Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2016-03-07 | Fix #4475 | Andrey Andreev | 1 | -2/+4 | |
2015-10-31 | Harden xss_clean() | Andrey Andreev | 1 | -15/+20 | |
2015-10-05 | Some more intrusive XSS cleaning | Andrey Andreev | 1 | -2/+7 | |
2015-10-02 | More XSS stuff | Andrey Andreev | 1 | -1/+6 | |
2015-09-21 | More XSS stuff | Andrey Andreev | 1 | -0/+16 | |
2015-09-17 | Don't allow open-ended tags to pass through xss_clean() | Andrey Andreev | 1 | -0/+1 | |
This was a regression caused by the previous commit | |||||
2015-09-17 | Refactor 'evil attributes' sanitization logic | Andrey Andreev | 1 | -23/+34 | |
Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). | |||||
2015-09-14 | Another addition to tag detection patterns in xss_clean() | Andrey Andreev | 1 | -0/+5 | |
2015-09-14 | Move _remove_evil_attributes() call | Andrey Andreev | 1 | -0/+14 | |
2015-09-11 | Harden xss_clean() more | Andrey Andreev | 1 | -2/+7 | |
This time eliminate false positives for the 'naughty html' logic. | |||||
2015-09-11 | Improve on previous commit | Andrey Andreev | 1 | -0/+5 | |
2015-09-11 | Replace the latest XSS patches | Andrey Andreev | 1 | -1/+6 | |
This one fixes yet another issue, is cleaner and faster. | |||||
2015-09-10 | Last commit didn't adjust a RE index | Andrey Andreev | 1 | -0/+5 | |
2015-09-10 | Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -4/+4 | |
2015-09-10 | Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 | Andrey Andreev | 1 | -1/+1 | |
2015-09-10 | Fix #4106 | Andrey Andreev | 1 | -0/+8 | |
2015-08-03 | [ci skip] Normalize tabs/spaces | Andrey Andreev | 1 | -1/+1 | |
Partial changes from PR #4016 | |||||
2015-03-26 | Add FSCommand and seekSegmentTime to evil HTML attributes list | Andrey Andreev | 1 | -0/+2 | |
2015-03-18 | Polish some recent changes in test cases | Andrey Andreev | 1 | -10/+10 | |
2015-03-10 | Fixed indentation | Heesung Ahn | 1 | -66/+65 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-10 | Update Security Unit test | Heesung Ahn | 1 | -18/+18 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-10 | Update Security Unit test | Heesung Ahn | 1 | -3/+91 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-05 | adding more img tags | Heesung Ahn | 1 | -2/+14 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-03-02 | test_strip_omage_tags | Heesung Ahn | 1 | -0/+19 | |
Signed-off-by:Heesung Ahn <ahn.heesung@gmail.com> | |||||
2015-02-17 | Fix #3572: CI_Security::_remove_evil_attributes() | Andrey Andreev | 1 | -0/+12 | |
2014-10-22 | [ci skip] Update 2 links to relate to bcit-ci/ | Andrey Andreev | 1 | -1/+1 | |
2014-05-23 | Fix #3057 | Andrey Andreev | 1 | -0/+6 | |
2014-03-18 | More xss_clean() improvements | Andrey Andreev | 1 | -1/+1 | |
Issue described in https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37980030 + a false positive | |||||
2014-03-18 | xss_clean() improvement | Andrey Andreev | 1 | -0/+6 | |
Fixes this: https://github.com/EllisLab/CodeIgniter/issues/2667#issuecomment-37819186 | |||||
2013-10-17 | Replace the last rand() with mt_rand() | vlakoff | 1 | -1/+1 | |
Better entropy, faster. Also fixed a few "it's" typos. | |||||
2012-06-09 | Cleanup/optimize tests/codeigniter/ | Andrey Andreev | 1 | -11/+12 | |
2012-05-27 | Continuation for Security and Table code-coverage, add coverage report to travis | Taufan Aditya | 1 | -0/+32 | |
2012-05-15 | Input class code-coverage | Taufan Aditya | 1 | -10/+4 | |
2012-05-15 | Security Code coverage | Taufan Aditya | 1 | -0/+79 | |