webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-13 00:41:59 +03:00
Code Activity
4,600 Commits 12 Branches 210 Tags
e2409a5fab3e38e1753adb51ff432b6104c7572b
Commit Graph

13 Commits

Author SHA1 Message Date
Dan Brown
71c93c8878 Includes: Switched page to new system 
- Added mulit-level depth parsing.
- Updating usage of HTML doc in page content to be efficient.
- Removed now redundant PageContentTest cases.
- Made some include system fixes based upon testing.
 2023-11-27 19:54:47 +00:00
Dan Brown
db7b11fe93 HTML: Aligned and standardised DOMDocument usage 
Adds a thin wrapper for DOMDocument to simplify and align usage within
all areas of BookStack.
Also means we move away from old depreacted mb_convert_encoding usage.

Closes #4638
 2023-11-14 15:46:32 +00:00
Dan Brown
a031edec16 Fixed old deprecated encoding convert on HTML doc load 2023-02-23 22:59:26 +00:00
Dan Brown
6955b2fd5a Widened svg content attribute xss filtering 
Takes care of additional cases that can occur.
Closes #3705
 2022-09-06 17:01:56 +01:00
Dan Brown
5f7cd735ea Added content filtering of tags with javascript or data in values attr 
Case would be blocked by CSP but adding for cases where CSP may not be
active when content taken externally.

For #3636
 2022-08-11 10:28:32 +01:00
Dan Brown
8d7c8ac8bf Done a round of phpstan fixes 2021-11-06 00:32:01 +00:00
Dan Brown
fb80bb5d58 Applied latest styleci changes 2021-09-06 22:19:06 +01:00
Dan Brown
fd44e4ba74 Started application of CSP headers 2021-09-03 23:32:42 +01:00
Dan Brown
040997fdc4 Added filter for xlink:href svg xss 
Simply remove all such attributes
 2021-09-03 22:34:49 +01:00
Dan Brown
5e6092aaf8 Added extra HTML filtering of dangerous content 
In particular, That around the casing of dangerous values within
attributes. This uses some xpath translation to handle different casing
in contains searching.
 2021-09-02 22:02:30 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
b5caaa73b7 Fixed content parsing break with line html comment 
Fixes issues thrown in custom HMTL head & page content filtering when
the content is comprised of only a single HTML comment.
Adds tests to cover.

For #2804
 2021-06-13 12:53:04 +01:00
Dan Brown
43b6633183 Filtered scripts in custom HTML head for exports 
Since it appeared to cause problems in some scenarios.
Related to #2490
 2021-05-03 23:59:52 +01:00