| Age | Commit message (Collapse) | Author |
|---|
|
See build/soong/README.md for more information.
Change-Id: I0d1fefbe6dfa0301940fbe88607a8115b2c77414
Fixes: 122332076
Test: treehugger
|
|
Bug: 33166666
Test: gerrit uploader
Change-Id: I2ecf3ae99bb4daee1ad4d5f5fe27a3f2ff92a8b1
|
|
b/14567151
This check-in introduces the sanitizer class and the necessary build
changes to compile it. A sibling checkin will actually call it.
Change-Id: I6b6a15b31a5b6be4fcd666a269dd2ccbe9e9fd50
|
|
* commit '21740b346bf7ea283afa1582b34f7dc7bfc274e0':
Add NOTICE and MODULE_LICENSE_APACHE2
|
|
* commit 'f5c2f485ba415087e66e9c407365ea07606f1e61':
cut maven release r232
|
|
* commit '2cf15c456fb69a6f1d12f704dcdf4a0164963fd9':
updated distribution to r232
|
|
* commit '6908fbb245bd67cbcac99826485830acfcfdf001':
updated change log
|
|
* commit '550c8d3230c152db7156b266d089512b72ac0024':
Fixed shift underflow bug in interElementWhitespace checking.
|
|
store globals and apply its globals to the other factory when combining PolicyFactories via PolicyFactory.and
* commit '9c0798e090ee7db347657ed2b8604ce26fbe74d1':
issue 28: fix Sanitizer.STYLES by changing PolicyFactory to store globals and apply its globals to the other factory when combining PolicyFactories via PolicyFactory.and
|
|
* commit 'd86290faea7165946969d0052b1244d87f2139bb':
Recognize that <basefont> is an empty element
|
|
* commit 'c8c80c512a678b9f18c7897de28b7f13db149cc1':
rotating key used to sign jars after death of lappytop
|
|
* commit '46c777f3b673c15229003ec585c8817ab411382d':
updated current distribution
|
|
* commit 'c87a3523f48941f23c4b42fd0df97742eb102e08':
update change log
|
|
* commit '10f18856cda13e8f5ff16c26d965c2577f943457':
upgraded findbugs to 2.0.3
|
|
* commit '299511715e3425b6525aa34332610e41975e77b2':
fixed findbugs warning about missing default
|
|
allowWithoutAttributes overrides of elements like <img>,<a>,<span> that are by-default dropped without elements
* commit 'e5d1831401c6302339a6902f790d7c133f8a4b55':
fixed issue 23 : ANDing two policies was confused by allowWithoutAttributes overrides of elements like <img>,<a>,<span> that are by-default dropped without elements
|
|
more likely to catch bus involving unexpected triggering of Turkish-specific case-folding rules
* commit '39d10def34391c50fbb0e3420615014f124000cc':
Run tests with the default locale set to Turkish so that we are more likely to catch bus involving unexpected triggering of Turkish-specific case-folding rules
|
|
* commit '7d0755627f174ec9d5f148bd9fa3a5cc732edb3f':
fix issue 24: protocol whitelisting not case-insensitive
|
|
issue https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=25
* commit '36633f880daebe2d5a3360ebfe57df5bd4a6e53a':
added possessive quantifier to OFFSITE_URL regex to address issue https://code.google.com/p/owasp-java-html-sanitizer/issues/detail?id=25
|
|
* commit 'fad0ad7c601b441c699c817a778d1e4ea51fa8f5':
add srcset attribute to the list of URL attributes
|
|
* commit 'd619c4a1a90430a4111eb71444350aa321a289db':
some machinery for extracting data tables from browsers
|
|
lawyering.
* commit '29485df1063d171e17769b5ad55128abb979a846':
fixed year in file header. Damn file headers and cargo-cult lawyering.
