You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by hn...@apache.org on 2022/05/25 08:08:42 UTC
[myfaces-tobago] branch tobago-4.x updated: build(deps): update jsoup
This is an automated email from the ASF dual-hosted git repository.
hnoeth pushed a commit to branch tobago-4.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/tobago-4.x by this push:
new d865a0f3d3 build(deps): update jsoup
d865a0f3d3 is described below
commit d865a0f3d31f368c447f21f58e86e75da48dca76
Author: Henning Noeth <hn...@apache.org>
AuthorDate: Wed May 18 16:40:25 2022 +0200
build(deps): update jsoup
* update jsoup
* use "safelist" instead of "whitelist"
"whitelist" is now deprecated
Issue: TOBAGO-2134
---
pom.xml | 2 +-
.../tobago/internal/config/TobagoConfigMerger.java | 2 +-
.../tobago/internal/config/TobagoConfigParser.java | 4 +++
.../myfaces/tobago/sanitizer/JsoupSanitizer.java | 41 ++++++++++++----------
.../src/main/webapp/WEB-INF/tobago-config.xml | 2 +-
5 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/pom.xml b/pom.xml
index 385c1b0edc..47f9f984d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,7 +243,7 @@
<!-- jsoup HTML parser library -->
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
- <version>1.14.3</version>
+ <version>1.15.1</version>
</dependency>
<dependency>
<groupId>org.apache.myfaces.test</groupId>
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
index e6c54bf410..77b64bf278 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
@@ -48,7 +48,7 @@ public class TobagoConfigMerger {
// default sanitizer
String sanitizerClass = JsoupSanitizer.class.getName();
Properties sanitizerProperties = new Properties();
- sanitizerProperties.setProperty("whitelist", "relaxed");
+ sanitizerProperties.setProperty("safelist", "relaxed");
for (TobagoConfigFragment fragment : list) {
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
index 9cc3982144..e7caf40417 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
@@ -378,6 +378,10 @@ public class TobagoConfigParser extends TobagoConfigEntityResolver {
case SANITIZER:
if (properties != null) {
tobagoConfig.setSanitizerProperties(properties);
+ if (properties.get("whitelist") != null) {
+ LOG.warn("<sanitizer><properties><entry key=\"whitelist\"> is deprecated:"
+ + " use <sanitizer><properties><entry key=\"safelist\"> instead.");
+ }
}
properties = null;
break;
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java
index 4575c13807..1a018ae5e5 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java
@@ -21,7 +21,7 @@ package org.apache.myfaces.tobago.sanitizer;
import org.apache.myfaces.tobago.exception.TobagoConfigurationException;
import org.jsoup.Jsoup;
-import org.jsoup.safety.Whitelist;
+import org.jsoup.safety.Safelist;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,15 +34,15 @@ public class JsoupSanitizer implements Sanitizer {
private static final Logger LOG = LoggerFactory.getLogger(JsoupSanitizer.class);
- private Whitelist whitelist;
- private String whitelistName;
+ private Safelist safelist;
+ private String safelistName;
private boolean unmodifiable = false;
@Override
public String sanitize(final String html) {
- final String safe = Jsoup.clean(html, whitelist);
+ final String safe = Jsoup.clean(html, safelist);
if (LOG.isDebugEnabled()) {
LOG.debug("Sanitized: " + safe);
}
@@ -55,22 +55,25 @@ public class JsoupSanitizer implements Sanitizer {
unmodifiable = true;
- for (final String key : configuration.stringPropertyNames()) {
+ for (String key : configuration.stringPropertyNames()) {
if ("whitelist".equals(key)) {
- whitelistName = configuration.getProperty(key);
- if ("basic".equals(whitelistName)) {
- whitelist = Whitelist.basic();
- } else if ("basicWithImages".equals(whitelistName)) {
- whitelist = Whitelist.basicWithImages();
- } else if ("none".equals(whitelistName)) {
- whitelist = Whitelist.none();
- } else if ("relaxed".equals(whitelistName)) {
- whitelist = Whitelist.relaxed();
- } else if ("simpleText".equals(whitelistName)) {
- whitelist = Whitelist.simpleText();
+ key = "safelist";
+ }
+ if ("safelist".equals(key)) {
+ safelistName = configuration.getProperty(key);
+ if ("basic".equals(safelistName)) {
+ safelist = Safelist.basic();
+ } else if ("basicWithImages".equals(safelistName)) {
+ safelist = Safelist.basicWithImages();
+ } else if ("none".equals(safelistName)) {
+ safelist = Safelist.none();
+ } else if ("relaxed".equals(safelistName)) {
+ safelist = Safelist.relaxed();
+ } else if ("simpleText".equals(safelistName)) {
+ safelist = Safelist.simpleText();
} else {
throw new TobagoConfigurationException(
- "Unknown configuration value for 'whitelist' in tobago-config.xml found! value='" + whitelistName + "'");
+ "Unknown configuration value for 'safelist' in tobago-config.xml found! value='" + safelistName + "'");
}
} else {
throw new TobagoConfigurationException(
@@ -79,7 +82,7 @@ public class JsoupSanitizer implements Sanitizer {
}
if (LOG.isInfoEnabled()) {
- LOG.warn("Using whitelist '" + whitelistName + "' for sanitizing!");
+ LOG.warn("Using safelist '" + safelistName + "' for sanitizing!");
}
}
@@ -91,7 +94,7 @@ public class JsoupSanitizer implements Sanitizer {
@Override
public String toString() {
- return getClass().getSimpleName() + " whitelist='" + whitelistName + "'";
+ return getClass().getSimpleName() + " safelist='" + safelistName + "'";
}
}
diff --git a/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml b/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
index 093f20e5d3..596e9a3319 100644
--- a/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
+++ b/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
@@ -77,7 +77,7 @@
<!–
Use one of: basic, basicWithImages, relaxed, simpleText or none
–>
- <entry key="whitelist">relaxed</entry>
+ <entry key="safelist">relaxed</entry>
</properties>
</sanitizer>
-->