From 969786d6f05bf1167b693aa2bcc4cd3cf74c2aac Mon Sep 17 00:00:00 2001 From: Mike Samuel Date: Mon, 10 Jun 2019 16:51:10 -0400 Subject: [PATCH] Release candidate 20190610.1 --- README.md | 10 +++++----- aggregate/pom.xml | 4 ++-- change_log.md | 2 ++ docs/getting_started.md | 10 +++++----- docs/maven.md | 2 +- empiricism/pom.xml | 4 ++-- html-types/pom.xml | 4 ++-- parent/pom.xml | 2 +- pom.xml | 2 +- 9 files changed, 21 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 566afb14..54a2616f 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ how to get started with or without Maven. ## Prepackaged Policies You can use -[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/Sanitizers.html): +[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/Sanitizers.html): ```Java PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS); @@ -44,7 +44,7 @@ String safeHTML = policy.sanitize(untrustedHTML); The [tests](https://github.com/OWASP/java-html-sanitizer/blob/master/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java) show how to configure your own -[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/HtmlPolicyBuilder.html): +[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/HtmlPolicyBuilder.html): ```Java PolicyFactory policy = new HtmlPolicyBuilder() @@ -59,7 +59,7 @@ String safeHTML = policy.sanitize(untrustedHTML); ## Custom Policies You can write -[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/ElementPolicy.html) +[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/ElementPolicy.html) to do things like changing `h1`s to `div`s with a certain class: ```Java @@ -82,7 +82,7 @@ need to be explicitly whitelisted using the `allowWithoutAttributes()` method if you want them to be allowed through the filter when these elements do not include any attributes. -[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks. +[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks. ```Java new HtmlPolicyBuilder = new HtmlPolicyBuilder() @@ -150,7 +150,7 @@ of the output. ## Telemetry -When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/HtmlChangeListener.html). +When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/HtmlChangeListener.html). You can use this to keep track of policy violation trends and find out when someone is making an effort to breach your security. diff --git a/aggregate/pom.xml b/aggregate/pom.xml index 619e18af..bb893ce7 100644 --- a/aggregate/pom.xml +++ b/aggregate/pom.xml @@ -3,12 +3,12 @@ com.googlecode.owasp-java-html-sanitizer aggregate pom - 20190503.2-SNAPSHOT + 20190610.1 ../parent com.googlecode.owasp-java-html-sanitizer parent - 20190503.2-SNAPSHOT + 20190610.1 diff --git a/change_log.md b/change_log.md index db631b00..9c9e0b32 100644 --- a/change_log.md +++ b/change_log.md @@ -1,6 +1,8 @@ # OWASP Java HTML Sanitizer Change Log Most recent at top. + * Release 20190610.1 + * Recognize named HTML entities added in the last few years. * Release 20190503.1 * Make Encoding class public so that clients can use HTML text decoder. * Fix bug in srcset handling. diff --git a/docs/getting_started.md b/docs/getting_started.md index 62893edc..b886eaa2 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -30,16 +30,16 @@ it to HTML. The [javadoc](http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/) covers more detailed topics, including -[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/HtmlPolicyBuilder.html). +[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/HtmlPolicyBuilder.html). Important classes are: - * [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies. - * [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies. + * [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies. + * [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies. For advanced use, see: - * [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization. - * [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output. + * [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization. + * [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output. ## Asking Questions diff --git a/docs/maven.md b/docs/maven.md index b1e57591..14839d35 100644 --- a/docs/maven.md +++ b/docs/maven.md @@ -23,7 +23,7 @@ Bigger numbers are more recent and the [change log](../change_log.md) can shed light on the salient differences. You should be able to build with the HTML sanitizer. You can read the -[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190503.1/index.html), +[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20190610.1/index.html), and if you have questions that aren't answered by these wiki pages, you can ask on the [mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support). diff --git a/empiricism/pom.xml b/empiricism/pom.xml index ee94b03f..f445b362 100644 --- a/empiricism/pom.xml +++ b/empiricism/pom.xml @@ -2,13 +2,13 @@ 4.0.0 com.googlecode.owasp-java-html-sanitizer html-types - 20190503.2-SNAPSHOT + 20190610.1 jar ../parent com.googlecode.owasp-java-html-sanitizer parent - 20190503.2-SNAPSHOT + 20190610.1 empiricism diff --git a/html-types/pom.xml b/html-types/pom.xml index 361b3ea6..f5ee8715 100644 --- a/html-types/pom.xml +++ b/html-types/pom.xml @@ -2,13 +2,13 @@ 4.0.0 com.googlecode.owasp-java-html-sanitizer html-types - 20190503.2-SNAPSHOT + 20190610.1 jar ../parent com.googlecode.owasp-java-html-sanitizer parent - 20190503.2-SNAPSHOT + 20190610.1 OWASP Java HTML Sanitizer Safe HTML Compatibility diff --git a/parent/pom.xml b/parent/pom.xml index 77656424..042f7e93 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -2,7 +2,7 @@ 4.0.0 com.googlecode.owasp-java-html-sanitizer parent - 20190503.2-SNAPSHOT + 20190610.1 pom diff --git a/pom.xml b/pom.xml index 0d83cee1..2650a75f 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ parent com.googlecode.owasp-java-html-sanitizer parent - 20190503.2-SNAPSHOT + 20190610.1 OWASP Java HTML Sanitizer