Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / owasp / sanitizer / refs/heads/int/10/fp2 / src
  1. 550c8d3 Fixed shift underflow bug in interElementWhitespace checking. by mikesamuel · 10 years ago
  2. 9c0798e issue 28: fix Sanitizer.STYLES by changing PolicyFactory to store globals and apply its globals to the other factory when combining PolicyFactories via PolicyFactory.and by mikesamuel · 10 years ago
  3. d86290f Recognize that <basefont> is an empty element by mikesamuel · 10 years ago
  4. 2995117 fixed findbugs warning about missing default by mikesamuel · 10 years ago
  5. e5d1831 fixed issue 23 : ANDing two policies was confused by allowWithoutAttributes overrides of elements like <img>,<a>,<span> that are by-default dropped without elements by mikesamuel · 10 years ago
  6. 7d07556 fix issue 24: protocol whitelisting not case-insensitive by mikesamuel · 10 years ago
  7. 36633f8 added possessive quantifier to OFFSITE_URL regex to address issue https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=25 by mikesamuel · 10 years ago
  8. fad0ad7 add srcset attribute to the list of URL attributes by mikesamuel · 10 years ago
  9. 29485df fixed year in file header. Damn file headers and cargo-cult lawyering. by mikesamuel · 11 years ago
  10. aab0cbe unit tests for UrlTextExample by mikesamuel · 11 years ago
  11. 9527772 fixes for UrlTextExample by mikesamuel · 11 years ago
  12. 1834ad7 an example that explains how to use event receivers to annotate links and images by mikesamuel · 11 years ago
  13. 8ee0175 reworked the public API of CssSchema to allow clients to white-list further properties per https://groups.google.com/forum/#!topic/owasp-java-html-sanitizer-support/ZFxMMOh8dyk by mikesamuel · 11 years ago
  14. ff252bf cosmetic white-space change by mikesamuel · 11 years ago
  15. a1b4378 warning cleanup : field hiding by mikesamuel · 11 years ago
  16. ce5bde4 cosmetic fixes to source code : line wrapping and comments by mikesamuel · 11 years ago
  17. 1af0549 refactored CssSchema to distinguish between a schema, a collection of property filters, and the properties themselves which are now instances of an inner class. Added code to the policy builder to allow a styling policy to be created with a custom schema. by mikesamuel · 11 years ago
  18. 44d782b some cosmetic tweaks to the part of the CSS fuzzer that logs long running operations by mikesamuel · 11 years ago
  19. 5d249f1 wrote a fuzzer for the CSS lexer to tease out token merging and misclassification problems by throwing tons of random inputs at the lexer and checking overall properties like termination, idempotence, and pattern matching each output token. by mikesamuel · 11 years ago
  20. aaf3076 added main method to CssSchema to make reviewing the white-list easier by mikesamuel · 11 years ago
  21. adf65fa cleanup and deduping schema by mikesamuel · 11 years ago
  22. 8a52114 fleshed out CSS lexer tests, added handling for line continuations in strings, and stripped out debugging cruft by mikesamuel · 11 years ago
  23. 0361553 re-enable internet tests inherited from AntiSamy by mikesamuel · 11 years ago
  24. 6afee9b clean up debugging cruft and IDE warnings by mikesamuel · 11 years ago
  25. b268f87 rewrite the CSS sanitizer to do token-level filtering by mikesamuel · 11 years ago
  26. f8bc9ac a table of CSS properties and the tokens allowed in their values derived from the Caja white-lists by mikesamuel · 11 years ago
  27. 5e810f7 remove debugging cruft and only treat properly lengthed hash literals as unrestricted by mikesamuel · 11 years ago
  28. 9f3ae6a fixed token merging of unicode ranges and differentiate quantities with known suffices from those without by mikesamuel · 11 years ago
  29. d00cdaa fixed bug: PB times were not using the factory resulting in over-estimates of time taken by mikesamuel · 11 years ago
  30. 6142e97 undid disabling of internet tests inherited from AntiSamy by mikesamuel · 11 years ago
  31. 195fd71 fleshed out tests for new CSS lexer by mikesamuel · 11 years ago
  32. 87a0aa3 debugged bracket indices and fixed bugs in space allocation on unclosed bracket pairs at end of input and in the mapping from close-brackets to their partners by mikesamuel · 11 years ago
  33. b600c3c REGRESSION RISK: replace CSS lexer based on regular expressions with one that does not backtrack or left-recurse. This new code has not yet been thorougly tested. Fuzzing and hardening will happen in follow-on CLs but it is not yet suitable for stable. by mikesamuel · 11 years ago
