����� ���������

1.3.7.

• Added 'dl' to the list of 'lists' tags.
• Added 'callto' to the white list of protocols.
• Added white list of “namespaced” attributes.

1.3.6.

• More accurate UTF-7 decoding.

• Two serious security flaws fixed: UTF-7 XSS and CSS comments handling.

• Security flaw (improper quotes handling in attributes' values) fixed. Big thanks to Nick Cleaton.

• Dumb bug fixed (some closing tags were ignored).

• Two holes (with decimal HTML entities and with \x00 symbol) fixed.
• Class rewritten under PEAR coding standarts.
• Class now uses unmodified HTMLSax3 from PEAR.
• To the list of table tags added: “caption”, “col”, “colgroup”.

1.2.1.

• It was possible to create XSS with hexadecimal HTML entities. Fixed. Big thanks to Christian Stocker.

• “id” and “name” attributes added to dangerous attributes list, because malefactor can broke legal javascript by spoofing ID or NAME of some element.
• New method parse() allows to do all parsing process in two lines of code. Examples also updated.
• New array, closeParagraph, contains list of block-level elements. When we open such elemet, we should close paragraph before.. It allows SafeHTML to produce more XHTML compliant code.
• Added “webcal” to white list of protocols for those who uses calendar programs (Mozilla/iCal/etc).
• Now SafeHTML strips down table elements when we are not inside table.
• Now SafeHTML correctly closes unclosed “li” tags: before opening “li” of the same nesting level.

Also, project moved to Pixel-Apes project site.

New address is http://pixel-apes.com/safehtml
New RSS feed address is: http://pixel-apes.com/safehtml/feed/rss