index
:
roundcube.git
local
master
working
Unnamed repository; edit this file 'description' to name the repository.
git repository hosting
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
program
/
lib
/
washtml.php
Age
Commit message (
Expand
)
Author
2012-12-25
Move washtml class into Roundcube Framework (rcube_washtml), add some improve...
Aleksander Machniak
2012-12-04
- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
Aleksander Machniak
2012-11-13
Fix handling of 'media' attribute on linked css (#1488789)
Aleksander Machniak
2012-11-08
Fix AREA links handling (#1488792)
Aleksander Machniak
2012-08-15
Fix XSS issue with href="javascript:" not being removed (#1488613)
Aleksander Machniak
2012-06-13
Fix handling of unitless CSS size values in HTML message (#1488535)
Aleksander Machniak
2012-06-08
Fix handling of links with various URI schemes e.g. "skype:" (#1488106)
Aleksander Machniak
2012-05-12
Fix handling of "usemap" attribute (#1488472)
Aleksander Machniak
2012-05-12
Fix handling of some HTML tags e.g. IMG (#1488471) - reworked fix for #1486812
Aleksander Machniak
2011-12-22
Accept absolute urls without protocol
thomascube
2011-12-10
Be more strict in style attribute filtering
thomascube
2011-12-09
Allow clean background:url(...) styles in safe mode. This will make Roundcube...
thomascube
2011-11-30
- Fix handling of empty <U> tags in HTML messages (#1488225)
alecpl
2011-11-15
- Fix washing styles with quoted values e.g. font-family
alecpl
2011-11-15
- Fix handling of HTML form elements in messages (#1485137)
alecpl
2011-05-16
- Fix invalid comments handling (see example message in #1487915)
alecpl
2011-04-19
- Fix regression in html conditional comments handling by washtml class
alecpl
2011-02-09
Fix stripping invalid comments. Changes from r4483 also stripped entire CSS b...
thomascube
2011-02-03
- Fix handling of invalid HTML comments in messages (#1487759)
alecpl
2010-12-23
- Don't return empty I and B tags in short form
alecpl
2010-08-03
- Don't allow short form of empty <strong> tag
alecpl
2010-06-23
- Improve parsing of styled empty tags in HTML messages (#1486812)
alecpl
2010-06-07
- Fix RFC2397 handling in wash_style()
alecpl
2010-05-27
- support base URL for inline images
alecpl
2010-05-22
- Add support for data URI scheme [RFC2397] (#1486740)
alecpl
2010-04-21
- fix <span>0</span> (#1486645)
alecpl
2010-02-28
- Fix invalid font tags which cause HTML message rendering problems (#1486521)
alecpl
2009-11-03
- fix empty A tag handling (#1486272)
alecpl
2009-08-19
Added # to washtml's regex for safe links (some list digests have tables of c...
svncommit
2009-07-31
better solution for HTML washing encoding issue
svncommit
2009-07-30
fix washing of HTML encoded in something other than UTF-8
svncommit
2009-07-28
- Fix displaying of HTML messages with unknown/malformed tags (#1486003)
alecpl
2009-07-17
- Fix HTML messages output with empty block elements (#1485974)
alecpl
2009-07-03
- Allow WBR tag in HTML message (#1485960)
alecpl
2009-01-20
Treat 'background' attributes the same way as 'src' (another XSS vulnerability)
thomascube
2008-09-17
- Smart Tags and NOBR tag support in html messages (#1485363, #1485327)
alecpl
2008-09-16
Allow content of HTML head sections to be processes
thomascube
2008-09-05
Respect Content-Location headers in multipart/related messages (#1484946)
thomascube
2008-07-22
Reverted r1607. See #1485137 for explanations
thomascube
2008-07-22
#1485137: added 'form' to allowed elements list
alecpl
2008-07-22
Improve HTML sanitization with washtml
thomascube
2008-06-15
#1485097: Re-enable background attribute in HTML messages
alecpl
2008-06-07
Change meta-charset specififcation in HTML to UTF-8; no need for mb_convert_e...
thomascube
2008-06-04
Allow <body> tag in HTML messages which will be converted to <div class='rcmB...
thomascube
2008-06-04
Chech for mb_convert_encoding first because mbstring is optional for RoundCub...
thomascube
2008-06-03
-add convert encoding before html parsing
alecpl
2008-05-29
Replace our crappy html sanitization with the dom-based washtml script + fix ...
thomascube