Aleksander Machniak
|
74cd0a9b62
|
- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
|
12 years ago |
Aleksander Machniak
|
d9698de979
|
Fix handling of 'media' attribute on linked css (#1488789)
|
12 years ago |
Aleksander Machniak
|
fb53c809a6
|
Fix AREA links handling (#1488792)
|
12 years ago |
Aleksander Machniak
|
5ef8e4ad9d
|
Fix XSS issue with href="javascript:" not being removed (#1488613)
|
12 years ago |
Aleksander Machniak
|
90a713e882
|
Fix handling of unitless CSS size values in HTML message (#1488535)
|
13 years ago |
Aleksander Machniak
|
8c188058cf
|
Fix handling of links with various URI schemes e.g. "skype:" (#1488106)
Fix handling of links inside PRE elements on html to text conversion
Fix indexing of links on html to text conversion
|
13 years ago |
Aleksander Machniak
|
1c9e571602
|
Fix handling of "usemap" attribute (#1488472)
|
13 years ago |
Aleksander Machniak
|
9082bf1cea
|
Fix handling of some HTML tags e.g. IMG (#1488471) - reworked fix for #1486812
|
13 years ago |
thomascube
|
f38dfc294a
|
Accept absolute urls without protocol
|
13 years ago |
thomascube
|
98c2d69acf
|
Be more strict in style attribute filtering
|
13 years ago |
thomascube
|
2b017e7f79
|
Allow clean background:url(...) styles in safe mode. This will make Roundcube pass the Email Standards Acid Test
|
13 years ago |
alecpl
|
af4b3be87d
|
- Fix handling of empty <U> tags in HTML messages (#1488225)
|
13 years ago |
alecpl
|
2eeb128d06
|
- Fix washing styles with quoted values e.g. font-family
|
13 years ago |
alecpl
|
c1fcd1b838
|
- Fix handling of HTML form elements in messages (#1485137)
|
13 years ago |
alecpl
|
e4d0947550
|
- Fix invalid comments handling (see example message in #1487915)
|
14 years ago |
alecpl
|
968754b09e
|
- Fix regression in html conditional comments handling by washtml class
|
14 years ago |
thomascube
|
b1d31eea94
|
Fix stripping invalid comments. Changes from r4483 also stripped entire CSS blocks packed in comments
|
14 years ago |
alecpl
|
9ebac6616d
|
- Fix handling of invalid HTML comments in messages (#1487759)
|
14 years ago |
alecpl
|
4d268b1fae
|
- Don't return empty I and B tags in short form
|
14 years ago |
alecpl
|
1d3596dd61
|
- Don't allow short form of empty <strong> tag
|
15 years ago |
alecpl
|
be6f3a9d28
|
- Improve parsing of styled empty tags in HTML messages (#1486812)
|
15 years ago |
alecpl
|
a0d29e518f
|
- Fix RFC2397 handling in wash_style()
|
15 years ago |
alecpl
|
b6f04054d1
|
- support base URL for inline images
|
15 years ago |
alecpl
|
0b7f3a8ab2
|
- Add support for data URI scheme [RFC2397] (#1486740)
|
15 years ago |
alecpl
|
9ef5fa51fb
|
- fix <span>0</span> (#1486645)
|
15 years ago |
alecpl
|
a72ad65724
|
- Fix invalid font tags which cause HTML message rendering problems (#1486521)
|
15 years ago |
alecpl
|
7435e3bc32
|
- fix empty A tag handling (#1486272)
|
15 years ago |
svncommit
|
e98f249172
|
Added # to washtml's regex for safe links (some list digests have tables of contents that use internal links).
|
15 years ago |
svncommit
|
5f8d31f9be
|
better solution for HTML washing encoding issue
|
16 years ago |
svncommit
|
659672ebf9
|
fix washing of HTML encoded in something other than UTF-8
|
16 years ago |
alecpl
|
2337a82f72
|
- Fix displaying of HTML messages with unknown/malformed tags (#1486003)
- Some other changes for styled HTML display
|
16 years ago |
alecpl
|
503e019a56
|
- Fix HTML messages output with empty block elements (#1485974)
|
16 years ago |
alecpl
|
f7fff8f682
|
- Allow WBR tag in HTML message (#1485960)
|
16 years ago |
thomascube
|
4cc74f7269
|
Treat 'background' attributes the same way as 'src' (another XSS vulnerability)
|
16 years ago |
alecpl
|
7f62581c10
|
- Smart Tags and NOBR tag support in html messages (#1485363, #1485327)
|
16 years ago |
thomascube
|
a47acc56c6
|
Allow content of HTML head sections to be processes
|
16 years ago |
thomascube
|
c505e59a6d
|
Respect Content-Location headers in multipart/related messages (#1484946)
|
16 years ago |
thomascube
|
d368a68ed7
|
Reverted r1607. See #1485137 for explanations
|
17 years ago |
alecpl
|
4897adcbd4
|
#1485137: added 'form' to allowed elements list
|
17 years ago |
thomascube
|
21e724153e
|
Improve HTML sanitization with washtml
|
17 years ago |
alecpl
|
18ebb902d5
|
#1485097: Re-enable background attribute in HTML messages
|
17 years ago |
thomascube
|
350459486d
|
Change meta-charset specififcation in HTML to UTF-8; no need for mb_convert_encoding() anymore
|
17 years ago |
thomascube
|
a8755664af
|
Allow <body> tag in HTML messages which will be converted to <div class='rcmBody'>
|
17 years ago |
thomascube
|
65cc1c196f
|
Chech for mb_convert_encoding first because mbstring is optional for RoundCube + add some phpdoc
|
17 years ago |
alecpl
|
68217c548a
|
-add convert encoding before html parsing
|
17 years ago |
thomascube
|
45f56c1c40
|
Replace our crappy html sanitization with the dom-based washtml script + fix inline message parts + remove old code + add some doc comments
|
17 years ago |