Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / owasp / sanitizer / 7d0755627f174ec9d5f148bd9fa3a5cc732edb3f
  1. 7d07556 fix issue 24: protocol whitelisting not case-insensitive by mikesamuel · 11 years ago
  2. 36633f8 added possessive quantifier to OFFSITE_URL regex to address issue https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=25 by mikesamuel · 11 years ago
  3. fad0ad7 add srcset attribute to the list of URL attributes by mikesamuel · 11 years ago
  4. d619c4a some machinery for extracting data tables from browsers by mikesamuel · 11 years ago
  5. 29485df fixed year in file header. Damn file headers and cargo-cult lawyering. by mikesamuel · 11 years ago
  6. aab0cbe unit tests for UrlTextExample by mikesamuel · 11 years ago
  7. 9527772 fixes for UrlTextExample by mikesamuel · 11 years ago
  8. 1834ad7 an example that explains how to use event receivers to annotate links and images by mikesamuel · 11 years ago
  9. bcceb34 release r209 built from clean with CssSchema by mikesamuel · 11 years ago
  10. 3e6cbb5 ditching r205 as release candidate by mikesamuel · 11 years ago
  11. 2b871d5 making distrib from clean by mikesamuel · 11 years ago
  12. d64cc8c cut a release with CssSchema changes : r205 by mikesamuel · 11 years ago
  13. 9b049e7 distribution with CssSchema changes by mikesamuel · 11 years ago
  14. 8ee0175 reworked the public API of CssSchema to allow clients to white-list further properties per https://groups.google.com/forum/#!topic/owasp-java-html-sanitizer-support/ZFxMMOh8dyk by mikesamuel · 11 years ago
  15. ff252bf cosmetic white-space change by mikesamuel · 11 years ago
  16. a1b4378 warning cleanup : field hiding by mikesamuel · 11 years ago
  17. 1879cfe r198 jars by mikesamuel · 11 years ago
  18. 62805f7 Cut release 198 with new CSS style sanitizer by mikesamuel · 11 years ago
  19. ce5bde4 cosmetic fixes to source code : line wrapping and comments by mikesamuel · 11 years ago
  20. 1af0549 refactored CssSchema to distinguish between a schema, a collection of property filters, and the properties themselves which are now instances of an inner class. Added code to the policy builder to allow a styling policy to be created with a custom schema. by mikesamuel · 11 years ago
  21. 44d782b some cosmetic tweaks to the part of the CSS fuzzer that logs long running operations by mikesamuel · 11 years ago
  22. 5d249f1 wrote a fuzzer for the CSS lexer to tease out token merging and misclassification problems by throwing tons of random inputs at the lexer and checking overall properties like termination, idempotence, and pattern matching each output token. by mikesamuel · 11 years ago
  23. aaf3076 added main method to CssSchema to make reviewing the white-list easier by mikesamuel · 11 years ago
  24. adf65fa cleanup and deduping schema by mikesamuel · 11 years ago
  25. 8a52114 fleshed out CSS lexer tests, added handling for line continuations in strings, and stripped out debugging cruft by mikesamuel · 11 years ago
  26. 0361553 re-enable internet tests inherited from AntiSamy by mikesamuel · 11 years ago
  27. 6afee9b clean up debugging cruft and IDE warnings by mikesamuel · 11 years ago
  28. 77740a7 specify the shell explicitly in the Makefile by mikesamuel · 11 years ago
  29. b268f87 rewrite the CSS sanitizer to do token-level filtering by mikesamuel · 11 years ago
  30. f8bc9ac a table of CSS properties and the tokens allowed in their values derived from the Caja white-lists by mikesamuel · 11 years ago
  31. 5e810f7 remove debugging cruft and only treat properly lengthed hash literals as unrestricted by mikesamuel · 11 years ago
  32. 9f3ae6a fixed token merging of unicode ranges and differentiate quantities with known suffices from those without by mikesamuel · 11 years ago
  33. d00cdaa fixed bug: PB times were not using the factory resulting in over-estimates of time taken by mikesamuel · 11 years ago
