From 07155a084db111c0586ce7ed958c87eed6116704 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Fri, 17 Apr 2009 15:41:16 +0000
Subject: Closes #833: Kses now built as module

git-svn-id: https://code.elgg.org/elgg/trunk@3222 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 vendors/kses/ChangeLog | 168 -------------------------------------------------
 1 file changed, 168 deletions(-)
 delete mode 100644 vendors/kses/ChangeLog

(limited to 'vendors/kses/ChangeLog')
diff --git a/vendors/kses/ChangeLog b/vendors/kses/ChangeLog
deleted file mode 100644
index 7102396ce..000000000
--- a/vendors/kses/ChangeLog
+++ /dev/null
@@ -1,168 +0,0 @@
-kses ChangeLog
-==============
-
-* 0.2.2 and 0.2.2-rc1
-
-0.2.2 was released on the 7th of February 2005. We also had a release
-candidate, 0.2.2-rc1, that was released on the 30th of January 2005.
-
-I (Ulf) am sorry for this long delay, but I lost interest in kses for a
-while and worked on auditing C/C++ code for buffer overflows and format
-string bugs in the Debian Security Audit Project instead
-( http://www.debian.org/security/audit/ ).
-
-This version has the following changes:
-
-- Richard contributed an additional object-oriented kses version for
-  PHP 5, which takes advantage of that PHP version's improved object
-  orientation. You can find it in the oop/ directory.
-
-- Richard added RemoveProtocol(), RemoveProtocols() and SetProtocols()
-  methods to both object-oriented kses versions. This closes SourceForge
-  bug #892477.
-
-- Richard also did other smaller changes to the object-oriented kses
-  versions. See oop/oop.kses.changelog.txt for the gory details.
-
-- The code that checks whether used elements and attributes are allowed
-  now uses isset() to avoid notices under certain configurations. This
-  hopefully closes SourceForge bug #918493.
-
-- The check for the Opera extra whitespace character #173 was moved so
-  it only affects attribute values and nothing else. This is helpful for
-  Asian kses users, who use that character in writing. (This is just a
-  temporary solution. A better one will show up in the next version, when
-  the parser is rewritten.) This closes SourceForge bug #834645, kind of.
-
-- Now the program will not even look at attributes and closing XHTML
-  slashes for closing HTML elements. This will make kses execute faster
-  and it won't accept atrocities like </br /> anymore.
-
-- Moved references in examples/test.php from function calls to the function
-  definition, making it better PHP.
-
-- The output of examples/test.php and examples/filter.php now conform fully
-  to W3C's HTML specification.
-
-- From now on, kses releases will be distributed both as .tar.gz and .zip
-  archives to please our Wintendo users. This closes SourceForge feature
-  request #900380.
-
-- Changed to new copyright year and paper mail address.
-
-
-* 0.2.1
-
-0.2.1 was released on the 29th of September 2003.
-It has the following changes:
-
-
-- There is now an additional version of kses, using the object-oriented
-  paradigm. Thanks a lot to Richard R. Vasquez, Jr., who created it! Anyone
-  who wants to make functional programming, logical programming or spaghetti
-  programming versions of kses as well (or any other programming paradigm that
-  you like), go ahead! All the people who like old procedural programming for
-  web applications shouldn't despair, though, as both versions will be
-  maintained with each release.
-
-- kses now has some new attribute value checks: minlen, minval and valueless.
-  See docs/attribute-value-checks for an explanation.
-
-- For some reason, the Opera developers decided to make chr(173) a whitespace
-  character in URL protocols, both when it occurs raw and in an entity. kses
-  now handles this.
-
-- The URL protocol whitelisting system now decodes entities before removing
-  NULLs and whitespaces.
-
-
-* 0.2.0
-
-0.2.0 was released on the 25th of July 2003.
