6955b2fd5a 
								
							 
						 
						
							
							
								
								Widened svg content attribute xss filtering  
							
							... 
							
							
							
							Takes care of additional cases that can occur.
Closes  #3705  
							
						 
						
							2022-09-06 17:01:56 +01:00  
				
					
						
							
							
								 
						
							
								5f7cd735ea 
								
							 
						 
						
							
							
								
								Added content filtering of tags with javascript or data in values attr  
							
							... 
							
							
							
							Case would be blocked by CSP but adding for cases where CSP may not be
active when content taken externally.
For #3636  
							
						 
						
							2022-08-11 10:28:32 +01:00  
				
					
						
							
							
								 
						
							
								8d7c8ac8bf 
								
							 
						 
						
							
							
								
								Done a round of phpstan fixes  
							
							
							
						 
						
							2021-11-06 00:32:01 +00:00  
				
					
						
							
							
								 
						
							
								fb80bb5d58 
								
							 
						 
						
							
							
								
								Applied latest styleci changes  
							
							
							
						 
						
							2021-09-06 22:19:06 +01:00  
				
					
						
							
							
								 
						
							
								fd44e4ba74 
								
							 
						 
						
							
							
								
								Started application of CSP headers  
							
							
							
						 
						
							2021-09-03 23:32:42 +01:00  
				
					
						
							
							
								 
						
							
								040997fdc4 
								
							 
						 
						
							
							
								
								Added filter for xlink:href svg xss  
							
							... 
							
							
							
							Simply remove all such attributes 
							
						 
						
							2021-09-03 22:34:49 +01:00  
				
					
						
							
							
								 
						
							
								5e6092aaf8 
								
							 
						 
						
							
							
								
								Added extra HTML filtering of dangerous content  
							
							... 
							
							
							
							In particular, That around the casing of dangerous values within
attributes. This uses some xpath translation to handle different casing
in contains searching. 
							
						 
						
							2021-09-02 22:02:30 +01:00  
				
					
						
							
							
								 
						
							
								934a833818 
								
							 
						 
						
							
							
								
								Apply fixes from StyleCI  
							
							
							
						 
						
							2021-06-26 15:23:15 +00:00  
				
					
						
							
							
								 
						
							
								b5caaa73b7 
								
							 
						 
						
							
							
								
								Fixed content parsing break with line html comment  
							
							... 
							
							
							
							Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.
For #2804  
							
						 
						
							2021-06-13 12:53:04 +01:00  
				
					
						
							
							
								 
						
							
								43b6633183 
								
							 
						 
						
							
							
								
								Filtered scripts in custom HTML head for exports  
							
							... 
							
							
							
							Since it appeared to cause problems in some scenarios.
Related to #2490  
							
						 
						
							2021-05-03 23:59:52 +01:00