Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / owasp / sanitizer / 09121d10958e8b051f08ec5a2c493170906bd717 / src
  1. 195fd71 fleshed out tests for new CSS lexer by mikesamuel · 11 years ago
  2. 87a0aa3 debugged bracket indices and fixed bugs in space allocation on unclosed bracket pairs at end of input and in the mapping from close-brackets to their partners by mikesamuel · 11 years ago
  3. b600c3c REGRESSION RISK: replace CSS lexer based on regular expressions with one that does not backtrack or left-recurse. This new code has not yet been thorougly tested. Fuzzing and hardening will happen in follow-on CLs but it is not yet suitable for stable. by mikesamuel · 11 years ago
  4. 4a4efac fix typo in documentation by mikesamuel · 11 years ago
  5. be66603 cleanup IDE warnings about methods that could be static by mikesamuel · 11 years ago
  6. 8e2bb42 allow for verbose test running and running tests with assertions enabled by mikesamuel · 11 years ago
  7. dce9ad7 box model handling for styles by mikesamuel · 11 years ago
  8. 783908c fixed tag balancer so that implicit end tags are not generated for scope-introducing elements like tables and list items when a close tag ought to be restricted to an element within that scope by mikesamuel · 11 years ago
  9. 71e338d removed bogus comment by mikesamuel · 11 years ago
  10. 0ca1e3c unused import by mikesamuel · 11 years ago
  11. 4c1e341 modify the HTML schema in TagBalancingHtmlStreamEventReceiver to make sure character data is allowed in option elemens by mikesamuel · 11 years ago
  12. 6ca215a fixed minor bug in EbayPolicyExample which exposed a bug in requireRelNofFollowOnLinks that was half-heartedly allowing links by mikesamuel · 12 years ago
  13. c514942 IDE warning cleanup by mikesamuel · 12 years ago
  14. d9475f7 test fix. fallout from findbugs cleanup by mikesamuel · 12 years ago
  15. 489a0ec upgraded to most recent version of findbugs by mikesamuel · 12 years ago
  16. 6a63b45 removed unused imports by mikesamuel · 12 years ago
  17. 7fb0629 fixed bug: use of identity hashcode spuriously triggered an underflow check by mikesamuel · 12 years ago
  18. a90a92d added test from issue 9 by mikesamuel · 12 years ago
  19. c517d7c instead of creating <font> elements when sanitizing CSS, just do a better job of white-listing and sanitizing font faces, sizes, and alignment. This fixes problems whereby font elements were being introduced into tables but outside the table cells they were meant to style and which can legally contain them by mikesamuel · 12 years ago
  20. fbd0573 test anding of policy factories that have overlapping element and attribute policies by mikesamuel · 12 years ago
  21. eec952b test anding of policy factories that have overlapping element and attribute policies by mikesamuel · 12 years ago
  22. 0904bd6 commented out unused function by mikesamuel · 12 years ago
  23. 6f71b09 added test coverage report generation target to Makefile by mikesamuel · 12 years ago
  24. 79b4c29 added methods to the policy builder to specify which elements are allowed to contain text. By default text is allowed in any allowed element that can contain normal flow or block content, but disallowed in CDATA elements like <iframe>. by mikesamuel · 12 years ago
  25. 63dba94 added restrictions to the TagBalancingHtmlStreamEventReceiver so non-whitespace text nodes can only appear where phrasing content, flow content, or regular character data are allowed. This means that an <li> is added around "two" in <ul><li>one</li>two</ul>. changed to tag balancer to also recognize that </h3> and friends close any open header. by mikesamuel · 12 years ago
  26. 1ecbdce fix issue 7: misnested lists. Changes tag balancer to insert block container elements when a block or flow content element is seen in a context where block and flow elements are disallowed. by mikesamuel · 12 years ago
  27. 8c4f5bf get rid of IDE warning by mikesamuel · 12 years ago
  28. 0df9131 changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements by mikesamuel · 12 years ago
  29. d687f1e added intrustion detection version of PolicyFactory.sanitize by mikesamuel · 12 years ago
  30. 68c898c added convenience APIs for intrusion detection hooks by mikesamuel · 12 years ago
  31. 6f2fc04 added an interstitial layer that can report dropped tags and attributes to an intrusion detection system by mikesamuel · 12 years ago
  32. c9415e2 fixed typo in comment by mikesamuel · 12 years ago
  33. d78e82d Tweak lexer token grammar to handle XML prologues, processing instructions and HTML5 bogus comments properly. HTML5 transitions into a bogus comment state on seeing "<?" from a data state and ends at the first ">" or end of file token seen. XML Processing instructions and XML Prologues are both subsets of this production. This changes the lexer to use that grammar instead of ending at "?>" or end of file which handles comments that Outlook puts in HTML copied from an email. The lexer is not in the TCB so this change is low risk. by mikesamuel · 12 years ago
  34. e7e78dd Fix issue 5: protocol filtering failed to match the proper substring against the allowed protocol set. by mikesamuel · 13 years ago
