@@ -9,18 +9,18 @@ | |||
<classpathentry kind="lib" path="ext/guice-5.1.0.jar" sourcepath="ext/src/guice-5.1.0.jar" /> | |||
<classpathentry kind="lib" path="ext/javax.inject-1.jar" sourcepath="ext/src/javax.inject-1.jar" /> | |||
<classpathentry kind="lib" path="ext/aopalliance-1.0.jar" sourcepath="ext/src/aopalliance-1.0.jar" /> | |||
<classpathentry kind="lib" path="ext/guava-31.1-jre.jar" sourcepath="ext/src/guava-31.1-jre.jar" /> | |||
<classpathentry kind="lib" path="ext/guava-32.1.3-jre.jar" sourcepath="ext/src/guava-32.1.3-jre.jar" /> | |||
<classpathentry kind="lib" path="ext/failureaccess-1.0.1.jar" sourcepath="ext/src/failureaccess-1.0.1.jar" /> | |||
<classpathentry kind="lib" path="ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" /> | |||
<classpathentry kind="lib" path="ext/jsr305-3.0.2.jar" sourcepath="ext/src/jsr305-3.0.2.jar" /> | |||
<classpathentry kind="lib" path="ext/checker-qual-3.12.0.jar" sourcepath="ext/src/checker-qual-3.12.0.jar" /> | |||
<classpathentry kind="lib" path="ext/error_prone_annotations-2.11.0.jar" sourcepath="ext/src/error_prone_annotations-2.11.0.jar" /> | |||
<classpathentry kind="lib" path="ext/j2objc-annotations-1.3.jar" sourcepath="ext/src/j2objc-annotations-1.3.jar" /> | |||
<classpathentry kind="lib" path="ext/checker-qual-3.37.0.jar" sourcepath="ext/src/checker-qual-3.37.0.jar" /> | |||
<classpathentry kind="lib" path="ext/error_prone_annotations-2.21.1.jar" sourcepath="ext/src/error_prone_annotations-2.21.1.jar" /> | |||
<classpathentry kind="lib" path="ext/j2objc-annotations-2.8.jar" sourcepath="ext/src/j2objc-annotations-2.8.jar" /> | |||
<classpathentry kind="lib" path="ext/guice-servlet-5.1.0-gb2.jar" sourcepath="ext/src/guice-servlet-5.1.0-gb2.jar" /> | |||
<classpathentry kind="lib" path="ext/annotations-12.0.jar" sourcepath="ext/src/annotations-12.0.jar" /> | |||
<classpathentry kind="lib" path="ext/log4j-1.2.17.jar" sourcepath="ext/src/log4j-1.2.17.jar" /> | |||
<classpathentry kind="lib" path="ext/slf4j-api-1.7.29.jar" sourcepath="ext/src/slf4j-api-1.7.29.jar" /> | |||
<classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.29.jar" sourcepath="ext/src/slf4j-log4j12-1.7.29.jar" /> | |||
<classpathentry kind="lib" path="ext/reload4j-1.2.25.jar" sourcepath="ext/src/reload4j-1.2.25.jar" /> | |||
<classpathentry kind="lib" path="ext/slf4j-api-1.7.36.jar" sourcepath="ext/src/slf4j-api-1.7.36.jar" /> | |||
<classpathentry kind="lib" path="ext/slf4j-reload4j-1.7.36.jar" sourcepath="ext/src/slf4j-reload4j-1.7.36.jar" /> | |||
<classpathentry kind="lib" path="ext/javax.mail-1.5.6.jar" sourcepath="ext/src/javax.mail-1.5.6.jar" /> | |||
<classpathentry kind="lib" path="ext/activation-1.1.jar" sourcepath="ext/src/activation-1.1.jar" /> | |||
<classpathentry kind="lib" path="ext/javax.servlet-api-3.1.0.jar" sourcepath="ext/src/javax.servlet-api-3.1.0.jar" /> | |||
@@ -72,7 +72,7 @@ | |||
<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.69.jar" sourcepath="ext/src/bcpkix-jdk15on-1.69.jar" /> | |||
<classpathentry kind="lib" path="ext/eddsa-0.2.0.jar" sourcepath="ext/src/eddsa-0.2.0.jar" /> | |||
<classpathentry kind="lib" path="ext/sshd-core-1.7.0.jar" sourcepath="ext/src/sshd-core-1.7.0.jar" /> | |||
<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" /> | |||
<classpathentry kind="lib" path="ext/mina-core-2.0.25.jar" sourcepath="ext/src/mina-core-2.0.25.jar" /> | |||
<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" /> | |||
<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" /> | |||
<classpathentry kind="lib" path="ext/gson-2.10.jar" sourcepath="ext/src/gson-2.10.jar" /> | |||
