Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-50756

Upgrade AntiSamy from 1.4.4 to 1.5.3 and antisamy-ebay-1.3.xml to antisamy-ebay-1.4.4.xml

    Details

      Description

      Upgrade underlying library to the latest version:

      http://repository.sonatype.org/service/local/artifact/maven/redirect?r=central-proxy&g=org.owasp.antisamy&a=antisamy&v=LATEST

      List of changes (taken from git log):

      [maven-release-plugin] prepare for next development iteration
      [maven-release-plugin] prepare release antisamy-project-1.5.3
      Simplified stack operation, no functional change
      Removed uneccessary strings
      Fixed reported xss on dom scanner
      Testcase for bug
      [maven-release-plugin] prepare for next development iteration
      [maven-release-plugin] prepare release antisamy-project-1.5.2
      Added isAction method to tag
      cleared error messages
      Fixed problem where attribute could slip through scanning
      
      Testcase submitted by Dan Rabe
      Added testcase for whitespace mangling
      Added testcase for whitespace problem
      [maven-release-plugin] prepare for next development iteration
      [maven-release-plugin] prepare release 1.5.1
      Made iteration order predictable so test does not break on jdk1.5
      Added cloneWithDirective
      Moved inpustream constructor back to policy, removed deprecation, added excplicit fail when includes used with InputStream
      Removing static variable
      Moved SAX scanner from thread local to static object cache
      Moved DOM scanner from thread local to static object cache
      Extracted common profiling test for sax & dom
      Removed useless and incorrect encoding parameters
      Changed test
      Converted test to JUnit4
      Moved regex construction partially to Attribute, to hide more visibility
      Slight optimizations sax scanner
      Tweaked elapsed time calculation
      Introduced the concept of many small methods as oppsoed to one large
      Extracted methods
      Minor cleanups
      [maven-release-plugin] prepare for next development iteration
      [maven-release-plugin] prepare release antisamy-project-1.5
      More relase profile stuff
      Tweaked gpg plugin
      Updated to latest release plugin
      Removed xerces as dependency
      
      Fixed issue #133
      Added testcases for some issues
      Added missing html tags
      
      This fixes issue 135. Suggested by Daniel Rabe
      Fixed NPE when all children of a node pending removal were also removed
      
      Added testcase
      
      This fixes issue 147
      Make transformerfactory synchronized static
      
      Patch by Daniel Rabe, applied somewhat modified
      Tiny optimizations that no-one will ever care about
      Changed method to case sensitive by default
      Introduced more internal policy values
      Added more getters for internal values
      Added threadlocal context to dom parser too
      Added InternalPolicy class to expose getters instead of all those hashmap lookups
      Excluded head tag from emtpty check, later neko versions always add it
      Avoided reconstructing sax filter
      Made dom scanner faster by making serialid output optional (if you only
      validate)
      Split test in 2 different tests
      Fixed line ending issue
      Upgraded nekohtml to (almost) the last version
      
      1.9.17 doesnt work
      Made test pass with newer versions of nekohtml
      Dont load policy twice in test
      Init resource bundle only once
      Reduced to one threadlocal
      Minor tweaks to avoid recomputing stuff
      Removed unused code
      Made property immutable
      Made Tag immutable
      Made Attribute immutable, simplified some policy construction
      Made policy immutable, slimmed down api
      Added TagMatcher to avoid list iteration
      Updated scm section git
      Added offline version of test sites to be able to build offline
      Cleaned policy class
      Split tests in 2, one for good one for bad
      Cleaned up poms, made dependencyManagement section
      Optimized matches/regex usage
      Optimized sax parser too
      Added .gitattributes
      Added a small testcase on regex speed
      Fixed line ending issue
      Java 1.5 here we go. Upped version to 1.5-SNAPSHOT
      Extracted 2 methods
      Cleaned up style warnings
      Added gitignore
      Optimized parser construction
      Optimized used of regexes
      Added testcase for short string speed test
      
      Upgraded to newest surefire to be able to run single test
      Applied patch submitted with issue 121 by Sean Sullivan.
      
      All tests should now pass.
      added differentiation between thats that can be self-closed (like br) and tags that are required to have a closing tag, regardless of innerText, like <iframe>
      
      added the ability to manipulate a policy's tag rules with a public api
      [maven-release-plugin] prepare for next development iteration
      [maven-release-plugin] prepare release antisamy-project-1.4.5
      updating year in copyright
      added a new directive, "entityEncodeIntlChars" (default: false).
      
      when true, "international" characters will be represented by their HTML entities as according to the HTML DTD. When false, they'll be echoed as-is, to the worry of the person who set this setting to true
      added <div> to sample policy files' list of self closed tags
      addressed the following issues: 114, 112, 109, 107, 106
      
      created a separate xml filter for SAX parser to handle the creation of invalid self-closed tags.
      removed a hard dependency on apache commons httpclient (httpclient classes are now lazyloaded)
      fixed newline discrepancies
      added more test cases
      added test case for issue #107 (couldn't reproduce, but it let to a good test that we'll keep around)
      
      test cases added for all new features/regressions/fixes
      initial eclipse import
      [maven-release-plugin] prepare for next development iteration

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support