  35. ed543b3 testcase for NULs by mikesamuel · 13 years ago
  36. b530bfd Rework handling of raw-text elements to avoid browser confusion by mikesamuel · 13 years ago
  37. 1bfae83 fix IE8 innerHTML issue by mikesamuel · 13 years ago
  38. 5b7822a reworked color handling in StylingPolicy to allow background and to only ever output #hex colors by mikesamuel · 13 years ago
  39. 40d8af7 allow font sizes to be specified in pixels by mikesamuel · 13 years ago
  40. d702e7e Fixed initialization error in example and added test to make sure the examples run by mikesamuel · 13 years ago
  41. 4d17cd9 adjusted document depth limit based on default from WebCore by mikesamuel · 13 years ago
  42. 3f54e49 Fix issue 3: "Deeply nested elements crash FF 8, Chrome 11" by not emitting any tokens from TagBalancingHtmlStreamEventReceiver when the open element stack exceeds a nestingLimit. This limit is 128 based on some data on table nesting levels seen in the wild by Opera but I am continuing to look for info about the distribution of actual nesting depth for documents in the wild. by mikesamuel · 13 years ago
  43. 6434d0d more javadoc fixes by mikesamuel · 13 years ago
  44. d7c2f9f fixed javadoc by mikesamuel · 13 years ago
  45. 38bb37b Added Sanitizers class with prepackage policies, extracted the policy implementation from HtmlPolicyBuilder and extended it with convenience methods sanitize(String) and and(..) which allows composition of built policy factories. by mikesamuel · 13 years ago
  46. 6691ce1 Updated list of void HTML elements by mikesamuel · 13 years ago
  47. f27efcb Fixed bug: badHtmlHandler not receiving output when ioHandler is defanged by mikesamuel · 13 years ago
  48. a22c520 fix truncated comment by mikesamuel · 13 years ago
  49. dc2e862 Tweaked whitespace by mikesamuel · 13 years ago
  50. 756bebf Rework regular expressions in EbayPolicyExample to not capture unnecessary content, and to not backtrack on invalid inputs. Other minor fixes to spelling and . exclusion. by mikesamuel · 13 years ago
  51. f1c8887 Changed HtmlStreamRenderer to encode supplemental codepoints as HTML numeric entities to avoid UTF-16/UCS-2 confusion in the browser, and to avoid having Java UTF-8 encode individual surrogates instead of using the longer UTF-8 encoded forms. by mikesamuel · 13 years ago
  52. 2c68185 Added new HTML5 URL attributes to the list of URL attributes that are guarded by the URL safeguards in HtmlPolicyBuilder. by mikesamuel · 13 years ago
  53. 75d905c Simplified null parameter handling in HtmlSanitizer.sanitize to present a consistently non-null html parameter to the whole function body. If html is null, the loop will be entered but there's no need to confuse the JIT with calls to substring on a value that's been checked for null earlier in the method. by mikesamuel · 13 years ago
  54. ee7fe14 Changed HtmlSanitizer.sanitize to allow a null string of HTML as input. by mikesamuel · 13 years ago
  55. c4058d9 Commented example policies by mikesamuel · 13 years ago
  56. 109b245 Fleshed out styling policy with some of the most popular CSS properties from http://triin.net/2006/06/12/CSS by mikesamuel · 13 years ago
  57. 5a047cb Added a fuzzer for the HTML sanitizer and fixed a bug it exposed in numeric entity decoding. by mikesamuel · 13 years ago
  58. f06f9a5 Added a fuzzer test that checks that the parser is not in the TCB. by mikesamuel · 13 years ago
  59. 8560af5 Fixed CDATA rendering by mikesamuel · 13 years ago
  60. 846d5d0 refactor HtmlPolicyBuilder so allowAttribute calls can be applied to multiple elements and so that element name and attribute names are supplied unambiguously in the order the name implies. by mikesamuel · 14 years ago
  61. b0d421a tweaked by mikesamuel · 14 years ago
  62. 6f896a5 EBay policy example derived from antisamy by mikesamuel · 14 years ago
  63. 503b46e Added text-decoration support to styling policy by mikesamuel · 14 years ago
  64. 04fec67 Added an example to mirror the AntiSamy slashdot use case by mikesamuel · 14 years ago
  65. 27b4be9 Wrote a tag balancer that correctly handles containment relationships. by mikesamuel · 14 years ago
  66. 6d8c2e9 comment cleanup and added target to Makefile to run tests by mikesamuel · 14 years ago
  67. a35e496 comments by mikesamuel · 14 years ago
  68. 2d52178 javadoc fixup by mikesamuel · 14 years ago
  69. 8403881 added license headers and a license.txt file by mikesamuel · 14 years ago
  70. 4e86790 Revamped to use a policy builder pattern instead of requiring people to write their own policies. by mikesamuel · 14 years ago
  71. 0f3a756 test and Makefile cleanup by mikesamuel · 14 years ago
  72. 3a3d912 Updated Makefile to build using the version 1.5 class file version and got rid of compiler warnings. by mikesamuel · 14 years ago
  73. 9b773b3 cleanup porting of unit tests by manico.james@gmail.com · 14 years ago
  74. cdaa5d0 cleanup of importing AntiSamy tests by manico.james@gmail.com · 14 years ago
  75. afd4893 Integrating AntiSamy tests into HTML Purifier by manico.james@gmail.com · 14 years ago
  76. 5c702c1 Mike Samuels donation to OWASP by manico.james@gmail.com · 14 years ago