-It has the following changes:
-
-
-- kses now supports checking of attribute values, and not just element names
-  and attribute names. The attribute value checks that exist so far are
-  'maxlen' (checks how long attribute values are, to avoid Buffer Overflows)
-  and 'maxval' (checks how big an integer value is, to avoid Denial of Service
-  attacks).
-
-  Buffer Overflows could both be a problem for WWW clients and different
-  servers on the Internet that an HTML document links to. One example is
-  <frame src="ftp://ftp.v1ct1m.com/AAAAAA..thousands_of_A's...">.
-
-  Denial of Service attacks can take the form of too big sizes of iframes or
-  other things. One example is <iframe src="http://some.web.server/"
-  width="20000" height="2000">, which makes some client machines completely
-  overloaded.
-
-- kses' old feature of removing "javascript:" from attribute values has been
-  improved. It now has a whole system for white listing of URL protocols, so
-  you can specify that it's acceptable with http:, https:, ftp: and gopher:,
-  but no other protocols in attribute values. The system tries pretty hard to
-  do the right thing with whitespace, upper/lower case, HTML entities
-  ("jav&#97;script:") and repeated entries ("javascript:javascript:alert(57)").
-
-- kses now supports both HTML and XHTML code, by allowing " /" at the end of
-  tags.
-
-- kses now removes Netscape 4's JavaScript entities, having the form
-  "&{alert(57)};". They don't even seem to work on all versions of Netscape 4,
-  but for completeness' sake it seemed like a good feature to add.
-
-- A bug with NULLs in javascript: URLs was fixed.
-  (Reported by Simon Cornelius P. Umacob - thanks!)
-
-- As a nice side effect of the white listing of URL protocols, kses now also
-  normalizes all HTML entities in documents. It will change HTML code with bad
-  entities to the right form, for example "AT&T" will be converted to
-  "AT&amp;T" and "<a href='lyrics.php?band=ladytron&lyrics=playgirl'>" will be
-  converted to "<a href='lyrics.php?band=ladytron&amp;lyrics=playgirl'>".
-  "&#000058;" will be converted to "&#58;", "&#XYZZY;" will be converted to
-  "&amp;#XYZZY;", "&auml!;" will be converted to "&amp;auml!;" and so on.
-
-  As shown above, it will process HTML entities that it doesn't understand.
-  It will also deal with too big numbers in numeric HTML entities, which is
-  helpful as many browsers seem to wrap them around at 2 ** 32, so the
-  characters 58, 58 + (2 ** 32), 58 + (2 ** 64) etcetera are all colons to the
-  web browser.
-
-- You can now use upper case letters in your $allowed_html array, in element
-  names, attribute names and attribute value check names. Version 0.1.0
-  required everything in that array to be in lower case, but that's not
-  necessary any more. You can also use upper case letters in
-  $allowed_protocols.
-
-- The "Really malformed thing" bug from the TODO file was fixed.
-  It used to convert this string:
-  x > 5 <a href="blah">
-  to:
-  x &gt; 5 &lt;a href=&quot;blah&quot;&gt;
-  and now it converts it to:
-  x &gt; 5 <a href="blah">
-
-- The "Weird malformed thing" bug from the TODO file was fixed.
-  It used to convert this string:
-  <a href="5 href=6>
-  to:
-  <a href="6">
-  because of the way kses restarts after a parse error in kses_hair(). Now it
-  converts it to:
-  <a>
-
-- A problem with slashes in HTML tags was fixed.
-
-- examples/filter.php used to use $SCRIPT_NAME, which doesn't work on
-  Windows.
-  (Reported by Simon Cornelius P. Umacob - thanks!)
-
-- kses now allows dashes in attribute names, for things like
-  <meta http-equiv=..>.
-
-
-* 0.1.0, first public version
-
-0.1.0 was released on the 9th of June 2003.
-It was announced on three security related mailing lists on Friday the 13th
-of June (nothing bad happened to it though).
-- 
cgit v1.2.3

