From 25c3d64c4c0764d86792a2e23b8f5498a449b9de Mon Sep 17 00:00:00 2001 From: Mike Samuel Date: Mon, 13 Jul 2020 11:37:22 -0400 Subject: [PATCH] Release candidate 20200713.1 --- README.md | 10 +++++----- aggregate/pom.xml | 4 ++-- change_log.md | 4 ++++ docs/getting_started.md | 10 +++++----- docs/maven.md | 2 +- empiricism/pom.xml | 4 ++-- html-types/pom.xml | 4 ++-- parent/pom.xml | 2 +- pom.xml | 2 +- 9 files changed, 23 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index dd2b3533..2f9708a2 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ how to get started with or without Maven. ## Prepackaged Policies You can use -[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/Sanitizers.html): +[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/Sanitizers.html): ```Java PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS); @@ -47,7 +47,7 @@ String safeHTML = policy.sanitize(untrustedHTML); The [tests](https://github.com/OWASP/java-html-sanitizer/blob/master/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java) show how to configure your own -[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlPolicyBuilder.html): +[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlPolicyBuilder.html): ```Java PolicyFactory policy = new HtmlPolicyBuilder() @@ -62,7 +62,7 @@ String safeHTML = policy.sanitize(untrustedHTML); ## Custom Policies You can write -[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/ElementPolicy.html) +[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/ElementPolicy.html) to do things like changing `h1`s to `div`s with a certain class: ```Java @@ -85,7 +85,7 @@ need to be explicitly whitelisted using the `allowWithoutAttributes()` method if you want them to be allowed through the filter when these elements do not include any attributes. -[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks. +[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks. ```Java new HtmlPolicyBuilder = new HtmlPolicyBuilder() @@ -153,7 +153,7 @@ of the output. ## Telemetry -When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlChangeListener.html). +When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlChangeListener.html). You can use this to keep track of policy violation trends and find out when someone is making an effort to breach your security. diff --git a/aggregate/pom.xml b/aggregate/pom.xml index 1dac6b95..c41fc9a5 100644 --- a/aggregate/pom.xml +++ b/aggregate/pom.xml @@ -3,12 +3,12 @@ com.googlecode.owasp-java-html-sanitizer aggregate pom - 20200615.2-SNAPSHOT + 20200713.1 ../parent com.googlecode.owasp-java-html-sanitizer parent - 20200615.2-SNAPSHOT + 20200713.1 diff --git a/change_log.md b/change_log.md index ce66fe97..9619abc5 100644 --- a/change_log.md +++ b/change_log.md @@ -1,6 +1,10 @@ # OWASP Java HTML Sanitizer Change Log Most recent at top. + * Release 20200713.1 + * Do not lower-case SVG/MathML names. + This shouldn't cause problems since it was hard to write policies for + SBG, but be aware that SVG's `