@@ -80,7 +80,7 @@ | |||
<classpathentry kind="lib" path="ext/unboundid-ldapsdk-2.3.8.jar" sourcepath="ext/src/unboundid-ldapsdk-2.3.8.jar" /> | |||
<classpathentry kind="lib" path="ext/ivy-2.2.0.jar" sourcepath="ext/src/ivy-2.2.0.jar" /> | |||
<classpathentry kind="lib" path="ext/jcalendar-1.3.2.jar" /> | |||
<classpathentry kind="lib" path="ext/commons-compress-1.22.jar" sourcepath="ext/src/commons-compress-1.22.jar" /> | |||
<classpathentry kind="lib" path="ext/commons-compress-1.24.0.jar" sourcepath="ext/src/commons-compress-1.24.0.jar" /> | |||
<classpathentry kind="lib" path="ext/commons-io-2.11.0.jar" sourcepath="ext/src/commons-io-2.11.0.jar" /> | |||
<classpathentry kind="lib" path="ext/force-partner-api-24.0.0.jar" sourcepath="ext/src/force-partner-api-24.0.0.jar" /> | |||
<classpathentry kind="lib" path="ext/force-wsc-24.0.0.jar" sourcepath="ext/src/force-wsc-24.0.0.jar" /> | |||
@@ -94,8 +94,8 @@ | |||
<classpathentry kind="lib" path="ext/jedis-2.6.2.jar" sourcepath="ext/src/jedis-2.6.2.jar" /> | |||
<classpathentry kind="lib" path="ext/commons-pool2-2.0.jar" sourcepath="ext/src/commons-pool2-2.0.jar" /> | |||
<classpathentry kind="lib" path="ext/pf4j-0.9.0.jar" sourcepath="ext/src/pf4j-0.9.0.jar" /> | |||
<classpathentry kind="lib" path="ext/tika-core-1.5.jar" sourcepath="ext/src/tika-core-1.5.jar" /> | |||
<classpathentry kind="lib" path="ext/jsoup-1.7.3.jar" sourcepath="ext/src/jsoup-1.7.3.jar" /> | |||
<classpathentry kind="lib" path="ext/tika-core-1.28.5.jar" sourcepath="ext/src/tika-core-1.28.5.jar" /> | |||
<classpathentry kind="lib" path="ext/jsoup-1.16.2.jar" sourcepath="ext/src/jsoup-1.16.2.jar" /> | |||
<classpathentry kind="lib" path="ext/javax.activation-1.2.0.jar" sourcepath="ext/src/javax.activation-1.2.0.jar" /> | |||
<classpathentry kind="lib" path="ext/junit-4.12.jar" sourcepath="ext/src/junit-4.12.jar" /> | |||
<classpathentry kind="lib" path="ext/hamcrest-core-1.3.jar" sourcepath="ext/src/hamcrest-core-1.3.jar" /> |
@@ -106,7 +106,7 @@ repositories: central, eclipse-snapshots, eclipse, gitblit | |||
# Convenience properties for dependencies | |||
properties: { | |||
jetty.version : 9.4.49.v20220914 | |||
slf4j.version : 1.7.29 | |||
slf4j.version : 1.7.36 | |||
wicket.version : 1.4.22 | |||
lucene.version : 5.5.2 | |||
jgit.version : 4.11.9.201909030838-r | |||
@@ -115,7 +115,7 @@ properties: { | |||
selenium.version : 2.28.0 | |||
wikitext.version : 1.4 | |||
sshd.version: 1.7.0 | |||
mina.version: 2.0.21 | |||
mina.version: 2.0.25 | |||
guice.version : 5.1.0 | |||
# Gitblit maintains a fork of guice-servlet | |||
guice-servlet.version : 5.1.0-gb2 | |||
@@ -135,11 +135,11 @@ properties: { | |||
dependencies: | |||
- compile 'com.google.inject:guice:${guice.version}' :war :fedclient | |||
- compile 'com.google.inject.extensions:guice-servlet:${guice-servlet.version}' :war | |||
- compile 'com.google.guava:guava:31.1-jre' :war :fedclient | |||
- compile 'com.google.guava:guava:32.1.3-jre' :war :fedclient | |||
- compile 'com.intellij:annotations:12.0' :war | |||
- compile 'log4j:log4j:1.2.17' :war :fedclient :manager | |||
- compile 'ch.qos.reload4j:reload4j:1.2.25' :war :fedclient :manager | |||
- compile 'org.slf4j:slf4j-api:${slf4j.version}' :war :fedclient :manager | |||
- compile 'org.slf4j:slf4j-log4j12:${slf4j.version}' :war :fedclient :manager | |||
- compile 'org.slf4j:slf4j-reload4j:${slf4j.version}' :war :fedclient :manager | |||
- compile 'com.sun.mail:javax.mail:1.5.6' :war | |||
- compile 'javax.servlet:javax.servlet-api:3.1.0' :fedclient | |||
