0df9131f7be5c0f90ce70d43b7e4239a6a6df016 |
|
22-Sep-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@114 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
68c898cc07aad9e4c616522afdd13a0cc4534117 |
|
01-Aug-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
added convenience APIs for intrusion detection hooks git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@110 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
d78e82dfc7da9c1e4ad8e4199bc375089a799c85 |
|
10-May-2012 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Tweak lexer token grammar to handle XML prologues, processing instructions and HTML5 bogus comments properly. HTML5 transitions into a bogus comment state on seeing "<?" from a data state and ends at the first ">" or end of file token seen. XML Processing instructions and XML Prologues are both subsets of this production. This changes the lexer to use that grammar instead of ending at "?>" or end of file which handles comments that Outlook puts in HTML copied from an email. The lexer is not in the TCB so this change is low risk. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@104 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
4d17cd9ce55e109898d50a4e54f01838f3cb93dc |
|
19-Oct-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
adjusted document depth limit based on default from WebCore git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@80 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
3f54e49f2181c52ca40d99fbe738b2484ba91528 |
|
14-Oct-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Fix issue 3: "Deeply nested elements crash FF 8, Chrome 11" by not emitting any tokens from TagBalancingHtmlStreamEventReceiver when the open element stack exceeds a nestingLimit. This limit is 128 based on some data on table nesting levels seen in the wild by Opera but I am continuing to look for info about the distribution of actual nesting depth for documents in the wild. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@79 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
75d905c90100b9b05602b1878f847142e39836aa |
|
02-Aug-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Simplified null parameter handling in HtmlSanitizer.sanitize to present a consistently non-null html parameter to the whole function body. If html is null, the loop will be entered but there's no need to confuse the JIT with calls to substring on a value that's been checked for null earlier in the method. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@47 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
ee7fe14ffd97ab25e70f4403c56e5637f4239b9d |
|
02-Aug-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Changed HtmlSanitizer.sanitize to allow a null string of HTML as input. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@42 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
04fec67bccd1004fba68e662ba9709747aa65d30 |
|
11-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Added an example to mirror the AntiSamy slashdot use case git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@22 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
8403881c365ab36b721ccc4500af1b3a5bd25870 |
|
09-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
added license headers and a license.txt file git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@10 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
4e867904c8295537803c1c8a076e130df5674b58 |
|
09-Mar-2011 |
mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425> |
Revamped to use a policy builder pattern instead of requiring people to write their own policies. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@9 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|
5c702c12be71d8070da9287cc4a044617dd726a7 |
|
01-Mar-2011 |
manico.james@gmail.com <manico.james@gmail.com@ad8eed46-c659-4a31-e19d-951d88f54425> |
Mike Samuels donation to OWASP git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@2 ad8eed46-c659-4a31-e19d-951d88f54425
/external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
|