfc
|
Fix bug where HTML messages could have been rendered empty on some systems (#5957)
Consistently use $nodeName instead of $tagName property.
|
7 years ago |
Thomas Bruederli
|
919338d4ba
|
Escape textarea contents in Washtml
|
7 years ago |
Aleksander Machniak
|
e08f22ef28
|
Fix bug where external content in src attribute of input/video tags was not secured (#5583)
|
8 years ago |
Aleksander Machniak
|
dcabc1d814
|
Merge remote-tracking branch 'upstream/master'
Conflicts:
tests/Framework/Washtml.php
|
8 years ago |
Aleksander Machniak
|
edfd9da42a
|
Support MathML in HTML message preview (#5182)
|
8 years ago |
Aleksander Machniak
|
6737e293bb
|
Wash position:fixed style in HTML mail for better security (#5264)
|
9 years ago |
Aleksander Machniak
|
6652367d65
|
Fix XSS issue in href attribute on area tag (#5240, #5241)
|
9 years ago |
Aleksander Machniak
|
0e77b6f1b3
|
Fix regression where xml mode could be used to parse xhtml messages causing empty result
|
9 years ago |
Aleksander Machniak
|
ed1d212ae2
|
Improved SVG cleanup code
|
9 years ago |
Aleksander Machniak
|
023d3eb031
|
Refactor wash_attribs() - fix regressions
|
9 years ago |
Aleksander Machniak
|
a1fdb205f8
|
Extend rcube_washtml with SVG support
|
9 years ago |
Aleksander Machniak
|
9234903287
|
Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583)
|
9 years ago |
Aleksander Machniak
|
f4c512336d
|
Fix "washing" of style elements wrapped into many lines
|
9 years ago |
Aleksander Machniak
|
a958748947
|
CS fixes
|
10 years ago |
Aleksander Machniak
|
759566fe99
|
Fix parsing invalid HTML messages with BOM after <!DOCTYPE> (#1490291)
|
10 years ago |
Aleksander Machniak
|
786aa0725e
|
Fix XSS issue in style attribute handling (#1490227)
|
10 years ago |
Aleksander Machniak
|
7b924535fd
|
CS fixes
|
10 years ago |
Aleksander Machniak
|
75bbada03b
|
Remove code for PHP<5.3, use PHP_VERSION_ID instead of version_compare() for version checks
|
10 years ago |
Aleksander Machniak
|
c5bfe69e21
|
Improved video support, all tinymce related resources moved to program/js/tinymce/roundcube dir
|
11 years ago |
Aleksander Machniak
|
5bf83d551e
|
Fix unintentional line-height style modification in HTML messages (#1489917)
|
11 years ago |
Aleksander Machniak
|
82ed256f6e
|
Fix incorrect handling of HTML comments in messages sanitization code (#1489904)
|
11 years ago |
Aleksander Machniak
|
f96fec6b8c
|
Fix "washing" of unicoded style attributes (#1489777)
|
11 years ago |
Aleksander Machniak
|
c77a8497e7
|
Fix again xdebug.max_nesting_level limit handling (#1489110)
|
11 years ago |
Aleksander Machniak
|
c0dda0556c
|
Allow single quote in style attribute values.
E.g. "font-family: 'Tahoma'" should not be removed.
|
11 years ago |
Aleksander Machniak
|
c7250749ab
|
Fix issue where deprecated syntax for HTML lists was not handled properly (#1488768)
|
11 years ago |
Aleksander Machniak
|
ffec857b69
|
Fix handling of invalid closing tags in HTML messages (#1489446)
|
11 years ago |
Aleksander Machniak
|
af79a7b837
|
Fixed issues where HTML comments inside style tag would hang Internet Explorer
|
11 years ago |
Aleksander Machniak
|
bfd24fcc04
|
Use DOMDocument LIBXML_PARSEHUGE and LIBXML_COMPACT options if possible (#1489302)
|
11 years ago |
rodrigo
|
b6a640bdc9
|
replaces smart quotes with regular quotes. Fixes improper doctype declarations in html emails
|
12 years ago |
Aleksander Machniak
|
cb3e2fe0c2
|
Fix displaying messages with invalid self-closing HTML tags (#1489137)
|
12 years ago |
Aleksander Machniak
|
a8994090bb
|
Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml (#1489110)
|
12 years ago |
Aleksander Machniak
|
1bce142058
|
Fix handling of some conditional comment tags in HTML message (#1489004)
|
12 years ago |
Aleksander Machniak
|
1f910cb50d
|
Fix handling link href attribute value with (valid) newline characters (#1488940)
|
12 years ago |