You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by hn...@apache.org on 2022/05/25 08:08:39 UTC
[myfaces-tobago] branch tobago-2.x updated: build(deps): update jsoup
This is an automated email from the ASF dual-hosted git repository.
hnoeth pushed a commit to branch tobago-2.x
in repository https://gitbox.apache.org/repos/asf/myfaces-tobago.git
The following commit(s) were added to refs/heads/tobago-2.x by this push:
new 7dac775bee build(deps): update jsoup
7dac775bee is described below
commit 7dac775beeefdcf7fc5baba31ee8564312f0c0a6
Author: Henning Noeth <hn...@apache.org>
AuthorDate: Wed May 18 16:34:16 2022 +0200
build(deps): update jsoup
* update jsoup
* use "safelist" instead of "whitelist"
Issue: TOBAGO-2134
---
pom.xml | 2 +-
.../tobago/internal/config/TobagoConfigMerger.java | 2 +-
.../tobago/internal/config/TobagoConfigParser.java | 4 +++
.../myfaces/tobago/sanitizer/JsoupSanitizer.java | 40 ++++++++++++----------
.../src/main/webapp/WEB-INF/tobago-config.xml | 2 +-
5 files changed, 28 insertions(+), 22 deletions(-)
diff --git a/pom.xml b/pom.xml
index a1ec424b73..e93f9b2b38 100644
--- a/pom.xml
+++ b/pom.xml
@@ -289,7 +289,7 @@
<!-- jsoup HTML parser library -->
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
- <version>1.14.3</version>
+ <version>1.15.1</version>
</dependency>
<dependency>
<groupId>net.sourceforge.maven-taglib</groupId>
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
index f1adecac1f..cfd413e7e3 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMerger.java
@@ -47,7 +47,7 @@ public class TobagoConfigMerger {
// default sanitizer
String sanitizerClass = JsoupSanitizer.class.getName();
Properties sanitizerProperties = new Properties();
- sanitizerProperties.setProperty("whitelist", "relaxed");
+ sanitizerProperties.setProperty("safelist", "relaxed");
for (final TobagoConfigFragment fragment : list) {
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
index ea2d56b041..f3aa031ab4 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
@@ -393,6 +393,10 @@ public class TobagoConfigParser extends TobagoConfigEntityResolver {
case SANITIZER:
if (properties != null) {
tobagoConfig.setSanitizerProperties(properties);
+ if (properties.get("whitelist") != null) {
+ LOG.warn("<sanitizer><properties><entry key=\"whitelist\"> is deprecated:"
+ + " use <sanitizer><properties><entry key=\"safelist\"> instead.");
+ }
}
properties = null;
break;
diff --git a/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java b/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java
index 0112a233e6..cf8a07f5cc 100644
--- a/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java
+++ b/tobago-core/src/main/java/org/apache/myfaces/tobago/sanitizer/JsoupSanitizer.java
@@ -20,7 +20,7 @@
package org.apache.myfaces.tobago.sanitizer;
import org.jsoup.Jsoup;
-import org.jsoup.safety.Whitelist;
+import org.jsoup.safety.Safelist;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,14 +34,14 @@ public class JsoupSanitizer implements Sanitizer {
private static final Logger LOG = LoggerFactory.getLogger(JsoupSanitizer.class);
- private Whitelist whitelist;
- private String whitelistName;
+ private Safelist safelist;
+ private String safelistName;
private boolean unmodifiable = false;
public String sanitize(final String html) {
- final String safe = Jsoup.clean(html, whitelist);
+ final String safe = Jsoup.clean(html, safelist);
if (LOG.isDebugEnabled()) {
LOG.debug("Sanitized: " + safe);
}
@@ -57,20 +57,23 @@ public class JsoupSanitizer implements Sanitizer {
while (enumeration.hasMoreElements()) {
String key = enumeration.nextElement();
if ("whitelist".equals(key)) {
- whitelistName = configuration.getProperty(key);
- if ("basic".equals(whitelistName)) {
- whitelist = Whitelist.basic();
- } else if ("basicWithImages".equals(whitelistName)) {
- whitelist = Whitelist.basicWithImages();
- } else if ("none".equals(whitelistName)) {
- whitelist = Whitelist.none();
- } else if ("relaxed".equals(whitelistName)) {
- whitelist = Whitelist.relaxed();
- } else if ("simpleText".equals(whitelistName)) {
- whitelist = Whitelist.simpleText();
+ key = "safelist";
+ }
+ if ("safelist".equals(key)) {
+ safelistName = configuration.getProperty(key);
+ if ("basic".equals(safelistName)) {
+ safelist = Safelist.basic();
+ } else if ("basicWithImages".equals(safelistName)) {
+ safelist = Safelist.basicWithImages();
+ } else if ("none".equals(safelistName)) {
+ safelist = Safelist.none();
+ } else if ("relaxed".equals(safelistName)) {
+ safelist = Safelist.relaxed();
+ } else if ("simpleText".equals(safelistName)) {
+ safelist = Safelist.simpleText();
} else {
throw new RuntimeException(
- "Unknown configuration value for 'whitelist' in tobago-config.xml found! value='" + whitelistName + "'");
+ "Unknown configuration value for 'safelist' in tobago-config.xml found! value='" + safelistName + "'");
}
} else {
throw new RuntimeException("Unknown configuration key in tobago-config.xml found! key='" + key + "'");
@@ -78,7 +81,7 @@ public class JsoupSanitizer implements Sanitizer {
}
if (LOG.isInfoEnabled()) {
- LOG.warn("Using whitelist '" + whitelistName + "' for sanitizing!");
+ LOG.warn("Using safelist '" + safelistName + "' for sanitizing!");
}
}
@@ -90,7 +93,6 @@ public class JsoupSanitizer implements Sanitizer {
@Override
public String toString() {
- return getClass().getSimpleName() + " whitelist='" + whitelistName + "'";
+ return getClass().getSimpleName() + " safelist='" + safelistName + "'";
}
-
}
diff --git a/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml b/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
index e5aa0e84c7..9c810e2117 100644
--- a/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
+++ b/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
@@ -55,7 +55,7 @@
<!–
Use one of: basic, basicWithImages, relaxed, simpleText or none
–>
- <entry key="whitelist">relaxed</entry>
+ <entry key="safelist">relaxed</entry>
</properties>
</sanitizer>
-->