  34. 6142e97 undid disabling of internet tests inherited from AntiSamy by mikesamuel · 11 years ago
  35. 195fd71 fleshed out tests for new CSS lexer by mikesamuel · 11 years ago
  36. 87a0aa3 debugged bracket indices and fixed bugs in space allocation on unclosed bracket pairs at end of input and in the mapping from close-brackets to their partners by mikesamuel · 11 years ago
  37. b600c3c REGRESSION RISK: replace CSS lexer based on regular expressions with one that does not backtrack or left-recurse. This new code has not yet been thorougly tested. Fuzzing and hardening will happen in follow-on CLs but it is not yet suitable for stable. by mikesamuel · 11 years ago
  38. 4a4efac fix typo in documentation by mikesamuel · 11 years ago
  39. be66603 cleanup IDE warnings about methods that could be static by mikesamuel · 11 years ago
  40. 8e2bb42 allow for verbose test running and running tests with assertions enabled by mikesamuel · 11 years ago
  41. dce9ad7 box model handling for styles by mikesamuel · 11 years ago
  42. 0501891 cutting release r173 by mikesamuel · 11 years ago
  43. b02be37 updated change log by mikesamuel · 11 years ago
  44. 783908c fixed tag balancer so that implicit end tags are not generated for scope-introducing elements like tables and list items when a close tag ought to be restricted to an element within that scope by mikesamuel · 11 years ago
  45. 71e338d removed bogus comment by mikesamuel · 11 years ago
  46. 0ca1e3c unused import by mikesamuel · 11 years ago
  47. 99a0c4c a release automation to upload jars to google code dowload list by mikesamuel · 11 years ago
  48. defa730 added script to automate uploading of jars to google code download list by mikesamuel · 11 years ago
  49. 0606069 updating distrib with the option text fix by mikesamuel · 11 years ago
  50. 3a7234c modified maven push script to require that releases be built from an up-to-date client and properly committed by mikesamuel · 11 years ago
  51. 2a4c6d4 cut release with bug fix 163 by mikesamuel · 11 years ago
  52. 4c1e341 modify the HTML schema in TagBalancingHtmlStreamEventReceiver to make sure character data is allowed in option elemens by mikesamuel · 11 years ago
  53. 2d498e4 added not about potentially (unlikely) backwards compatibility breaking change to requireRelNoFollow() by mikesamuel · 12 years ago
  54. 6ca215a fixed minor bug in EbayPolicyExample which exposed a bug in requireRelNofFollowOnLinks that was half-heartedly allowing links by mikesamuel · 12 years ago
  55. c514942 IDE warning cleanup by mikesamuel · 12 years ago
  56. 47d6569 record script used to stage to maven central by mikesamuel · 12 years ago
  57. 2446c27 cut release 156 by mikesamuel · 12 years ago
  58. d9475f7 test fix. fallout from findbugs cleanup by mikesamuel · 12 years ago
  59. 489a0ec upgraded to most recent version of findbugs by mikesamuel · 12 years ago
  60. 269ace1 allow dependency on newer guava versions by mikesamuel · 12 years ago
  61. 6a63b45 removed unused imports by mikesamuel · 12 years ago
  62. e1fe814 added out/genfiles to eclipse project source dirs by mikesamuel · 12 years ago
  63. 7fb0629 fixed bug: use of identity hashcode spuriously triggered an underflow check by mikesamuel · 12 years ago
  64. 2394e9a Fixed fallout from out/classes Makefile reorg by mikesamuel · 12 years ago
  65. 2a41aba Makefile cleanup. Using out/ as the .class file base was confusing by mikesamuel · 12 years ago
  66. a90a92d added test from issue 9 by mikesamuel · 12 years ago
  67. c517d7c instead of creating <font> elements when sanitizing CSS, just do a better job of white-listing and sanitizing font faces, sizes, and alignment. This fixes problems whereby font elements were being introduced into tables but outside the table cells they were meant to style and which can legally contain them by mikesamuel · 12 years ago