|
|
* commit 'aab0cbeeb7abb201e1ed154fd1db4e4846e51692':
unit tests for UrlTextExample
|
|
* commit '9527772b09c52dc9adbf1624bd150f4d8e826153':
fixes for UrlTextExample
|
|
links and images
* commit '1834ad78fccdbe09c0fec7a79f854fda8b9a6fcd':
an example that explains how to use event receivers to annotate links and images
|
|
* commit 'bcceb34c231593a716c703e490ebf58df37a781e':
release r209 built from clean with CssSchema
|
|
* commit '3e6cbb572cdf96bb8c1c5a0d11af9dcf46e169e6':
ditching r205 as release candidate
|
|
* commit '2b871d59c3bb0e0b0e63c229387ed5b807da3765':
making distrib from clean
|
|
* commit 'd64cc8cc3828d8aebbf3849d31514c5dd9da422b':
cut a release with CssSchema changes : r205
|
|
* commit '9b049e7adaa7a4a2d69e2e258f1c274724b1e0a8':
distribution with CssSchema changes
|
|
white-list further properties per https://groups.google.com/forum/#!topic/owasp-java-html-sanitizer-support/ZFxMMOh8dyk
* commit '8ee01758dfc6f9871c2d4da44b4ce106c6be8020':
reworked the public API of CssSchema to allow clients to white-list further properties per https://groups.google.com/forum/#!topic/owasp-java-html-sanitizer-support/ZFxMMOh8dyk
|
|
* commit 'ff252bf1803947ae2266e8ddc58ef383225be32a':
cosmetic white-space change
|
|
* commit 'a1b4378ade2caa7a029abba418a37ed7b94e7a7f':
warning cleanup : field hiding
|
|
* commit '1879cfe0280822e90dca253a4908201b544f18e6':
r198 jars
|
|
* commit '62805f77bb2450bc07567ba9cefaa5f79b8e9671':
Cut release 198 with new CSS style sanitizer
|
|
* commit 'ce5bde40e2e126de05105f09f1f965a5c70aaa94':
cosmetic fixes to source code : line wrapping and comments
|
|
collection of property filters, and the properties themselves which are now instances of an inner class. Added code to the policy builder to allow a styling policy to be created with a custom schema
* commit '1af054935066ae9db1476bef96ff224410edb1f4':
refactored CssSchema to distinguish between a schema, a collection of property filters, and the properties themselves which are now instances of an inner class. Added code to the policy builder to allow a styling policy to be created with a custom schema.
|
|
long running operations
* commit '44d782b87eb0aa32d8cf12a3d39be9de05b3c544':
some cosmetic tweaks to the part of the CSS fuzzer that logs long running operations
|
|
misclassification problems by throwing tons of random inputs at the lexer and checking overall properties like termination, idempotence, and pattern matching each output token.
* commit '5d249f1bf7938bbba10d2cbfdeb159220a6ea16c':
wrote a fuzzer for the CSS lexer to tease out token merging and misclassification problems by throwing tons of random inputs at the lexer and checking overall properties like termination, idempotence, and pattern matching each output token.
|
|
easier
* commit 'aaf3076dbab1d3484717a87085e27ec21c7217d1':
added main method to CssSchema to make reviewing the white-list easier
|
|
* commit 'adf65fa8048eaf04e12e2b36e3ad9a78429ce96b':
cleanup and deduping schema
|
|
continuations in strings, and stripped out debugging cruft
* commit '8a521140d4f962a2c91e12026ea61a5511b17bd2':
fleshed out CSS lexer tests, added handling for line continuations in strings, and stripped out debugging cruft
|
|
* commit '036155387b0beda0993f361b73b020b773e58708':
re-enable internet tests inherited from AntiSamy
|
|
* commit '6afee9b02bc894e2f91eec3ac2e7e9c0c30c2878':
clean up debugging cruft and IDE warnings
|
|
* commit '77740a73b282bd93c1541c4b7d7939ffd09b0432':
specify the shell explicitly in the Makefile
|
|
* commit 'b268f8745b09a77af2e8c77ffd376b6459bf4fec':
rewrite the CSS sanitizer to do token-level filtering
|
|
values derived from the Caja white-lists
* commit 'f8bc9acbd49eb8d97767129862426a9c865247ef':
a table of CSS properties and the tokens allowed in their values derived from the Caja white-lists
|
|
literals as unrestricted
* commit '5e810f7ffa3dc2f6baefc762abd7e4ad31a640cb':
remove debugging cruft and only treat properly lengthed hash literals as unrestricted
|
|
quantities with known suffices from those without
* commit '9f3ae6ac5732a614eb965a97f3d47d7acc21e98b':
fixed token merging of unicode ranges and differentiate quantities with known suffices from those without
|
|
over-estimates of time taken
* commit 'd00cdaa91560f50952d89e67383c4ce33c2b4ccc':
fixed bug: PB times were not using the factory resulting in over-estimates of time taken
|
