Gitiles
Code Review
Sign In
gerrit-public.fairphone.software
/
platform
/
external
/
owasp
/
sanitizer
/
0df9131f7be5c0f90ce70d43b7e4239a6a6df016
0df9131
changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements
by mikesamuel
· 12 years ago
5da20b0
distrib with most recent intrustion detection APIs
by mikesamuel
· 12 years ago
d687f1e
added intrustion detection version of PolicyFactory.sanitize
by mikesamuel
· 12 years ago
4793dee
distrib including intrusion detection support
by mikesamuel
· 12 years ago
68c898c
added convenience APIs for intrusion detection hooks
by mikesamuel
· 12 years ago
6f2fc04
added an interstitial layer that can report dropped tags and attributes to an intrusion detection system
by mikesamuel
· 12 years ago
77c5917
upgrade Guava to release 11
by mikesamuel
· 12 years ago
ec10d1e
cut maven release r106
by mikesamuel
· 12 years ago
c9415e2
fixed typo in comment
by mikesamuel
· 12 years ago
c1d75e2
added change log entry for r104
by mikesamuel
· 12 years ago
d78e82d
Tweak lexer token grammar to handle XML prologues, processing instructions and HTML5 bogus comments properly. HTML5 transitions into a bogus comment state on seeing "<?" from a data state and ends at the first ">" or end of file token seen. XML Processing instructions and XML Prologues are both subsets of this production. This changes the lexer to use that grammar instead of ending at "?>" or end of file which handles comments that Outlook puts in HTML copied from an email. The lexer is not in the TCB so this change is low risk.
by mikesamuel
· 12 years ago
058d9f7
cleanup of distrib javadoc
by mikesamuel
· 12 years ago
1f23282
added fix for issue 5 to change log
by mikesamuel
· 12 years ago
25b0ee1
cut release 99
by mikesamuel
· 12 years ago
b5b319c
distrib with fix for issue 5
by mikesamuel
· 12 years ago
e7e78dd
Fix issue 5: protocol filtering failed to match the proper substring against the allowed protocol set.
by mikesamuel
· 12 years ago
ed543b3
testcase for NULs
by mikesamuel
· 12 years ago
7afbda8
Updated JSR 305 jar and filled placeholders in COPYING file.
by mikesamuel
· 13 years ago
b39e7ef
cut release 88
by mikesamuel
· 13 years ago
b530bfd
Rework handling of raw-text elements to avoid browser confusion
by mikesamuel
· 13 years ago
1bfae83
fix IE8 innerHTML issue
by mikesamuel
· 13 years ago
358e071
cut distrib 83
by mikesamuel
· 13 years ago
5b7822a
reworked color handling in StylingPolicy to allow background and to only ever output #hex colors
by mikesamuel
· 13 years ago
40d8af7
allow font sizes to be specified in pixels
by mikesamuel
· 13 years ago
d702e7e
Fixed initialization error in example and added test to make sure the examples run
by mikesamuel
· 13 years ago
4d17cd9
adjusted document depth limit based on default from WebCore
by mikesamuel
· 13 years ago
3f54e49
Fix issue 3: "Deeply nested elements crash FF 8, Chrome 11" by not emitting any tokens from TagBalancingHtmlStreamEventReceiver when the open element stack exceeds a nestingLimit. This limit is 128 based on some data on table nesting levels seen in the wild by Opera but I am continuing to look for info about the distribution of actual nesting depth for documents in the wild.
by mikesamuel
· 13 years ago
80e7e75
Updated change log for r74
by mikesamuel
· 13 years ago
6434d0d
more javadoc fixes
by mikesamuel
· 13 years ago
d7c2f9f
fixed javadoc
by mikesamuel
· 13 years ago
3cf3450
updated web-browseable javadoc
by mikesamuel
· 13 years ago
38bb37b
Added Sanitizers class with prepackage policies, extracted the policy implementation from HtmlPolicyBuilder and extended it with convenience methods sanitize(String) and and(..) which allows composition of built policy factories.
by mikesamuel
· 13 years ago
6691ce1
Updated list of void HTML elements
by mikesamuel
· 13 years ago
f27efcb
Fixed bug: badHtmlHandler not receiving output when ioHandler is defanged
by mikesamuel
· 13 years ago
a22c520
fix truncated comment
by mikesamuel
· 13 years ago
cb27c9b
Pushed distrib with update to EbayPolicyExample
by mikesamuel
· 13 years ago
dc2e862
Tweaked whitespace
by mikesamuel
· 13 years ago
756bebf
Rework regular expressions in EbayPolicyExample to not capture unnecessary content, and to not backtrack on invalid inputs. Other minor fixes to spelling and . exclusion.
