summaryrefslogtreecommitdiff
path: root/program/lib/washtml.php
AgeCommit message (Collapse)Author
2011-12-10Be more strict in style attribute filteringthomascube
2011-12-09Allow clean background:url(...) styles in safe mode. This will make ↵thomascube
Roundcube pass the Email Standards Acid Test
2011-11-30- Fix handling of empty <U> tags in HTML messages (#1488225)alecpl
2011-11-15- Fix washing styles with quoted values e.g. font-familyalecpl
2011-11-15- Fix handling of HTML form elements in messages (#1485137)alecpl
2011-05-16- Fix invalid comments handling (see example message in #1487915)alecpl
2011-04-19- Fix regression in html conditional comments handling by washtml classalecpl
2011-02-09Fix stripping invalid comments. Changes from r4483 also stripped entire CSS ↵thomascube
blocks packed in comments
2011-02-03- Fix handling of invalid HTML comments in messages (#1487759)alecpl
2010-12-23- Don't return empty I and B tags in short formalecpl
2010-08-03- Don't allow short form of empty <strong> tagalecpl
2010-06-23- Improve parsing of styled empty tags in HTML messages (#1486812)alecpl
2010-06-07- Fix RFC2397 handling in wash_style()alecpl
2010-05-27- support base URL for inline imagesalecpl
2010-05-22- Add support for data URI scheme [RFC2397] (#1486740)alecpl
2010-04-21- fix <span>0</span> (#1486645)alecpl
2010-02-28- Fix invalid font tags which cause HTML message rendering problems (#1486521)alecpl
2009-11-03- fix empty A tag handling (#1486272)alecpl
2009-08-19Added # to washtml's regex for safe links (some list digests have tables of ↵svncommit
contents that use internal links).
2009-07-31better solution for HTML washing encoding issuesvncommit
2009-07-30fix washing of HTML encoded in something other than UTF-8svncommit
2009-07-28- Fix displaying of HTML messages with unknown/malformed tags (#1486003)alecpl
- Some other changes for styled HTML display
2009-07-17- Fix HTML messages output with empty block elements (#1485974)alecpl
2009-07-03- Allow WBR tag in HTML message (#1485960)alecpl
2009-01-20Treat 'background' attributes the same way as 'src' (another XSS vulnerability)thomascube
2008-09-17- Smart Tags and NOBR tag support in html messages (#1485363, #1485327)alecpl
2008-09-16Allow content of HTML head sections to be processesthomascube
2008-09-05Respect Content-Location headers in multipart/related messages (#1484946)thomascube
2008-07-22Reverted r1607. See #1485137 for explanationsthomascube
2008-07-22#1485137: added 'form' to allowed elements listalecpl
2008-07-22Improve HTML sanitization with washtmlthomascube
2008-06-15#1485097: Re-enable background attribute in HTML messagesalecpl
2008-06-07Change meta-charset specififcation in HTML to UTF-8; no need for ↵thomascube
mb_convert_encoding() anymore
2008-06-04Allow <body> tag in HTML messages which will be converted to <div ↵thomascube
class='rcmBody'>
2008-06-04Chech for mb_convert_encoding first because mbstring is optional for ↵thomascube
RoundCube + add some phpdoc
2008-06-03-add convert encoding before html parsingalecpl
2008-05-29Replace our crappy html sanitization with the dom-based washtml script + fix ↵thomascube
inline message parts + remove old code + add some doc comments