be666032a113a8af92bc557add8e83579cf0ef5c |
|
17-Jul-2013 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
cleanup IDE warnings about methods that could be static git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@178 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
79b4c29af1261d95c663bdf0003b70cb0eb8000e |
|
21-Nov-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
added methods to the policy builder to specify which elements are allowed to contain text. By default text is allowed in any allowed element that can contain normal flow or block content, but disallowed in CDATA elements like <iframe>. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@132 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
0df9131f7be5c0f90ce70d43b7e4239a6a6df016 |
|
22-Sep-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@114 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
d78e82dfc7da9c1e4ad8e4199bc375089a799c85 |
|
10-May-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Tweak lexer token grammar to handle XML prologues, processing instructions and HTML5 bogus comments properly. HTML5 transitions into a bogus comment state on seeing "<?" from a data state and ends at the first ">" or end of file token seen. XML Processing instructions and XML Prologues are both subsets of this production. This changes the lexer to use that grammar instead of ending at "?>" or end of file which handles comments that Outlook puts in HTML copied from an email. The lexer is not in the TCB so this change is low risk. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@104 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
ed543b3cecf572d07f068603f4875265d25cdab5 |
|
26-Mar-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
testcase for NULs git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@98 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
b530bfd7496ead9ab962726781dd90b6c739cdce |
|
02-Nov-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Rework handling of raw-text elements to avoid browser confusion git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@87 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
1bfae835221847e7791625e2baa98a60eb3cfa8a |
|
26-Oct-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
fix IE8 innerHTML issue git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@86 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
3f54e49f2181c52ca40d99fbe738b2484ba91528 |
|
14-Oct-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Fix issue 3: "Deeply nested elements crash FF 8, Chrome 11" by not emitting any tokens from TagBalancingHtmlStreamEventReceiver when the open element stack exceeds a nestingLimit. This limit is 128 based on some data on table nesting levels seen in the wild by Opera but I am continuing to look for info about the distribution of actual nesting depth for documents in the wild. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@79 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
a22c5206bf277657bedad63c72a45820c4724e8c |
|
09-Oct-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
fix truncated comment git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@68 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
f1c88874989dbe1ca93dcfa51be543138e00f0ae |
|
17-Aug-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Changed HtmlStreamRenderer to encode supplemental codepoints as HTML numeric entities to avoid UTF-16/UCS-2 confusion in the browser, and to avoid having Java UTF-8 encode individual surrogates instead of using the longer UTF-8 encoded forms. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@50 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
ee7fe14ffd97ab25e70f4403c56e5637f4239b9d |
|
02-Aug-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Changed HtmlSanitizer.sanitize to allow a null string of HTML as input. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@42 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
846d5d0377617bd20ac271a486f07bfe757cc7a2 |
|
26-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
refactor HtmlPolicyBuilder so allowAttribute calls can be applied to multiple elements and so that element name and attribute names are supplied unambiguously in the order the name implies. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@26 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
6d8c2e9241d042a3e0bff40dac4c388966ad060c |
|
10-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
comment cleanup and added target to Makefile to run tests git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@18 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
8403881c365ab36b721ccc4500af1b3a5bd25870 |
|
09-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
added license headers and a license.txt file git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@10 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
4e867904c8295537803c1c8a076e130df5674b58 |
|
09-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Revamped to use a policy builder pattern instead of requiring people to write their own policies. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@9 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|
5c702c12be71d8070da9287cc4a044617dd726a7 |
|
01-Mar-2011 |
manico.james@gmail.com <manico.james@gmail.com@ad8eed46-c659-4a31-e19d-951d88f54425> |
Mike Samuels donation to OWASP git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@2 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlSanitizerTest.java
|