diff --git a/README.md b/README.md
index 3d4a21d8..96f26527 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ how to get started with or without Maven.
## Prepackaged Policies
You can use
-[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/Sanitizers.html):
+[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/Sanitizers.html):
```Java
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
@@ -47,7 +47,7 @@ String safeHTML = policy.sanitize(untrustedHTML);
The
[tests](https://github.com/OWASP/java-html-sanitizer/blob/main/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java)
show how to configure your own
-[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlPolicyBuilder.html):
+[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/HtmlPolicyBuilder.html):
```Java
PolicyFactory policy = new HtmlPolicyBuilder()
@@ -62,7 +62,7 @@ String safeHTML = policy.sanitize(untrustedHTML);
## Custom Policies
You can write
-[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/ElementPolicy.html)
+[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/ElementPolicy.html)
to do things like changing `h1`s to `div`s with a certain class:
```Java
@@ -85,7 +85,7 @@ need to be explicitly whitelisted using the `allowWithoutAttributes()`
method if you want them to be allowed through the filter when these
elements do not include any attributes.
-[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks.
+[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks.
```Java
new HtmlPolicyBuilder = new HtmlPolicyBuilder()
@@ -153,7 +153,7 @@ of the output.
## Telemetry
-When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlChangeListener.html).
+When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/HtmlChangeListener.html).
You can use this to keep track of policy violation trends and find out when someone
is making an effort to breach your security.
diff --git a/aggregate/pom.xml b/aggregate/pom.xml
index 7b1f5bab..9e1e3f7a 100644
--- a/aggregate/pom.xml
+++ b/aggregate/pom.xml
@@ -3,12 +3,12 @@
com.googlecode.owasp-java-html-sanitizer
aggregate
pom
- 20220608.2-SNAPSHOT
+ 20240325.1
..
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
diff --git a/change_log.md b/change_log.md
index 04324a49..8768a95c 100644
--- a/change_log.md
+++ b/change_log.md
@@ -1,6 +1,16 @@
# OWASP Java HTML Sanitizer Change Log
Most recent at top.
+ * Release 20240325.1
+ * Remove dependency on Guava
+ * Raise minimum supported JVM release to 8
+ * HTML: Avoid duplicate link `rel` values.
+ * HTML: Recognize foreign content syntactic context: `mathml` / `svg`.
+ * CSS: Better support for `font-size`, `overflow-wrap`, `word-break`.
+ * CSS: Better child combinator parsing.
+ * Bug: Fixed out of bounds when mixing global style attribute with others.
+ * Special thanks to (in lexicographic order):
+ Claudio Weiler, Josh England, Prakhar Maurya, Sven Strickroth, subbudvk
* Release 20220608.1
* Fix bugs in CSS tokenization
* Fix deocding of HTML character references that lack semicolons
diff --git a/docs/getting_started.md b/docs/getting_started.md
index fdb5addf..131bee2a 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -29,16 +29,16 @@ it to HTML.
The
[javadoc](http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/)
covers more detailed topics, including
-[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlPolicyBuilder.html).
+[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/HtmlPolicyBuilder.html).
Important classes are:
- * [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
- * [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
+ * [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
+ * [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
For advanced use, see:
- * [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization.
- * [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
+ * [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization.
+ * [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
## Asking Questions
diff --git a/docs/maven.md b/docs/maven.md
index c24a0464..afc82bb6 100644
--- a/docs/maven.md
+++ b/docs/maven.md
@@ -23,7 +23,7 @@ Bigger numbers are more recent and the [change log](../change_log.md)
can shed light on the salient differences.
You should be able to build with the HTML sanitizer. You can read the
-[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20220608.1/index.html),
+[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20240325.1/index.html),
and if you have questions that aren't answered by these wiki pages,
you can ask on the
[mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support).
diff --git a/empiricism/pom.xml b/empiricism/pom.xml
index 0679df4b..981a0fbd 100644
--- a/empiricism/pom.xml
+++ b/empiricism/pom.xml
@@ -2,13 +2,13 @@
4.0.0
com.googlecode.owasp-java-html-sanitizer
html-types
- 20220608.2-SNAPSHOT
+ 20240325.1
jar
..
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
empiricism
diff --git a/html-types/pom.xml b/html-types/pom.xml
index c3fdcc79..234c8d73 100644
--- a/html-types/pom.xml
+++ b/html-types/pom.xml
@@ -2,13 +2,13 @@
4.0.0
com.googlecode.owasp-java-html-sanitizer
html-types
- 20220608.2-SNAPSHOT
+ 20240325.1
bundle
..
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
OWASP Java HTML Sanitizer Safe HTML Compatibility
diff --git a/java10-shim/pom.xml b/java10-shim/pom.xml
index 21b96c35..2e0d8d38 100644
--- a/java10-shim/pom.xml
+++ b/java10-shim/pom.xml
@@ -6,13 +6,13 @@
..
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
Java 10 Shim
Provides an implementation of java8-shim that interoperates with
- Java >= 10 idioms for immutable collections.
+ Java >= 10 idioms for immutable collections.
@@ -24,6 +24,13 @@
10
+
+ org.apache.maven.plugins
+ maven-release-plugin
+
+ -Dmaven.javadoc.skip=true
+
+
diff --git a/java10-shim/src/main/java/org/owasp/shim/Notice.java b/java10-shim/src/main/java/org/owasp/shim/Notice.java
new file mode 100644
index 00000000..871cbede
--- /dev/null
+++ b/java10-shim/src/main/java/org/owasp/shim/Notice.java
@@ -0,0 +1,8 @@
+package org.owasp.shim;
+
+/**
+ * This bundle has no useful public classes as it serves only to provide an
+ * implementation class loaded reflectively. See Java8Shim for details.
+ */
+public class Notice {
+}
diff --git a/java8-shim/pom.xml b/java8-shim/pom.xml
index c414253b..ab0e3f30 100644
--- a/java8-shim/pom.xml
+++ b/java8-shim/pom.xml
@@ -6,7 +6,7 @@
..
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
Java 8 Shim
diff --git a/owasp-java-html-sanitizer/pom.xml b/owasp-java-html-sanitizer/pom.xml
index 9b9dd8b2..3c9bdf5f 100644
--- a/owasp-java-html-sanitizer/pom.xml
+++ b/owasp-java-html-sanitizer/pom.xml
@@ -6,7 +6,7 @@
..
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
OWASP Java HTML Sanitizer
diff --git a/pom.xml b/pom.xml
index 94bce32c..057850df 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2,7 +2,7 @@
4.0.0
com.googlecode.owasp-java-html-sanitizer
parent
- 20220608.2-SNAPSHOT
+ 20240325.1
pom