Update JSoup to version 1.16.2. This requires renaming `Whitelist` to `Safelist`, because the class name was changed in version 1.15.1 in a breaking change.pull/1461/head
<classpathentry kind="lib" path="ext/commons-pool2-2.0.jar" sourcepath="ext/src/commons-pool2-2.0.jar" /> | <classpathentry kind="lib" path="ext/commons-pool2-2.0.jar" sourcepath="ext/src/commons-pool2-2.0.jar" /> | ||||
<classpathentry kind="lib" path="ext/pf4j-0.9.0.jar" sourcepath="ext/src/pf4j-0.9.0.jar" /> | <classpathentry kind="lib" path="ext/pf4j-0.9.0.jar" sourcepath="ext/src/pf4j-0.9.0.jar" /> | ||||
<classpathentry kind="lib" path="ext/tika-core-1.5.jar" sourcepath="ext/src/tika-core-1.5.jar" /> | <classpathentry kind="lib" path="ext/tika-core-1.5.jar" sourcepath="ext/src/tika-core-1.5.jar" /> | ||||
<classpathentry kind="lib" path="ext/jsoup-1.7.3.jar" sourcepath="ext/src/jsoup-1.7.3.jar" /> | |||||
<classpathentry kind="lib" path="ext/jsoup-1.16.2.jar" sourcepath="ext/src/jsoup-1.16.2.jar" /> | |||||
<classpathentry kind="lib" path="ext/javax.activation-1.2.0.jar" sourcepath="ext/src/javax.activation-1.2.0.jar" /> | <classpathentry kind="lib" path="ext/javax.activation-1.2.0.jar" sourcepath="ext/src/javax.activation-1.2.0.jar" /> | ||||
<classpathentry kind="lib" path="ext/junit-4.12.jar" sourcepath="ext/src/junit-4.12.jar" /> | <classpathentry kind="lib" path="ext/junit-4.12.jar" sourcepath="ext/src/junit-4.12.jar" /> | ||||
<classpathentry kind="lib" path="ext/hamcrest-core-1.3.jar" sourcepath="ext/src/hamcrest-core-1.3.jar" /> | <classpathentry kind="lib" path="ext/hamcrest-core-1.3.jar" sourcepath="ext/src/hamcrest-core-1.3.jar" /> |
- compile 'redis.clients:jedis:2.6.2' :war | - compile 'redis.clients:jedis:2.6.2' :war | ||||
- compile 'ro.fortsoft.pf4j:pf4j:0.9.0' :war | - compile 'ro.fortsoft.pf4j:pf4j:0.9.0' :war | ||||
- compile 'org.apache.tika:tika-core:1.5' :war | - compile 'org.apache.tika:tika-core:1.5' :war | ||||
- compile 'org.jsoup:jsoup:1.7.3' :war | |||||
- compile 'org.jsoup:jsoup:1.16.2' :war | |||||
- compile 'com.sun.activation:javax.activation:1.2.0' :war :manager :fedclient | - compile 'com.sun.activation:javax.activation:1.2.0' :war :manager :fedclient | ||||
- test 'junit:junit:4.12' | - test 'junit:junit:4.12' | ||||
# Dependencies for Selenium web page testing | # Dependencies for Selenium web page testing |
</library> | </library> | ||||
</orderEntry> | </orderEntry> | ||||
<orderEntry type="module-library"> | <orderEntry type="module-library"> | ||||
<library name="jsoup-1.7.3.jar"> | |||||
<library name="jsoup-1.16.2.jar"> | |||||
<CLASSES> | <CLASSES> | ||||
<root url="jar://$MODULE_DIR$/ext/jsoup-1.7.3.jar!/" /> | |||||
<root url="jar://$MODULE_DIR$/ext/jsoup-1.16.2.jar!/" /> | |||||
</CLASSES> | </CLASSES> | ||||
<JAVADOC /> | <JAVADOC /> | ||||
<SOURCES> | <SOURCES> | ||||
<root url="jar://$MODULE_DIR$/ext/src/jsoup-1.7.3.jar!/" /> | |||||
<root url="jar://$MODULE_DIR$/ext/src/jsoup-1.16.2.jar!/" /> | |||||
</SOURCES> | </SOURCES> | ||||
</library> | </library> | ||||
</orderEntry> | </orderEntry> |
import org.jsoup.Jsoup; | import org.jsoup.Jsoup; | ||||
import org.jsoup.nodes.Document; | import org.jsoup.nodes.Document; | ||||
import org.jsoup.safety.Cleaner; | import org.jsoup.safety.Cleaner; | ||||
import org.jsoup.safety.Whitelist; | |||||
import org.jsoup.safety.Safelist; | |||||
import com.google.inject.Inject; | import com.google.inject.Inject; | ||||
import com.google.inject.Singleton; | import com.google.inject.Singleton; | ||||
@Inject | @Inject | ||||
public JSoupXssFilter() { | public JSoupXssFilter() { | ||||
none = new Cleaner(Whitelist.none()); | |||||
none = new Cleaner(Safelist.none()); | |||||
relaxed = new Cleaner(getRelaxedWhiteList()); | relaxed = new Cleaner(getRelaxedWhiteList()); | ||||
} | } | ||||
* https://github.com/github/markup/tree/master#html-sanitization | * https://github.com/github/markup/tree/master#html-sanitization | ||||
* @return a loose HTML whitelist | * @return a loose HTML whitelist | ||||
*/ | */ | ||||
protected Whitelist getRelaxedWhiteList() { | |||||
return new Whitelist() | |||||
protected Safelist getRelaxedWhiteList() { | |||||
return new Safelist() | |||||
.addTags( | .addTags( | ||||
"a", "b", "blockquote", "br", "caption", "cite", "code", "col", | "a", "b", "blockquote", "br", "caption", "cite", "code", "col", | ||||
"colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr", | "colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr", |