Revision
34417 -
Directory Listing
-
[select for diffs]
Modified
Wed May 9 10:41:12 2012 UTC
(8 years, 8 months ago)
by
jbloemendal
Diff to
previous 34416
CMS7-6095: root javascript element xss get transformed into head script xss
Add test to validate explicit allowed javascript as child of the body element is not getting cleaned.
Revision
34416 -
Directory Listing
-
[select for diffs]
Modified
Wed May 9 10:24:21 2012 UTC
(8 years, 8 months ago)
by
jbloemendal
Diff to
previous 34047
CMS7-6095: root javascript element xss get transformed into head script xss
XSS which is part of a head element with no following body element is not getting removed. The neko parser transforms the html structure, if no body element is present the HtmlRepairer is throwing an exception. The html-element cleanup method is split up into html- and head-element, in case the body-element is reached the head-element method is skipping further processing.
Revision
34016 -
Directory Listing
-
[select for diffs]
Modified
Tue Apr 10 11:33:03 2012 UTC
(8 years, 9 months ago)
by
jbloemendal
Diff to
previous 33994
HTMLCLEANER-39 the cleanupStartElement method is complex and it's descended method calls have duplicate code
The method and sub methods of cleanupStartElement are refactored and simplified. The elements are passing cleanUpAttributes and are set depending if after the cleanup elements without attributes are deleted or not.
Revision
33986 -
Directory Listing
-
[select for diffs]
Modified
Fri Apr 6 13:01:24 2012 UTC
(8 years, 9 months ago)
by
jjoachimsthal
Diff to
previous 33984
HTMLCLEANER-38 Add option to allow any CSS class in div, span, pre and p.
Use * as wildcard (which is not allowed as regular CSS classname so it cannot conflict with the output of the WYSIWYG editor)
Revision
32650 -
Directory Listing
-
[select for diffs]
Modified
Wed Jan 25 08:55:09 2012 UTC
(8 years, 11 months ago)
by
fvlankvelt
Diff to
previous 32340
CMS7-5822: more detailed verification of delete/insert handling by patcher
The tree decorator is more generic and allow easy subclassing to trace
operations made on the tree.
Revision
32333 -
Directory Listing
-
[select for diffs]
Modified
Wed Jan 4 15:17:41 2012 UTC
(9 years ago)
by
fvlankvelt
Diff to
previous 32282
CMS7-5688: turn JcrDiffException into a checked exception
The new PatchLog interface allows custom logging during application of patches.
Revision
32241 -
Directory Listing
-
[select for diffs]
Modified
Thu Dec 29 15:14:44 2011 UTC
(9 years ago)
by
fvlankvelt
Diff to
previous 32208
CMS7-5688: use attic when deleting items
When a deleted item is replaced by an inserted item at the same location, move
the deleted item to the attic to prevent same-name-sibling problems.
When an item is no longer found when the patch is processed, only throw a
JcrDiffException, as that's expected when a patch cannot be applied.
Revision
32208 -
Directory Listing
-
[select for diffs]
Modified
Tue Dec 27 14:15:42 2011 UTC
(9 years ago)
by
fvlankvelt
Diff to
previous 31945
CMS7-5688: order inserts & moves
The algorithm to sort the moves is not particularly efficient, but it should
make sure that an insert (that is serialized with the target path) is applied
at the correct time & location. (i.e. if the insert replaces an item that's
been moved by a move action, it should be applied after the move)
In the matcher top-down phase, only candidates that share an ancestor with the
item are considered.
Revision
31945 -
Directory Listing
-
[select for diffs]
Modified
Sat Dec 17 14:13:09 2011 UTC
(9 years, 1 month ago)
by
fvlankvelt
Diff to
previous 31926
CMS7-5688: match properties more accurately
- ignore hippo:paths
we don't depend on uuid's, and they will be updated anyway. They only mess
up the hash code calculation.
- set subtree hash for properties too
since those are used in the top-down; they should be there
- ignore the child position when comparing
- when finding the best match, use all ancestors to determine whether a match is good
Revision
31926 -
Directory Listing
-
[select for diffs]
Modified
Fri Dec 16 15:09:28 2011 UTC
(9 years, 1 month ago)
by
fvlankvelt
Diff to
previous 31861
CMS7-5688: support updates
Much improved patch generation & application. Is able to diff & patch matched
trees with random matching (tested up to 1700 matches, using random trees of
3400 nodes). The patcher now maintains a map of target paths to target items.
Same-name-siblings and node ordering are not yet supported, property updates are.
Inserts now only serialize the inserted content. It's offspring can be moved
in from existing locations.
Revision
31825 -
Directory Listing
-
[select for diffs]
Modified
Mon Dec 12 08:27:36 2011 UTC
(9 years, 1 month ago)
by
fvlankvelt
Diff to
previous 31820
CMS7-5688: miscellaneous
- better support for same-name-siblings and autocreated child nodes
- deserialize with no child nodes or properties (Node) or empty list of values (Property)
- specific runtime exception to allow clients to handle those separately
Revision
31820 -
Directory Listing
-
[select for diffs]
Modified
Sun Dec 11 07:33:40 2011 UTC
(9 years, 1 month ago)
by
fvlankvelt
Diff to
previous 31768
CMS7-5688: type info on nodes and properties
- store type (primary + mixins) on nodes
a type is not required, in which case the jcr implementation will fall back to nt:unstructured
the in-memory implementation does not do any validation, but can store this type information
- type info on properties is stored as a string value
Revision
26408 -
Directory Listing
-
[select for diffs]
Modified
Sat Jan 8 12:04:39 2011 UTC
(10 years ago)
by
fvlankvelt
Diff to
previous 25484
HTMLCLEANER-35: apply patch
Patch supplied by Marijan Milicevic:
- adding generics (where possible)
- checks for string.length ==0 instead of equals("")
- other, small micro performance improvements, like zero array allocations
- foreach loops instead of for loops (with k, z, etc loop variables, which is really confusing and error prone)
- removed unnecessary castings
Revision
24286 -
Directory Listing
-
[select for diffs]
Modified
Tue Oct 12 09:04:09 2010 UTC
(10 years, 3 months ago)
by
jjoachimsthal
Diff to
previous 24244
HTMLCLEANER-32 only add a p in table cell if there is already a block element. Otherwise the cell contains tabular data which doesn't need a p.
Small refactoring for readability and reusing the same String.
Added unittest for this.
Revision
23868 -
Directory Listing
-
[select for diffs]
Modified
Tue Sep 7 22:11:11 2010 UTC
(10 years, 4 months ago)
by
abogaart
Diff to
previous 23777
HTMLCLEANER-31: Prevent HtmlSerializer from outputting script element as self-closing (<script />)
- added check for hardcoded set of nonSelveClosingEmptyElements (currently contains only 'script')
Revision
23397 -
Directory Listing
-
[select for diffs]
Modified
Tue Jul 6 09:37:25 2010 UTC
(10 years, 6 months ago)
by
abogaart
Diff to
previous 22583
HTMLCLEANER-30 - <style> element outside of the <head> is removed, but character data is preserved
- Character data in <style> elements found outside of the <head> are now skipped.
- Added unit test for <head> and <style> cleanup, as well a lineWidth test
Revision
22580 -
Directory Listing
-
[select for diffs]
Modified
Wed Apr 28 11:15:40 2010 UTC
(10 years, 8 months ago)
by
abogaart
Diff to
previous 22499
HTMLCLEANER-27 - Whitespace characters (including non-breaking-space) inside body/td/th/blockquote should not be wrapped in a <p> element
- fixed and added test