- compile 'org.eclipse.jetty:jetty-servlet:${jetty.version}' @jar | |||
@@ -180,7 +180,7 @@ dependencies: | |||
- compile 'com.unboundid:unboundid-ldapsdk:2.3.8' :war | |||
- compile 'org.apache.ivy:ivy:2.2.0' :war | |||
- compile 'com.toedter:jcalendar:1.3.2' :authority | |||
- compile 'org.apache.commons:commons-compress:1.22' :war | |||
- compile 'org.apache.commons:commons-compress:1.24.0' :war | |||
- compile 'commons-io:commons-io:2.11.0' :war | |||
- compile 'com.force.api:force-partner-api:24.0.0' :war | |||
- compile 'org.freemarker:freemarker:2.3.22' :war | |||
@@ -190,8 +190,8 @@ dependencies: | |||
- compile 'commons-codec:commons-codec:1.9' :war | |||
- compile 'redis.clients:jedis:2.6.2' :war | |||
- compile 'ro.fortsoft.pf4j:pf4j:0.9.0' :war | |||
- compile 'org.apache.tika:tika-core:1.5' :war | |||
- compile 'org.jsoup:jsoup:1.7.3' :war | |||
- compile 'org.apache.tika:tika-core:1.28.5' :war | |||
- compile 'org.jsoup:jsoup:1.16.2' :war | |||
- compile 'com.sun.activation:javax.activation:1.2.0' :war :manager :fedclient | |||
- test 'junit:junit:4.12' | |||
# Dependencies for Selenium web page testing |
@@ -48,13 +48,13 @@ | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="guava-31.1-jre.jar"> | |||
<library name="guava-32.1.3-jre.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/guava-31.1-jre.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/guava-32.1.3-jre.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/guava-31.1-jre.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/guava-32.1.3-jre.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
@@ -90,35 +90,35 @@ | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="checker-qual-3.12.0.jar"> | |||
<library name="checker-qual-3.37.0.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/checker-qual-3.12.0.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/checker-qual-3.37.0.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/checker-qual-3.12.0.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/checker-qual-3.37.0.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="error_prone_annotations-2.11.0.jar"> | |||
<library name="error_prone_annotations-2.21.1.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/error_prone_annotations-2.11.0.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/error_prone_annotations-2.21.1.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/error_prone_annotations-2.11.0.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/error_prone_annotations-2.21.1.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="j2objc-annotations-1.3.jar"> | |||
<library name="j2objc-annotations-2.8.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/j2objc-annotations-1.3.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/j2objc-annotations-2.8.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/j2objc-annotations-1.3.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/j2objc-annotations-2.8.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
@@ -145,35 +145,35 @@ | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="log4j-1.2.17.jar"> | |||
<library name="reload4j-1.2.25.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/log4j-1.2.17.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/reload4j-1.2.25.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/log4j-1.2.17.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/reload4j-1.2.25.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="slf4j-api-1.7.29.jar"> | |||