  34. 4a4efac fix typo in documentation by mikesamuel · 11 years ago
  35. be66603 cleanup IDE warnings about methods that could be static by mikesamuel · 11 years ago
  36. 8e2bb42 allow for verbose test running and running tests with assertions enabled by mikesamuel · 11 years ago
  37. dce9ad7 box model handling for styles by mikesamuel · 11 years ago
  38. 783908c fixed tag balancer so that implicit end tags are not generated for scope-introducing elements like tables and list items when a close tag ought to be restricted to an element within that scope by mikesamuel · 11 years ago
  39. 71e338d removed bogus comment by mikesamuel · 11 years ago
  40. 0ca1e3c unused import by mikesamuel · 11 years ago
  41. 4c1e341 modify the HTML schema in TagBalancingHtmlStreamEventReceiver to make sure character data is allowed in option elemens by mikesamuel · 11 years ago
  42. 6ca215a fixed minor bug in EbayPolicyExample which exposed a bug in requireRelNofFollowOnLinks that was half-heartedly allowing links by mikesamuel · 11 years ago
  43. c514942 IDE warning cleanup by mikesamuel · 11 years ago
  44. d9475f7 test fix. fallout from findbugs cleanup by mikesamuel · 11 years ago
  45. 489a0ec upgraded to most recent version of findbugs by mikesamuel · 11 years ago
  46. 6a63b45 removed unused imports by mikesamuel · 11 years ago
  47. 7fb0629 fixed bug: use of identity hashcode spuriously triggered an underflow check by mikesamuel · 11 years ago
  48. a90a92d added test from issue 9 by mikesamuel · 11 years ago
  49. c517d7c instead of creating <font> elements when sanitizing CSS, just do a better job of white-listing and sanitizing font faces, sizes, and alignment. This fixes problems whereby font elements were being introduced into tables but outside the table cells they were meant to style and which can legally contain them by mikesamuel · 11 years ago
  50. fbd0573 test anding of policy factories that have overlapping element and attribute policies by mikesamuel · 11 years ago
  51. eec952b test anding of policy factories that have overlapping element and attribute policies by mikesamuel · 11 years ago
  52. 0904bd6 commented out unused function by mikesamuel · 11 years ago
  53. 6f71b09 added test coverage report generation target to Makefile by mikesamuel · 11 years ago
  54. 79b4c29 added methods to the policy builder to specify which elements are allowed to contain text. By default text is allowed in any allowed element that can contain normal flow or block content, but disallowed in CDATA elements like <iframe>. by mikesamuel · 12 years ago
  55. 63dba94 added restrictions to the TagBalancingHtmlStreamEventReceiver so non-whitespace text nodes can only appear where phrasing content, flow content, or regular character data are allowed. This means that an <li> is added around "two" in <ul><li>one</li>two</ul>. changed to tag balancer to also recognize that </h3> and friends close any open header. by mikesamuel · 12 years ago
  56. 1ecbdce fix issue 7: misnested lists. Changes tag balancer to insert block container elements when a block or flow content element is seen in a context where block and flow elements are disallowed. by mikesamuel · 12 years ago
  57. 8c4f5bf get rid of IDE warning by mikesamuel · 12 years ago
  58. 0df9131 changed rendering to ensure that the output HTML is always valid XML when the policy prohibits HTML raw text & RCDATA elements by mikesamuel · 12 years ago
  59. d687f1e added intrustion detection version of PolicyFactory.sanitize by mikesamuel · 12 years ago
  60. 68c898c added convenience APIs for intrusion detection hooks by mikesamuel · 12 years ago
  61. 6f2fc04 added an interstitial layer that can report dropped tags and attributes to an intrusion detection system by mikesamuel · 12 years ago
  62. c9415e2 fixed typo in comment by mikesamuel · 12 years ago
  63. d78e82d Tweak lexer token grammar to handle XML prologues, processing instructions and HTML5 bogus comments properly. HTML5 transitions into a bogus comment state on seeing "<?" from a data state and ends at the first ">" or end of file token seen. XML Processing instructions and XML Prologues are both subsets of this production. This changes the lexer to use that grammar instead of ending at "?>" or end of file which handles comments that Outlook puts in HTML copied from an email. The lexer is not in the TCB so this change is low risk. by mikesamuel · 12 years ago
  64. e7e78dd Fix issue 5: protocol filtering failed to match the proper substring against the allowed protocol set. by mikesamuel · 12 years ago
