summaryrefslogtreecommitdiff
path: root/test/it_html.t
AgeCommit message (Collapse)AuthorFilesLines
12 daysSimplify js() function and fix boolean attributes like 'async' => true, add ↵Christian Schneider1-0/+3
tests for it
2025-07-29fix tests for new input() handlingUrban Müller1-1/+1
2025-05-09Handle mailto:-links and tags inside <a> tags in it_html::sanitize() ↵Christian Schneider1-0/+12
(support request for https://search.ch/tel/biel-bienne/bahnhofstrasse-5/groupe-mutuel-4)
2025-02-27indicate that entity_decode() reverses Q()Urban Müller1-0/+2
2025-02-26decode all html entities including &apos;Urban Müller1-0/+5
2024-05-28Revert "Improve handling of nested tags in it_html::sanitize": getting ↵Urban Müller1-12/+0
"Exceeded pcre.backtrack_limit of 1000000 bytes" This reverts commit b484fab88a9229f7c87ea053564d0d8d3d2a565d.
2024-05-27Improve handling of nested tags in it_html::sanitizeDavid Flatz1-0/+12
2024-04-29Handle whitespace between attribute name and value also for img tagsDavid Flatz1-0/+18
2024-04-29Improve test for unquoted value since we only pass through absolute urls ↵David Flatz1-2/+2
with http(s) scheme
2024-04-26Handle whitespace between attribute name and value; add some TODO tests to ↵David Flatz1-0/+18
be more compliant to specification
2023-09-25escape dangerous strings inside javascript, including env =Urban Müller1-0/+2
2022-09-08Fix it_html::sanitize with nested tagsChristian Schneider1-1/+1
2022-04-07No regular use of javascript: found, remove warning and silently strip itChristian Schneider1-2/+0
2022-02-06Filter out javascript: scheme in U() to avoid more XSS attacksChristian Schneider1-0/+2
2021-01-13Unified brace and else if styleChristian Schneider1-2/+1
2020-04-21use new array syntaxUrban Müller1-23/+23
2019-09-02Make itools a bit stricter, new PHP versions start to enforce more declarationsChristian Schneider1-2/+2
2018-06-21no reason for different namingUrban Müller1-0/+291