summaryrefslogtreecommitdiff
path: root/it_html.class
AgeCommit message (Collapse)AuthorFilesLines
2023-05-24Use -- for debug params with EDC('what')Christian Schneider1-3/+3
2022-12-12Add and use it::utf8_decode and it::utf8_encode for easier migration to PHP 8.2Christian Schneider1-1/+1
2022-12-12Declare some properties for PHP 8.2Christian Schneider1-0/+4
2022-09-08Allow html list tags (ol/ul/li) in it_html::sanitize (e.g. for Freizeit ↵Christian Schneider1-1/+1
descriptions)
2022-09-08Fix it_html::sanitize with nested tagsChristian Schneider1-1/+1
2022-04-07No regular use of javascript: found, remove warning and silently strip itChristian Schneider1-3/+1
2022-02-06Filter out javascript: scheme in U() to avoid more XSS attacksChristian Schneider1-0/+6
2022-01-24Fix PHP 8.1 warning when URL given to U() is invalidChristian Schneider1-0/+3
2021-05-30Allow some more tags structuring texts visiblyChristian Schneider1-2/+2
2021-02-03Code cleanup: Replace call_user_func* with normal function call equivalentChristian Schneider1-1/+1
2021-02-03Code cleanup: Switch to new style varargsChristian Schneider1-5/+4
2021-01-13Update copyright dateChristian Schneider1-1/+1
2021-01-13Unified join to always use implodeChristian Schneider1-2/+2
2021-01-13Unified brace and else if styleChristian Schneider1-2/+2
2020-05-11Remove obsolete itools javascript functions and loader/jsboot mechanismChristian Schneider1-28/+6
2020-01-23remove scheme from path when we have empty hostpart and empty schemepart; ↵David Flatz1-0/+4
this fixes 'a:javascript:alert(origin)'
2019-09-19add documentation of how to use select multipleKoni Weber1-0/+1
2019-09-02Make itools a bit stricter, new PHP versions start to enforce more declarationsChristian Schneider1-2/+2
2019-04-04too many false positives atmUrban Müller1-5/+1
2019-04-04only enforce apache limit for nowUrban Müller1-1/+1
2019-04-04warn if oversized urls are generatedUrban Müller1-1/+5
2018-09-01nobody uses use_it_state anymoreUrban Müller1-4/+0
2018-06-27reapply "use safer it:: variants of file funcs", was not the culprit in ↵Urban Müller1-1/+1
jussi downtimes This reverts commit 99b7fc8dc08da090bb7f00c2882e1daeec4434ba.
2018-06-22Revert "use safer it:: variants of file funcs"Urban Müller1-1/+1
This reverts commit 05e7ceefa1f0a29c665381b54ac882f260ae6c22.
2018-06-21use safer it:: variants of file funcsUrban Müller1-1/+1
2018-05-07Hack: Manually copy for new instance without custom value to keep setting ↵cs/xmlnamespaceChristian Schneider1-0/+4
from global auto_prepend instance
2018-05-07Disable the redefine function warning per default, renable it in the ↵Christian Schneider1-1/+1
search-specific auto_prepend instead
2018-05-03Generate it::error when trying to redefine function for a tagChristian Schneider1-0/+3
2018-04-26Use different global object for htmltype xml to allow mixing xml/html5 ↵Christian Schneider1-2/+2
generation
2018-04-23officially support htmltype => 'xml', don't short-close voidtags in xhtml modeChristian A. Weber1-4/+8
2018-04-17first amendment of last commitChristian A. Weber1-3/+1
2018-04-17fix empty non-void tags in non-xhtml modes, remove redundant whitelistChristian A. Weber1-6/+4
2018-04-12remove custom img() implementation with ie_png_fix, allow using ↵Christian A. Weber1-32/+16
it_html::tagname() for all tags+moretags
2017-12-07if no key => value params are supplied, don't kill query params without ↵Christian A. Weber1-15/+17
value such as foo or foo=
2017-12-07remove fasttagUrban Müller1-5/+1
2017-11-29Do not add / for non-http url without pathChristian Schneider1-1/+1
2017-11-28add more tests with fixesNathan Gass1-7/+13
2017-11-28simplify % code, test % at end and with digitsNathan Gass1-4/+1
2017-10-18entity-encode tabs and carriage returns like new lines in attributes so that ↵David Flatz1-2/+2
they won't get replaced by a space character when parsed see https://www.w3.org/TR/2004/REC-xml-20040204/#AVNormalize
2017-09-27'what' debug param works on map as wellChristian A. Weber1-1/+1
2017-08-21add it_url::parse_str() which leaves dots and spaces in arg names intactChristian A. Weber1-1/+1
2017-08-18U(): params can override base args, correctly add fragment to end of url if ↵Christian A. Weber1-5/+9
params are present, add some tests
2016-10-19fix phan warningsUrban Müller1-4/+6
2016-06-28code cleanupUrban Müller1-2/+1
2016-06-28fix urls with double ?Urban Müller1-0/+1
2016-06-14make sure that $string is really a string, should fix some XSS problemsDavid Flatz1-0/+1
2015-10-16handle missing it_htmlUrban Müller1-1/+1
2015-02-19Nicer looking comments with spaces, also prevents problem with >/- at ↵Christian Schneider1-1/+1
start/end of string
2015-02-19guarantee valid html commentsUrban Müller1-1/+1
2015-02-19guarantee valid html commentsUrban Müller1-1/+9