Commit Graph

11 Commits

Author SHA1 Message Date
Ralf Becker
c66928875a no need to run expensive mb_substr 3 times 2011-06-08 10:41:22 +00:00
Klaus Leithoff
123b46372b extending patch rev32909/34417 (chopped off urls when URI contains umlauts AND mbstring.func_overload is activated): using rawurlencode instead of '%' . sprintf('%02X', ); as ord() only returns the int for the first character in a given string, thus crippling multibyte chars 2011-06-08 09:55:26 +00:00
Klaus Leithoff
53bb18041e purifier upgrade to 4.3.0, add missing files 2011-03-28 12:10:21 +00:00
Klaus Leithoff
66ca12e6f2 * core: reintroduce rev32909 (myStylite ticket#987: fixing a problem regarding chopped off urls when URI in question contains umlauts AND mbstring.func_overload is activated) 2011-03-28 11:52:16 +00:00
Klaus Leithoff
375006403c * API: upgrade to purifier Version 4.3.0 2011-03-28 11:46:24 +00:00
Klaus Leithoff
0c66ee71e3 * core: myStylite Ticket#987: fixing a problem regarding chopped off urls when URI in question contains umlauts AND mbstring.func_overload is activated 2010-11-09 14:28:20 +00:00
Klaus Leithoff
0ec0d04fb3 update to Version 4.1.1:HTML Purifier 4.1.1 is a major security and bugfix release that
improves on 4.1s fix for an XSS vulnerability exploitable on Internet Explorer.  It also contains a number of important bugfixes, including
the removal of improper logic that could result in infinite loops and
fixed parsing for single-attributes with entities with DirectLex.
2010-06-04 11:13:55 +00:00
Klaus Leithoff
8ce6ac92ae upgrade htmlpurifier to version 4.1.0 2010-04-27 11:15:35 +00:00
Klaus Leithoff
8d3d3c8a6d add a cid scheme to purifiers URI schemes, to be able to process inlineimages in eMails. 2009-12-02 14:41:44 +00:00
Klaus Leithoff
5cb72ec6df purifier upgrade to 4.0.0 2009-11-27 09:37:41 +00:00
Ralf Becker
8f797be836 Added HTMLPurifier (http://htmlpurifier.org/) Version 3.3.0
- can be used via html class like: 

        $clean_html = html::purify($html);

- using it now in eTemplate to remove malicious code from html:
  a) when displaying "formatted text"
  b) when "formatted text" get's input by the user
2009-05-19 17:32:06 +00:00