Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Edited CssSchema to preserve hsl() and hsla() functions #214

Closed
wants to merge 9 commits into from
Closed

Edited CssSchema to preserve hsl() and hsla() functions #214

wants to merge 9 commits into from

Conversation

aakritisi
Copy link
Contributor

Fixed issue #212

mikesamuel and others added 9 commits June 15, 2020 11:44
@mikesamuel
s/master/main/ for default branch
e6dd2ea
@mikesamuel
Release candidate 20200615.1
f3f56d4
@mikesamuel
Bumped dev version
fd6b2dd
@mikesamuel
Do not lcase element or attribute names that match SVG or MathML name… (
eb6ef02 
#206)

* Do not lcase element or attribute names that match SVG or MathML names exactly

> Currently all names are converted to lowercase which is ok when
> you're using it for HTML only, but if there is an SVG image nested
> inside the HTML it breaks.  For example, when `viewBox` attribute is
> converted to `viewbox` the image is not displayed correctly.

This commit splits *HtmlLexer*.*canonicalName* into variants which preserve
items on whitelists derived from the SVG and MathML specifications, and
adjusts callers of *canonicalName* to use the appropriate variant.

Fixes #182

* add unittests for mixed-case SVG names
@mikesamuel
Release candidate 20200713.1
25c3d64
@mikesamuel
Bumped dev version
ffe5cfa
@mikesamuel
we use spotbugs now instead of findbugs
c7db2d4
@mikesamuel
s/master/main/ in doc URLs
ca40697
@aakritisi
Update CssSchema.java
f615a66
@aakritisi aakritisi changed the title Edited CssSchema.java file to preserve hsl() and hsla() functions Edited CssSchema to preserve hsl() and hsla() functions Dec 5, 2020
@aakritisi aakritisi changed the base branch from main to master December 5, 2020 21:04
@mikesamuel
Copy link
Contributor

I believe the CI failures are spurious, due to a vulnerability in Junit which does not affect us

  • because junit is only a test dependency
  • because our tests do not use TemporaryFolder

but we have vulnerability scan checks in our CI just to be safe. I'll update the JUnit version so a pull from upstream should get the CI running green.

mikesamuel
mikesamuel reviewed Dec 7, 2020
View reviewed changes
change_log.md
* Change `.and` when combining two policies to respect explicit `skipIfEmpty` decisions.
* HTML entity decoding now follows HTML standard rules about when a semicolon is optional.
[Fixes #193](https://github.com/OWASP/java-html-sanitizer/issues/193)
* Fix table formatting [#137](https://github.com/OWASP/java-html-sanitizer/issues/137)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of the edits seem to be merge edits which makes this hard to review. Did you have a branch that was pointed at an older version? Can you reapply your patch to a new branch derived from HEAD?

@aakritisi aakritisi closed this Dec 9, 2020
@aakritisi aakritisi deleted the patch-1 branch December 9, 2020 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikesamuel mikesamuel mikesamuel left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aakritisi @mikesamuel