by mikesamuel
· 13 years ago
74c7cd6
Updated the Guava version under lib to release 9 from release 5
by mikesamuel
· 13 years ago
a362ec3
fixed typo in changelog
by mikesamuel
· 13 years ago
5d6c732
snapshotted under distrib
by mikesamuel
· 13 years ago
f1c8887
Changed HtmlStreamRenderer to encode supplemental codepoints as HTML numeric entities to avoid UTF-16/UCS-2 confusion in the browser, and to avoid having Java UTF-8 encode individual surrogates instead of using the longer UTF-8 encoded forms.
by mikesamuel
· 13 years ago
797b5e2
updated change log
by mikesamuel
· 13 years ago
2c68185
Added new HTML5 URL attributes to the list of URL attributes that are guarded by the URL safeguards in HtmlPolicyBuilder.
by mikesamuel
· 13 years ago
75d905c
Simplified null parameter handling in HtmlSanitizer.sanitize to present a consistently non-null html parameter to the whole function body. If html is null, the loop will be entered but there's no need to confuse the JIT with calls to substring on a value that's been checked for null earlier in the method.
by mikesamuel
· 13 years ago
0416a07
created change log
by mikesamuel
· 13 years ago
fc0dcc9
update distribution
by mikesamuel
· 13 years ago
ee7fe14
Changed HtmlSanitizer.sanitize to allow a null string of HTML as input.
by mikesamuel
· 13 years ago
c4058d9
Commented example policies
by mikesamuel
· 13 years ago
633821a
Added tooling for cutting maven releases
by mikesamuel
· 13 years ago
109b245
Fleshed out styling policy with some of the most popular CSS properties from http://triin.net/2006/06/12/CSS
by mikesamuel
· 13 years ago
5a047cb
Added a fuzzer for the HTML sanitizer and fixed a bug it exposed in numeric entity decoding.
by mikesamuel
· 13 years ago
f06f9a5
Added a fuzzer test that checks that the parser is not in the TCB.
by mikesamuel
· 13 years ago
8560af5
Fixed CDATA rendering
by mikesamuel
· 13 years ago
846d5d0
refactor HtmlPolicyBuilder so allowAttribute calls can be applied to multiple elements and so that element name and attribute names are supplied unambiguously in the order the name implies.
by mikesamuel
· 13 years ago
b0d421a
tweaked
by mikesamuel
· 13 years ago
6f896a5
EBay policy example derived from antisamy
by mikesamuel
· 13 years ago
503b46e
Added text-decoration support to styling policy
by mikesamuel
· 13 years ago
04fec67
Added an example to mirror the AntiSamy slashdot use case
by mikesamuel
· 13 years ago
b607938
another release candidate
by mikesamuel
· 13 years ago
27b4be9
Wrote a tag balancer that correctly handles containment relationships.
by mikesamuel
· 13 years ago
c40720d
Fixed improper uses of $? in Makefile
by mikesamuel
· 13 years ago
6d8c2e9
comment cleanup and added target to Makefile to run tests
by mikesamuel
· 13 years ago
cc0ba0d
get rid of unnecessary cruft from lib/junit that slows down svn checkout
by mikesamuel
· 13 years ago
e8ee9d6
project home link fix in generated javascript
by mikesamuel
· 13 years ago
d5f0fce
cut automated release
by mikesamuel
· 13 years ago
b5c2634
First pass at a Makefile target to allow easy building of distributions.
by mikesamuel
· 13 years ago
a35e496
comments
by mikesamuel
· 13 years ago
2d52178
javadoc fixup
by mikesamuel
· 13 years ago
11de375
added canned documentation
by mikesamuel
· 13 years ago
8403881
added license headers and a license.txt file
by mikesamuel
· 13 years ago
4e86790
Revamped to use a policy builder pattern instead of requiring people to write their own policies.
by mikesamuel
· 13 years ago
842e0c0
fix benchmarks and add a profiling target to the Makefile
by mikesamuel
· 13 years ago
0f3a756
test and Makefile cleanup
by mikesamuel
· 13 years ago
3a3d912
Updated Makefile to build using the version 1.5 class file version and got rid of compiler warnings.
by mikesamuel
· 13 years ago
9b773b3
cleanup porting of unit tests
by manico.james@gmail.com
· 13 years ago
cdaa5d0
cleanup of importing AntiSamy tests
by manico.james@gmail.com
· 13 years ago
afd4893
Integrating AntiSamy tests into HTML Purifier
by manico.james@gmail.com
· 13 years ago
5c702c1
Mike Samuels donation to OWASP
by manico.james@gmail.com
· 13 years ago
bf06b38
Initial directory structure.
by (no author)
· 13 years ago