Ralf Becker
da4ffc2a0c
* Mail/Wiki/Sitemgr: reworked XSS tests to allow eg. font-names containing "script" and other patterns forbidden by previous test, also added new html5 specific tests
2015-10-16 19:01:56 +00:00
Klaus Leithoff
412414c1a5
filter script keyword from face specifications, as our _check_script_tag will not allow that anyway
2015-10-15 08:35:35 +00:00
Klaus Leithoff
c68e887a9c
remove references to obsolet felamimail stuff
2014-04-10 08:37:12 +00:00
Klaus Leithoff
597e8fdeac
we allow filtered style sections now throughout egroupware
2014-02-17 11:35:25 +00:00
Klaus Leithoff
8276a2a448
fix for problem with style fragments on triggering mail compose build in html validation
2014-01-18 17:02:29 +00:00
Klaus Leithoff
6270bc83f9
allow some nesting of div elements
2013-06-03 13:27:19 +00:00
Klaus Leithoff
5182f8280b
* eMail: fix problem on compose when changing signatures, when html-mail contained anchors
2013-05-22 08:30:40 +00:00
Klaus Leithoff
983c1e358d
* API/eMail/HTMLawed/CKEditor: tidy eats away even some wanted whitespace, so we switch it off;we used it for its compacting and beautifying capabilities, which resulted in better html for further processing
2013-04-04 12:32:53 +00:00
Klaus Leithoff
5d8531f66f
adapt comment
2012-12-17 14:44:18 +00:00
Klaus Leithoff
a210fbc3c7
* email: allow cid as overall url schema; handle background url in htmLawed, as background is not allowed except for body, but commonly used with other tags (e.g. in td); control schema for background in hook_tag
2012-12-17 14:39:00 +00:00
Klaus Leithoff
f231144c03
* eMail: use different image to show that a image was not loaded (due to allowExternalIMGs=no)
2012-11-29 13:55:45 +00:00
Klaus Leithoff
cd9e0cfab5
improved control of excess empty div tags
2012-11-15 15:30:11 +00:00
Klaus Leithoff
bea130bc23
if style stuff contains e.g. font-family: Kunstler Script EGroupware Script detection complains about script tags when posting such content. So we remove Script from inline style definition
2012-11-15 11:55:19 +00:00
Klaus Leithoff
627c65e6dd
* eMail/HTMLawed: introduce and use new make_tag_strict option 3, to exclude font from applying strict measures to it
2012-10-30 14:24:08 +00:00
Klaus Leithoff
9c73af1aca
* eMail: allow table as inline element while balancing tags (new internal config option); try to correct common errors/problems in html-code which caused display/layout problems
2012-10-29 15:49:13 +00:00
Klaus Leithoff
db78e25cc0
rework changes regarding denied attributes; improve import of mails regarding filename detection for attachments
2012-10-10 10:37:45 +00:00
Klaus Leithoff
7e827dfcef
filter/remove (on(before)?(abort|blur|change|click|dblclick|error|focus|keydown|keypress|keyup|load|mousedown|mousemove|mouseout|mouseover|mouseup|reset|select|submit|unload)) attributes in/with htmLawed for default and email config
2012-10-09 09:27:13 +00:00
Klaus Leithoff
af782d1fc7
simple balancing on throwaway divs
2012-07-31 10:59:56 +00:00
Klaus Leithoff
9526746694
throwing away excess div elements, that carry no style or class or id info
2012-07-30 15:07:56 +00:00
Klaus Leithoff
502a00e17f
mangle @ in blockquote cite attribute
2012-06-13 11:10:12 +00:00
Klaus Leithoff
c0dcb66ebc
replace ctype_digit with is_numeric, as ctype_digit returns false on integers
2012-06-06 10:48:58 +00:00
Klaus Leithoff
fdfcdfc387
* API: upgrade htmLawed from 1.1.10 to 1.1.11
2012-06-06 08:54:35 +00:00
Klaus Leithoff
6fcc4455e4
* email: fix for Helpdesk Issue:3430 (Unstructured display of text when converting email to infolog)
2012-06-04 11:26:40 +00:00
Klaus Leithoff
b6638adc24
handling of multibyte chars in attribute values of tags in mbstring.func_overload enviroments,
...
as substr_replace does not have a multibyte func overload function associated.
Thus substr_replace(, '', 0, strlen()) will fall short in the above mentioned enviroments; we use our own bytes-function now introduced into htmLawed
2012-05-30 09:22:27 +00:00
Klaus Leithoff
2509d7783f
attempt of switching from htmlpurifier to htmLawed and replacing kses by htmLawed calls; this is done for performance and resource considerations; still the common call in egw is by html::purify, but htmLawed is doing the work now. let me know if there are issues regarding; if we cannot find issues within EGroupware, we will clean out the related sourcecode of kses and htmlpurifier with the next step
2012-05-25 12:23:11 +00:00
Klaus Leithoff
6d650d6abf
work around a problem with balance tags removing content
2012-05-15 15:17:27 +00:00
Klaus Leithoff
9503984a4b
* API: introduce htmLawed by Santosh Patnaik into EGroupware. Its planned to replace htmlPurifier with htmLawed as htmLawed provides better configurability, needs less resources and is a lot faster;
2012-04-12 13:35:28 +00:00