b268f8745b09a77af2e8c77ffd376b6459bf4fec |
|
18-Jul-2013 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
rewrite the CSS sanitizer to do token-level filtering git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@188 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
be666032a113a8af92bc557add8e83579cf0ef5c |
|
17-Jul-2013 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
cleanup IDE warnings about methods that could be static git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@178 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
4c1e3417997042b0b485cbf71344a0210dfaba04 |
|
24-Apr-2013 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
modify the HTML schema in TagBalancingHtmlStreamEventReceiver to make sure character data is allowed in option elemens git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@163 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
c517d7c6cadcd8643d565783464a2728be8c08d9 |
|
12-Feb-2013 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
instead of creating <font> elements when sanitizing CSS, just do a better job of white-listing and sanitizing font faces, sizes, and alignment. This fixes problems whereby font elements were being introduced into tables but outside the table cells they were meant to style and which can legally contain them git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@147 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
79b4c29af1261d95c663bdf0003b70cb0eb8000e |
|
21-Nov-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
added methods to the policy builder to specify which elements are allowed to contain text. By default text is allowed in any allowed element that can contain normal flow or block content, but disallowed in CDATA elements like <iframe>. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@132 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
0df9131f7be5c0f90ce70d43b7e4239a6a6df016 |
|
22-Sep-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@114 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
e7e78dd647a336268098d3438acc27ff4fcf0322 |
|
26-Mar-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Fix issue 5: protocol filtering failed to match the proper substring against the allowed protocol set. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@99 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
5b7822ad25b5ebd8bc2733b914215e6189a785cc |
|
19-Oct-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
reworked color handling in StylingPolicy to allow background and to only ever output #hex colors git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@83 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
109b24565d3eb95a54ad9df8de2aa8c81bd32a24 |
|
08-Apr-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Fleshed out styling policy with some of the most popular CSS properties from http://triin.net/2006/06/12/CSS git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@30 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
846d5d0377617bd20ac271a486f07bfe757cc7a2 |
|
26-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
refactor HtmlPolicyBuilder so allowAttribute calls can be applied to multiple elements and so that element name and attribute names are supplied unambiguously in the order the name implies. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@26 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
27b4be957534ebb90e21ac8d31bf722e4c9273bf |
|
10-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Wrote a tag balancer that correctly handles containment relationships. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@20 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
8403881c365ab36b721ccc4500af1b3a5bd25870 |
|
09-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
added license headers and a license.txt file git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@10 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|
4e867904c8295537803c1c8a076e130df5674b58 |
|
09-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Revamped to use a policy builder pattern instead of requiring people to write their own policies. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@9 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java
|