Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-09-27 | Fix bug where valid content between HTML comments could have been skipped in ↵ | Aleksander Machniak | |
some cases (#6464) | |||
2018-08-24 | Add test for #6410 | Aleksander Machniak | |
2018-06-22 | Fix bug where some HTML comments could have been malformed by HTML parser ↵ | Aleksander Machniak | |
(#6333) | |||
2018-05-05 | Fix bug where some escape sequences in html styles could bypass security checks | Aleksander Machniak | |
2018-04-10 | Fix bug where usernames without domain part could be malformed or converted ↵ | Aleksander Machniak | |
to lower-case on logon (#6224) | |||
2018-03-18 | Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) | Aleksander Machniak | |
2018-03-09 | Fix bug where some unix timestamps were not handled correctly by ↵ | Aleksander Machniak | |
rcube_utils::anytodatetime() (#6212) | |||
2018-02-14 | Fix bug in remote content blocking on HTML image and style tags (#6178) | Aleksander Machniak | |
2017-11-08 | Fix mangled non-ASCII characters in links in HTML messages (#6028) | Aleksander Machniak | |
2017-10-01 | Fix (again) bug where image data URIs in css style were treated as ↵ | Aleksander Machniak | |
evil/remote in mail preview (#5580) | |||
2017-08-23 | Modify links in html messages during Washtml DOM traversal | Thomas Bruederli | |
This is a more safe approach than using regex and mitigates possible vulnerabilities using malformed html markup. | |||
2017-08-23 | Escape textarea contents in Washtml | Thomas Bruederli | |
2017-06-28 | Fix bug where HTML messages with @media styles could moddify style of page ↵ | Aleksander Machniak | |
body (#5811) | |||
2017-05-05 | Fix bug where comment notation within style tag would cause the whole style ↵ | Aleksander Machniak | |
to be ignored (#5747) | |||
2017-04-22 | Added test for rcube_db::parse_dsn() | Aleksander Machniak | |
2017-03-22 | Add support for DelSp=Yes messages (#5702) | dfukagaw28 | |
2017-03-11 | Add tests for XSS vulnerabilities in style tags | Thomas Bruederli | |
2017-03-06 | Skip iconv for problematic ISO-2022-JP strings (#5668) | Shin Kojima | |
We sometimes get broken character encodings such as: Subject: =?iso-2022-jp?B?GyRCLWo7M3l1OSk2SBsoQgo=?= This actually is not a strict ISO-2022-JP string, but a CP50220 string that is a variant of ISO-2022-JP with extended characters proposed by Microsoft. Iconv can not handle these encodings well. | |||
2017-01-07 | Fix bug where external content in src attribute of input/video tags was not ↵ | Aleksander Machniak | |
secured (#5583) | |||
2017-01-07 | Fix bug where image data URIs in css style were treated as evil/remote in ↵ | Aleksander Machniak | |
mail preview (#5580) | |||
2016-12-02 | Identicon plugin | Aleksander Machniak | |
https://kolabian.wordpress.com/2016/12/02/contact-identicons/ | |||
2016-11-13 | replace old trac links (#5514) | JohnDoh | |
2016-08-20 | Merge branch 'dev/drop-legacy-browsers' | Aleksander Machniak | |
2016-08-12 | Make html::parse_attrib_string() more robust | Aleksander Machniak | |
Fixes PHP Error: Expression parse error on: ($app->config->get('preview_pane',rcube_utils::get_boolean('')) == true ? ' checked=checked' : ') | |||
2016-08-04 | Removed legacy_browsr plugin | Aleksander Machniak | |
2016-07-31 | Merge remote-tracking branch 'upstream/master' | Aleksander Machniak | |
Conflicts: tests/Framework/Washtml.php | |||
2016-07-29 | Better time handling in rcube_utils::clean_datestr() | Aleksander Machniak | |
2016-07-29 | Managesieve: Fix parsing of vacation date-time with non-default date_format ↵ | Aleksander Machniak | |
(#5372) Added new method rcube_utils::format_datestr() to convert date_format date into ISO date format. | |||
2016-07-21 | Fix handling of blockquote tags with mixed case on html2text conversion (#5363) | Aleksander Machniak | |
2016-07-18 | Fix MathML test on older PHP versions | Aleksander Machniak | |
2016-07-17 | Support MathML in HTML message preview (#5182) | Aleksander Machniak | |
2016-05-29 | Wash position:fixed style in HTML mail for better security (#5264) | Aleksander Machniak | |
2016-05-08 | Small performance optimization | Aleksander Machniak | |
2016-05-08 | Add some more tests for HREF attribute washing | Aleksander Machniak | |
2016-05-06 | Fix XSS issue in href attribute on area tag (#5240, #5241) | Aleksander Machniak | |
2016-04-12 | Small code style improvements | Aleksander Machniak | |
2016-04-12 | Fix converting mail addresses with @www. into mailto links (#5197) | Aleksander Machniak | |
2016-01-16 | Improved SVG cleanup code | Aleksander Machniak | |
2015-11-18 | Fix rcube_utils::words_match() to work with mixed/invalid/binary content (T844) | Aleksander Machniak | |
2015-11-05 | Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) | Aleksander Machniak | |
2015-09-08 | Improve randomness of security tokens (#1490529) | Aleksander Machniak | |
2015-08-29 | Emoticons-related code refactoring | Aleksander Machniak | |
- Emoticons: All emoticons-related functionality is handled by the plugin now - Emoticons: Added option to switch on/off emoticons in compose editor (#1485732) - Emoticons: Added option to switch on/off emoticons in plain text messages - Plugin API: Added disabled_plugins an disabled_buttons options in html_editor hook - Plugin API: Added html2text hook | |||
2015-08-13 | Simplify rcube_utils::check_ip() | Aleksander Machniak | |
2015-08-10 | Fix "washing" of style elements wrapped into many lines | Aleksander Machniak | |
2015-08-08 | PHP7: Fixed some E_WARNING errors that previously were E_STRICT | Aleksander Machniak | |
2015-08-06 | Added GSSAPI/Kerberos authentication plugin - krb_authentication | Aleksander Machniak | |
2015-08-02 | Skip rcube_ldap_generic test if Net_LDAP3 is not available | Aleksander Machniak | |
2015-06-28 | Require Mbstring and OpenSSL extensions (#1490415) - remove redundant code | Aleksander Machniak | |
2015-06-27 | Get rid of Mail_mimeDecode package dependency (#1490416) | Aleksander Machniak | |
2015-06-17 | Fix handling of non-break spaces in html to text conversion (#1490436) | Aleksander Machniak | |