a031edec16
Fixed old deprecated encoding convert on HTML doc load
2023-02-23 22:59:26 +00:00
6955b2fd5a
Widened svg content attribute xss filtering
...
Takes care of additional cases that can occur.
Closes #3705
2022-09-06 17:01:56 +01:00
5f7cd735ea
Added content filtering of tags with javascript or data in values attr
...
Case would be blocked by CSP but adding for cases where CSP may not be
active when content taken externally.
For #3636
2022-08-11 10:28:32 +01:00
8d7c8ac8bf
Done a round of phpstan fixes
2021-11-06 00:32:01 +00:00
fb80bb5d58
Applied latest styleci changes
2021-09-06 22:19:06 +01:00
fd44e4ba74
Started application of CSP headers
2021-09-03 23:32:42 +01:00
040997fdc4
Added filter for xlink:href svg xss
...
Simply remove all such attributes
2021-09-03 22:34:49 +01:00
5e6092aaf8
Added extra HTML filtering of dangerous content
...
In particular, That around the casing of dangerous values within
attributes. This uses some xpath translation to handle different casing
in contains searching.
2021-09-02 22:02:30 +01:00
934a833818
Apply fixes from StyleCI
2021-06-26 15:23:15 +00:00
b5caaa73b7
Fixed content parsing break with line html comment
...
Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.
For #2804
2021-06-13 12:53:04 +01:00
43b6633183
Filtered scripts in custom HTML head for exports
...
Since it appeared to cause problems in some scenarios.
Related to #2490
2021-05-03 23:59:52 +01:00
Dan Brown
Dan Brown