  68. fbd0573 test anding of policy factories that have overlapping element and attribute policies by mikesamuel · 12 years ago
  69. eec952b test anding of policy factories that have overlapping element and attribute policies by mikesamuel · 12 years ago
  70. 0904bd6 commented out unused function by mikesamuel · 12 years ago
  71. 6f71b09 added test coverage report generation target to Makefile by mikesamuel · 12 years ago
  72. 70ca203 Cut release 136 - first release to use a Maven groupId that conforms with Maven central repo conventions by mikesamuel · 12 years ago
  73. 8c2fe50 cut release r133 by mikesamuel · 12 years ago
  74. 0455516 packaging distribution with recent changes to allow policy builder policies to control which tags can contain non-whitespace text nodes by mikesamuel · 12 years ago
  75. 79b4c29 added methods to the policy builder to specify which elements are allowed to contain text. By default text is allowed in any allowed element that can contain normal flow or block content, but disallowed in CDATA elements like <iframe>. by mikesamuel · 12 years ago
  76. 46057fe a more maven central repo friendly release by mikesamuel · 12 years ago
  77. cd854c4 a cosmetic release that reorganizes the available jars to use maven central repo friendly naming conventions by mikesamuel · 12 years ago
  78. 70acc6e get our maven POM closer to that required by https://docs.sonatype.org/display/Repository/Central+Sync+Requirements by mikesamuel · 12 years ago
  79. 805c895 added download build target to ease creation of code.google download ZIP files by mikesamuel · 12 years ago
  80. 15b42cb release 123 by mikesamuel · 12 years ago
  81. dcf7fb9 release r124 by mikesamuel · 12 years ago
  82. f178a50 updated change log by mikesamuel · 12 years ago
  83. 63dba94 added restrictions to the TagBalancingHtmlStreamEventReceiver so non-whitespace text nodes can only appear where phrasing content, flow content, or regular character data are allowed. This means that an <li> is added around "two" in <ul><li>one</li>two</ul>. changed to tag balancer to also recognize that </h3> and friends close any open header. by mikesamuel · 12 years ago
  84. 1ecbdce fix issue 7: misnested lists. Changes tag balancer to insert block container elements when a block or flow content element is seen in a context where block and flow elements are disallowed. by mikesamuel · 12 years ago
  85. 8c4f5bf get rid of IDE warning by mikesamuel · 12 years ago
  86. 66e1dc5 added note to docs for make release by mikesamuel · 12 years ago
  87. f9fe2db cut release 117 by mikesamuel · 12 years ago
  88. 39e734a improved assertion error messages by mikesamuel · 12 years ago
  89. e715af4 new jars with XML compatibility changes and ID changes by mikesamuel · 12 years ago
  90. b54a71c added documentation to Makedile by mikesamuel · 12 years ago
  91. 0df9131 changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements by mikesamuel · 12 years ago
  92. 5da20b0 distrib with most recent intrustion detection APIs by mikesamuel · 12 years ago
  93. d687f1e added intrustion detection version of PolicyFactory.sanitize by mikesamuel · 12 years ago
  94. 4793dee distrib including intrusion detection support by mikesamuel · 12 years ago
  95. 68c898c added convenience APIs for intrusion detection hooks by mikesamuel · 12 years ago
  96. 6f2fc04 added an interstitial layer that can report dropped tags and attributes to an intrusion detection system by mikesamuel · 12 years ago
  97. 77c5917 upgrade Guava to release 11 by mikesamuel · 12 years ago
  98. ec10d1e cut maven release r106 by mikesamuel · 12 years ago
  99. c9415e2 fixed typo in comment by mikesamuel · 12 years ago
  100. c1d75e2 added change log entry for r104 by mikesamuel · 12 years ago