Cross Reference: /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java

History log of /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
0df9131f7be5c0f90ce70d43b7e4239a6a6df016	22-Sep-2012	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@114 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
68c898cc07aad9e4c616522afdd13a0cc4534117	01-Aug-2012	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	added convenience APIs for intrusion detection hooks git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@110 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
d78e82dfc7da9c1e4ad8e4199bc375089a799c85	10-May-2012	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	Tweak lexer token grammar to handle XML prologues, processing instructions and HTML5 bogus comments properly. HTML5 transitions into a bogus comment state on seeing "<?" from a data state and ends at the first ">" or end of file token seen. XML Processing instructions and XML Prologues are both subsets of this production. This changes the lexer to use that grammar instead of ending at "?>" or end of file which handles comments that Outlook puts in HTML copied from an email. The lexer is not in the TCB so this change is low risk. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@104 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
4d17cd9ce55e109898d50a4e54f01838f3cb93dc	19-Oct-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	adjusted document depth limit based on default from WebCore git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@80 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
3f54e49f2181c52ca40d99fbe738b2484ba91528	14-Oct-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	Fix issue 3: "Deeply nested elements crash FF 8, Chrome 11" by not emitting any tokens from TagBalancingHtmlStreamEventReceiver when the open element stack exceeds a nestingLimit. This limit is 128 based on some data on table nesting levels seen in the wild by Opera but I am continuing to look for info about the distribution of actual nesting depth for documents in the wild. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@79 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
75d905c90100b9b05602b1878f847142e39836aa	02-Aug-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	Simplified null parameter handling in HtmlSanitizer.sanitize to present a consistently non-null html parameter to the whole function body. If html is null, the loop will be entered but there's no need to confuse the JIT with calls to substring on a value that's been checked for null earlier in the method. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@47 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
ee7fe14ffd97ab25e70f4403c56e5637f4239b9d	02-Aug-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	Changed HtmlSanitizer.sanitize to allow a null string of HTML as input. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@42 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
04fec67bccd1004fba68e662ba9709747aa65d30	11-Mar-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	Added an example to mirror the AntiSamy slashdot use case git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@22 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
8403881c365ab36b721ccc4500af1b3a5bd25870	09-Mar-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	added license headers and a license.txt file git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@10 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
4e867904c8295537803c1c8a076e130df5674b58	09-Mar-2011	mikesamuel <mikesamuel@ad8eed46-c659-4a31-e19d-951d88f54425>	Revamped to use a policy builder pattern instead of requiring people to write their own policies. git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@9 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java
5c702c12be71d8070da9287cc4a044617dd726a7	01-Mar-2011	manico.james@gmail.com <manico.james@gmail.com@ad8eed46-c659-4a31-e19d-951d88f54425>	Mike Samuels donation to OWASP git-svn-id: http://owasp-java-html-sanitizer.googlecode.com/svn/trunk@2 ad8eed46-c659-4a31-e19d-951d88f54425 /external/owasp/sanitizer/src/main/org/owasp/html/HtmlSanitizer.java