You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ra...@apache.org on 2015/07/29 17:42:14 UTC
svn commit: r1693299 - in
/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss:
JSONUtil.java ProtectionContext.java XSSAPI.java XSSFilter.java
impl/HtmlToHtmlContentContext.java impl/PolicyHandler.java
Author: radu
Date: Wed Jul 29 15:42:14 2015
New Revision: 1693299
URL: http://svn.apache.org/r1693299
Log:
trivial: corrected JavaDoc for Java 1.8
Modified:
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java?rev=1693299&r1=1693298&r2=1693299&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java (original)
+++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/JSONUtil.java Wed Jul 29 15:42:14 2015
@@ -22,7 +22,7 @@ import org.apache.sling.commons.json.io.
/**
* JSON utilities
- * <p/>
+ * <p>
* Support for handling xss protected values with JSON objects and JSON writers.
*/
public final class JSONUtil {
Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java?rev=1693299&r1=1693298&r2=1693299&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java (original)
+++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/ProtectionContext.java Wed Jul 29 15:42:14 2015
@@ -19,7 +19,7 @@ package org.apache.sling.xss;
/**
* This enumeration defines the context for executing XSS protection.
- * <p/>
+ * <p>
* The specified rules refer to
* http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
*/
Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java?rev=1693299&r1=1693298&r2=1693299&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java (original)
+++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSAPI.java Wed Jul 29 15:42:14 2015
@@ -30,12 +30,12 @@ import aQute.bnd.annotation.ProviderType
/**
* A service providing validators and encoders for XSS protection during the composition of HTML
* pages.
- * <p/>
+ * <p>
* Note: in general, validators are safer than encoders. Encoding only ensures that content within
* the encoded context cannot break out of said context. It requires that there be a context (for
* instance, a string context in Javascript), and that damage cannot be done from within the context
* (for instance, a javascript: URL within a href attribute.
- * <p/>
+ * <p>
* When in doubt, use a validator.
*/
@ProviderType
@@ -122,8 +122,8 @@ public interface XSSAPI {
String getValidCSSColor(@Nullable String color, @Nullable String defaultColor);
/**
- * Validate multi-line comment to be used inside a <script>...</script> or <style>...</style> block. Multi-line
- * comment end block is disallowed
+ * Validate multi-line comment to be used inside a <script>...</script> or <style>...</style> block. Multi-line
+ * comment end block is disallowed.
*
* @param comment the comment to be used
* @param defaultComment a default value to use if the comment is {@code null} or not valid.
Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java?rev=1693299&r1=1693298&r2=1693299&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java (original)
+++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/XSSFilter.java Wed Jul 29 15:42:14 2015
@@ -42,7 +42,7 @@ public interface XSSFilter {
/**
* Prevents the given source string from containing XSS stuff.
- * <p/>
+ * <p>
* The default protection context is used for checking.
*
* @param src source string
@@ -62,7 +62,7 @@ public interface XSSFilter {
/**
* Checks if the given URL is valid to be used for the <code>href</code> attribute in a <code>a</code> tag.
- * <p/>
+ * <p>
* The default protection context is used for checking.
*
* @param url the URL that should be validated
Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java?rev=1693299&r1=1693298&r2=1693299&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java (original)
+++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/HtmlToHtmlContentContext.java Wed Jul 29 15:42:14 2015
@@ -27,7 +27,7 @@ import org.slf4j.LoggerFactory;
/**
* This class implements an escaping rule to be used for cleaning up existing HTML
* content. The output will still be HTML.
- * <p/>
+ * <p>
* The cleanup is performed using the AntiSamy library found at
* <a href="http://www.owasp.org/index.php/AntiSamy">http://www.owasp.org/index.php/AntiSamy</a>
*/
Modified: sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java?rev=1693299&r1=1693298&r2=1693299&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java (original)
+++ sling/trunk/bundles/extensions/xss/src/main/java/org/apache/sling/xss/impl/PolicyHandler.java Wed Jul 29 15:42:14 2015
@@ -31,7 +31,9 @@ public class PolicyHandler {
private AntiSamy antiSamy;
/**
- * Try to load a policy from the given relative path.
+ * Creates a {@code PolicyHandler} from an {@link InputStream}.
+ *
+ * @param policyStream the InputStream from which to read this handler's {@link Policy}
*/
public PolicyHandler(InputStream policyStream) throws Exception {
// fix for classloader issue with IBM JVM: see bug #31946