Commit Graph

248 Commits (a8542e9c0865f8abcd8af8744dc016eb1ac27652)

Author SHA1 Message Date
Aleksander Machniak 0dee528adb Add test for #6410 6 years ago
Aleksander Machniak 086e781b8f Fix bug where some HTML comments could have been malformed by HTML parser (#6333) 7 years ago
Aleksander Machniak 3d0b2cd3ce Pass PEAR errors to rcube::raise_error(), small CS improvements 7 years ago
Aleksander Machniak 0716d499bc Fix bug where some escape sequences in html styles could bypass security checks 7 years ago
Aleksander Machniak 63d3ad11fb Use Masterminds/HTML5 parser for HTML5 support (#5761) 7 years ago
Aleksander Machniak b2bebe531a Fix bug where usernames without domain part could be malformed or converted to lower-case on logon (#6224) 7 years ago
Aleksander Machniak f36e23b778 Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) 7 years ago
Aleksander Machniak 0f3ad342f7 Fix bug where some unix timestamps were not handled correctly by rcube_utils::anytodatetime() (#6212) 7 years ago
Aleksander Machniak 1058924e21 Move some framework classes to sub-directories 7 years ago
Aleksander Machniak d07b032bcd Refactor cache code with separate engine-specific classes 7 years ago
Aleksander Machniak 9d2b303b51 Fix bug in remote content blocking on HTML image and style tags (#6178) 7 years ago
Daniel Kesselberg a8d5547163 Update idn convertion methods (#6115)
* Add more test cases
* Update phpdoc
7 years ago
Aleksander Machniak 63a7d2313f Improve SMTPUTF8 support and fix relaxed email validation issues 7 years ago
Daniel Kesselberg a3504cb3b8 Add unit test for IDN (#6114) 7 years ago
Aleksander Machniak a0374f3c45 Fix mangled non-ASCII characters in links in HTML messages (#6028) 7 years ago
Aleksander Machniak 5e08a6ac59 Handle remote stylesheets the same as remote images, ask the user to allow them (#5994)
Fixes the issue where remote stylesheet could have been blocked
if the message contained no remote images and user have no way to
allow that content.
7 years ago
Aleksander Machniak 3196d656db Fix css conflicts in user interface and e-mail content (#5891)
... by adding prefix to element/class identifiers
Also cleaned up some code and removed global variable use.
7 years ago
Aleksander Machniak 5d16751ed8 Fix (again) bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 7 years ago
Filippo Tessarotto e5e37928d4 Add Travis CI 7 years ago
Thomas Bruederli 1cfc024036 Modify links in html messages during Washtml DOM traversal
This is a more safe approach than using regex and mitigates
possible vulnerabilities using malformed html markup.
7 years ago
Thomas Bruederli 919338d4ba Escape textarea contents in Washtml 7 years ago
Aleksander Machniak 21e7d873ce Fix so links over images are not removed in plain text signatures converted from HTML (#4473) 8 years ago
Aleksander Machniak 1fcf7bfab3 Fix bug where HTML messages with @media styles could moddify style of page body (#5811) 8 years ago
Aleksander Machniak 8f22c3287d Fix bug where comment notation within style tag would cause the whole style to be ignored (#5747) 8 years ago
Aleksander Machniak ce61c8210e Added test for rcube_db::parse_dsn() 8 years ago
dfukagaw28 89a4134064 Add support for DelSp=Yes messages (#5702) 8 years ago
Thomas Bruederli 522565b400 Add tests for XSS vulnerabilities in style tags 8 years ago
Shin Kojima 0b385dc946 Skip iconv for problematic ISO-2022-JP strings (#5668)
We sometimes get broken character encodings such as:
Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?=
This actually is not a strict ISO-2022-JP string, but a CP50220 string
that is a variant of ISO-2022-JP with extended characters proposed by
Microsoft. Iconv can not handle these encodings well.
8 years ago
Aleksander Machniak e08f22ef28 Fix bug where external content in src attribute of input/video tags was not secured (#5583) 8 years ago
Aleksander Machniak 7340360e79 Fix bug where image data URIs in css style were treated as evil/remote in mail preview (#5580) 8 years ago
Aleksander Machniak bbab6a6db7 Identicon plugin
https://kolabian.wordpress.com/2016/12/02/contact-identicons/
8 years ago
JohnDoh dd714b33a8 replace old trac links (#5514) 8 years ago
Aleksander Machniak 0485275a75 Merge branch 'dev/drop-legacy-browsers' 8 years ago
Aleksander Machniak 94f8ce3334 Make html::parse_attrib_string() more robust
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ')
8 years ago
Aleksander Machniak 829442a4cd Removed legacy_browsr plugin 8 years ago
Aleksander Machniak dcabc1d814 Merge remote-tracking branch 'upstream/master'
Conflicts:
	tests/Framework/Washtml.php
8 years ago
Aleksander Machniak 906cf101c3 Better time handling in rcube_utils::clean_datestr() 8 years ago
Aleksander Machniak ed35267b9b Managesieve: Fix parsing of vacation date-time with non-default date_format (#5372)
Added new method rcube_utils::format_datestr() to convert date_format date
into ISO date format.
8 years ago
Aleksander Machniak d91bad5975 Fix handling of blockquote tags with mixed case on html2text conversion (#5363) 8 years ago
Aleksander Machniak bf5b3072c4 Fix MathML test on older PHP versions 9 years ago
Aleksander Machniak edfd9da42a Support MathML in HTML message preview (#5182) 9 years ago
Aleksander Machniak 6737e293bb Wash position:fixed style in HTML mail for better security (#5264) 9 years ago
Aleksander Machniak afd090672c Small performance optimization 9 years ago
Aleksander Machniak ca9ad75d96 Add some more tests for HREF attribute washing 9 years ago
Aleksander Machniak 6652367d65 Fix XSS issue in href attribute on area tag (#5240, #5241) 9 years ago
Aleksander Machniak a0f38f5fd8 Small code style improvements 9 years ago
Aleksander Machniak e8ab3d96bd Fix converting mail addresses with @www. into mailto links (#5197) 9 years ago
Aleksander Machniak ed1d212ae2 Improved SVG cleanup code 9 years ago
Aleksander Machniak cbe701ac4a Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) 9 years ago
Aleksander Machniak 9234903287 Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) 9 years ago