  65. ed543b3 testcase for NULs by mikesamuel · 12 years ago
  66. b530bfd Rework handling of raw-text elements to avoid browser confusion by mikesamuel · 13 years ago
  67. 1bfae83 fix IE8 innerHTML issue by mikesamuel · 13 years ago
  68. 5b7822a reworked color handling in StylingPolicy to allow background and to only ever output #hex colors by mikesamuel · 13 years ago
  69. 40d8af7 allow font sizes to be specified in pixels by mikesamuel · 13 years ago
  70. d702e7e Fixed initialization error in example and added test to make sure the examples run by mikesamuel · 13 years ago
  71. 4d17cd9 adjusted document depth limit based on default from WebCore by mikesamuel · 13 years ago
  72. 3f54e49 Fix issue 3: "Deeply nested elements crash FF 8, Chrome 11" by not emitting any tokens from TagBalancingHtmlStreamEventReceiver when the open element stack exceeds a nestingLimit. This limit is 128 based on some data on table nesting levels seen in the wild by Opera but I am continuing to look for info about the distribution of actual nesting depth for documents in the wild. by mikesamuel · 13 years ago
  73. 6434d0d more javadoc fixes by mikesamuel · 13 years ago
  74. d7c2f9f fixed javadoc by mikesamuel · 13 years ago
  75. 38bb37b Added Sanitizers class with prepackage policies, extracted the policy implementation from HtmlPolicyBuilder and extended it with convenience methods sanitize(String) and and(..) which allows composition of built policy factories. by mikesamuel · 13 years ago
  76. 6691ce1 Updated list of void HTML elements by mikesamuel · 13 years ago
  77. f27efcb Fixed bug: badHtmlHandler not receiving output when ioHandler is defanged by mikesamuel · 13 years ago
  78. a22c520 fix truncated comment by mikesamuel · 13 years ago
  79. dc2e862 Tweaked whitespace by mikesamuel · 13 years ago
  80. 756bebf Rework regular expressions in EbayPolicyExample to not capture unnecessary content, and to not backtrack on invalid inputs. Other minor fixes to spelling and . exclusion. by mikesamuel · 13 years ago
  81. f1c8887 Changed HtmlStreamRenderer to encode supplemental codepoints as HTML numeric entities to avoid UTF-16/UCS-2 confusion in the browser, and to avoid having Java UTF-8 encode individual surrogates instead of using the longer UTF-8 encoded forms. by mikesamuel · 13 years ago
  82. 2c68185 Added new HTML5 URL attributes to the list of URL attributes that are guarded by the URL safeguards in HtmlPolicyBuilder. by mikesamuel · 13 years ago
  83. 75d905c Simplified null parameter handling in HtmlSanitizer.sanitize to present a consistently non-null html parameter to the whole function body. If html is null, the loop will be entered but there's no need to confuse the JIT with calls to substring on a value that's been checked for null earlier in the method. by mikesamuel · 13 years ago
  84. ee7fe14 Changed HtmlSanitizer.sanitize to allow a null string of HTML as input. by mikesamuel · 13 years ago
  85. c4058d9 Commented example policies by mikesamuel · 13 years ago
  86. 109b245 Fleshed out styling policy with some of the most popular CSS properties from http://triin.net/2006/06/12/CSS by mikesamuel · 13 years ago
  87. 5a047cb Added a fuzzer for the HTML sanitizer and fixed a bug it exposed in numeric entity decoding. by mikesamuel · 13 years ago
  88. f06f9a5 Added a fuzzer test that checks that the parser is not in the TCB. by mikesamuel · 13 years ago
  89. 8560af5 Fixed CDATA rendering by mikesamuel · 13 years ago
  90. 846d5d0 refactor HtmlPolicyBuilder so allowAttribute calls can be applied to multiple elements and so that element name and attribute names are supplied unambiguously in the order the name implies. by mikesamuel · 13 years ago
  91. b0d421a tweaked by mikesamuel · 13 years ago
  92. 6f896a5 EBay policy example derived from antisamy by mikesamuel · 13 years ago
  93. 503b46e Added text-decoration support to styling policy by mikesamuel · 13 years ago
  94. 04fec67 Added an example to mirror the AntiSamy slashdot use case by mikesamuel · 13 years ago
  95. 27b4be9 Wrote a tag balancer that correctly handles containment relationships. by mikesamuel · 13 years ago
  96. 6d8c2e9 comment cleanup and added target to Makefile to run tests by mikesamuel · 13 years ago
  97. a35e496 comments by mikesamuel · 13 years ago
  98. 2d52178 javadoc fixup by mikesamuel · 13 years ago
  99. 8403881 added license headers and a license.txt file by mikesamuel · 13 years ago
  100. 4e86790 Revamped to use a policy builder pattern instead of requiring people to write their own policies. by mikesamuel · 13 years ago