<library name="slf4j-api-1.7.36.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.29.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.36.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.29.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.36.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="slf4j-log4j12-1.7.29.jar"> | |||
<library name="slf4j-reload4j-1.7.36.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.29.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/slf4j-reload4j-1.7.36.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.29.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/slf4j-reload4j-1.7.36.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
@@ -737,13 +737,13 @@ | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="mina-core-2.0.21.jar"> | |||
<library name="mina-core-2.0.25.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/mina-core-2.0.21.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/mina-core-2.0.25.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.21.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.25.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
@@ -823,13 +823,13 @@ | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="commons-compress-1.22.jar"> | |||
<library name="commons-compress-1.24.0.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/commons-compress-1.22.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/commons-compress-1.24.0.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/commons-compress-1.22.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/commons-compress-1.24.0.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
@@ -977,24 +977,24 @@ | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="tika-core-1.5.jar"> | |||
<library name="tika-core-1.28.5.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/tika-core-1.5.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/tika-core-1.28.5.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/tika-core-1.5.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/tika-core-1.28.5.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> | |||
<orderEntry type="module-library"> | |||
<library name="jsoup-1.7.3.jar"> | |||
<library name="jsoup-1.16.2.jar"> | |||
<CLASSES> | |||
<root url="jar://$MODULE_DIR$/ext/jsoup-1.7.3.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/jsoup-1.16.2.jar!/" /> | |||
</CLASSES> | |||
<JAVADOC /> | |||
<SOURCES> | |||
<root url="jar://$MODULE_DIR$/ext/src/jsoup-1.7.3.jar!/" /> | |||
<root url="jar://$MODULE_DIR$/ext/src/jsoup-1.16.2.jar!/" /> | |||
</SOURCES> | |||
</library> | |||
</orderEntry> |
@@ -18,7 +18,7 @@ package com.gitblit.utils; | |||
import org.jsoup.Jsoup; | |||
import org.jsoup.nodes.Document; | |||
import org.jsoup.safety.Cleaner; | |||
import org.jsoup.safety.Whitelist; | |||
import org.jsoup.safety.Safelist; | |||
import com.google.inject.Inject; | |||
import com.google.inject.Singleton; | |||
@@ -38,7 +38,7 @@ public class JSoupXssFilter implements XssFilter { | |||
@Inject | |||
public JSoupXssFilter() { | |||
none = new Cleaner(Whitelist.none()); | |||
none = new Cleaner(Safelist.none()); | |||
relaxed = new Cleaner(getRelaxedWhiteList()); | |||
} | |||
@@ -64,8 +64,8 @@ public class JSoupXssFilter implements XssFilter { | |||
* https://github.com/github/markup/tree/master#html-sanitization | |||
* @return a loose HTML whitelist | |||
*/ | |||
protected Whitelist getRelaxedWhiteList() { | |||
return new Whitelist() | |||
protected Safelist getRelaxedWhiteList() { | |||
return new Safelist() | |||
.addTags( | |||
"a", "b", "blockquote", "br", "caption", "cite", "code", "col", | |||
"colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr", |