summaryrefslogtreecommitdiff
path: root/it_html.class
AgeCommit message (Collapse)AuthorFilesLines
2024-04-29Handle whitespace between attribute name and value also for img tagsDavid Flatz1-1/+1
2024-04-26Handle whitespace between attribute name and value; add some TODO tests to ↵David Flatz1-1/+1
be more compliant to specification
2024-03-29prevent warning on U(0 => ["a"])Urban Müller1-1/+1
2023-11-23fix 'what' debug link generator. Also, -- is dead.Christian A. Weber1-2/+2
2023-10-19drop support for C extensionUrban Müller1-3/+0
2023-09-25escape dangerous strings inside javascript, including env =Urban Müller1-0/+2
2023-08-21map favicon path to OneDomainUrban Müller1-1/+1
2023-07-25Simplify: Do not strip tags as this can lead to empty titlesChristian Schneider1-1/+1
2023-05-24more functional styleUrban Müller1-3/+1
2023-05-24Use -- for debug params with EDC('what')Christian Schneider1-3/+3
2022-12-12Add and use it::utf8_decode and it::utf8_encode for easier migration to PHP 8.2Christian Schneider1-1/+1
2022-12-12Declare some properties for PHP 8.2Christian Schneider1-0/+4
2022-09-08Allow html list tags (ol/ul/li) in it_html::sanitize (e.g. for Freizeit ↵Christian Schneider1-1/+1
descriptions)
2022-09-08Fix it_html::sanitize with nested tagsChristian Schneider1-1/+1
2022-04-07No regular use of javascript: found, remove warning and silently strip itChristian Schneider1-3/+1
2022-02-06Filter out javascript: scheme in U() to avoid more XSS attacksChristian Schneider1-0/+6
2022-01-24Fix PHP 8.1 warning when URL given to U() is invalidChristian Schneider1-0/+3
2021-05-30Allow some more tags structuring texts visiblyChristian Schneider1-2/+2
2021-02-03Code cleanup: Replace call_user_func* with normal function call equivalentChristian Schneider1-1/+1
2021-02-03Code cleanup: Switch to new style varargsChristian Schneider1-5/+4
2021-01-13Update copyright dateChristian Schneider1-1/+1
2021-01-13Unified join to always use implodeChristian Schneider1-2/+2
2021-01-13Unified brace and else if styleChristian Schneider1-2/+2
2020-05-11Remove obsolete itools javascript functions and loader/jsboot mechanismChristian Schneider1-28/+6
2020-01-23remove scheme from path when we have empty hostpart and empty schemepart; ↵David Flatz1-0/+4
this fixes 'a:javascript:alert(origin)'
2019-09-19add documentation of how to use select multipleKoni Weber1-0/+1
2019-09-02Make itools a bit stricter, new PHP versions start to enforce more declarationsChristian Schneider1-2/+2
2019-04-04too many false positives atmUrban Müller1-5/+1
2019-04-04only enforce apache limit for nowUrban Müller1-1/+1
2019-04-04warn if oversized urls are generatedUrban Müller1-1/+5
2018-09-01nobody uses use_it_state anymoreUrban Müller1-4/+0
2018-06-27reapply "use safer it:: variants of file funcs", was not the culprit in ↵Urban Müller1-1/+1
jussi downtimes This reverts commit 99b7fc8dc08da090bb7f00c2882e1daeec4434ba.
2018-06-22Revert "use safer it:: variants of file funcs"Urban Müller1-1/+1
This reverts commit 05e7ceefa1f0a29c665381b54ac882f260ae6c22.
2018-06-21use safer it:: variants of file funcsUrban Müller1-1/+1
2018-05-07Hack: Manually copy for new instance without custom value to keep setting ↵cs/xmlnamespaceChristian Schneider1-0/+4
from global auto_prepend instance
2018-05-07Disable the redefine function warning per default, renable it in the ↵Christian Schneider1-1/+1
search-specific auto_prepend instead
2018-05-03Generate it::error when trying to redefine function for a tagChristian Schneider1-0/+3
2018-04-26Use different global object for htmltype xml to allow mixing xml/html5 ↵Christian Schneider1-2/+2
generation
2018-04-23officially support htmltype => 'xml', don't short-close voidtags in xhtml modeChristian A. Weber1-4/+8
2018-04-17first amendment of last commitChristian A. Weber1-3/+1
2018-04-17fix empty non-void tags in non-xhtml modes, remove redundant whitelistChristian A. Weber1-6/+4
2018-04-12remove custom img() implementation with ie_png_fix, allow using ↵Christian A. Weber1-32/+16
it_html::tagname() for all tags+moretags
2017-12-07if no key => value params are supplied, don't kill query params without ↵Christian A. Weber1-15/+17
value such as foo or foo=
2017-12-07remove fasttagUrban Müller1-5/+1
2017-11-29Do not add / for non-http url without pathChristian Schneider1-1/+1
2017-11-28add more tests with fixesNathan Gass1-7/+13
2017-11-28simplify % code, test % at end and with digitsNathan Gass1-4/+1
2017-10-18entity-encode tabs and carriage returns like new lines in attributes so that ↵David Flatz1-2/+2
they won't get replaced by a space character when parsed see https://www.w3.org/TR/2004/REC-xml-20040204/#AVNormalize
2017-09-27'what' debug param works on map as wellChristian A. Weber1-1/+1
2017-08-21add it_url::parse_str() which leaves dots and spaces in arg names intactChristian A. Weber1-1/+1