Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
LinuxSuRen
jenkins
提交
b2c69b4a
J
jenkins
项目概览
LinuxSuRen
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b2c69b4a
编写于
2月 17, 2014
作者:
J
Jesse Glick
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Split RawHtmlMarkupFormatter into a bundled plugin (antisamy-markup-formatter).
https://trello.com/c/NvZt4WXu/15-rawhtmlmarkupformatter
上级
389a3bcf
变更
41
隐藏空白更改
内联
并排
Showing
41 changed file
with
82 addition
and
849 deletion
+82
-849
changelog.html
changelog.html
+2
-1
core/pom.xml
core/pom.xml
+0
-6
core/src/main/java/hudson/ClassicPluginStrategy.java
core/src/main/java/hudson/ClassicPluginStrategy.java
+2
-1
core/src/main/java/hudson/markup/EbayPolicy.java
core/src/main/java/hudson/markup/EbayPolicy.java
+0
-241
core/src/main/java/hudson/markup/EscapedMarkupFormatter.java
core/src/main/java/hudson/markup/EscapedMarkupFormatter.java
+60
-0
core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java
core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java
+0
-42
core/src/main/java/hudson/markup/MyspacePolicy.java
core/src/main/java/hudson/markup/MyspacePolicy.java
+0
-102
core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java
core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java
+0
-71
core/src/main/java/jenkins/model/Jenkins.java
core/src/main/java/jenkins/model/Jenkins.java
+4
-3
core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.jelly
...sources/hudson/markup/EscapedMarkupFormatter/config.jelly
+0
-3
core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.properties
...es/hudson/markup/EscapedMarkupFormatter/config.properties
+1
-0
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties
...es/hudson/markup/RawHtmlMarkupFormatter/config.properties
+0
-2
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties
...hudson/markup/RawHtmlMarkupFormatter/config_bg.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties
...hudson/markup/RawHtmlMarkupFormatter/config_cs.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties
...hudson/markup/RawHtmlMarkupFormatter/config_da.properties
+0
-23
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties
...hudson/markup/RawHtmlMarkupFormatter/config_de.properties
+0
-2
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties
...hudson/markup/RawHtmlMarkupFormatter/config_es.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties
...hudson/markup/RawHtmlMarkupFormatter/config_fi.properties
+0
-3
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties
...hudson/markup/RawHtmlMarkupFormatter/config_fr.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties
...son/markup/RawHtmlMarkupFormatter/config_hi_IN.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties
...hudson/markup/RawHtmlMarkupFormatter/config_hu.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties
...hudson/markup/RawHtmlMarkupFormatter/config_it.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties
...hudson/markup/RawHtmlMarkupFormatter/config_ja.properties
+0
-2
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties
...hudson/markup/RawHtmlMarkupFormatter/config_ko.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties
...hudson/markup/RawHtmlMarkupFormatter/config_lt.properties
+0
-3
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties
...hudson/markup/RawHtmlMarkupFormatter/config_lv.properties
+0
-3
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties
...son/markup/RawHtmlMarkupFormatter/config_nb_NO.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties
...hudson/markup/RawHtmlMarkupFormatter/config_nl.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties
...hudson/markup/RawHtmlMarkupFormatter/config_pl.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties
...son/markup/RawHtmlMarkupFormatter/config_pt_BR.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties
...son/markup/RawHtmlMarkupFormatter/config_pt_PT.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties
...hudson/markup/RawHtmlMarkupFormatter/config_ru.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties
...hudson/markup/RawHtmlMarkupFormatter/config_sk.properties
+0
-3
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties
...son/markup/RawHtmlMarkupFormatter/config_sv_SE.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties
...hudson/markup/RawHtmlMarkupFormatter/config_uk.properties
+0
-4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties
...son/markup/RawHtmlMarkupFormatter/config_zh_CN.properties
+0
-24
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties
...son/markup/RawHtmlMarkupFormatter/config_zh_TW.properties
+0
-24
core/src/test/java/hudson/markup/MyspacePolicyTest.java
core/src/test/java/hudson/markup/MyspacePolicyTest.java
+0
-86
test/pom.xml
test/pom.xml
+5
-0
test/src/test/groovy/lib/form/ApplyButtonTest.groovy
test/src/test/groovy/lib/form/ApplyButtonTest.groovy
+2
-0
war/pom.xml
war/pom.xml
+6
-0
未找到文件。
changelog.html
浏览文件 @
b2c69b4a
...
...
@@ -55,7 +55,8 @@ Upcoming changes</a>
<!-- Record your changes in the trunk here. -->
<div
id=
"trunk"
style=
"display:none"
>
<!--=TRUNK-BEGIN=-->
<ul
class=
image
>
<li
class=
>
<li
class=
rfe
>
Split the “raw HTML” markup formatter out of core into a bundled plugin.
</ul>
</div>
<!--=TRUNK-END=-->
...
...
core/pom.xml
浏览文件 @
b2c69b4a
...
...
@@ -553,12 +553,6 @@ THE SOFTWARE.
<scope>
provided
</scope>
</dependency>
<dependency>
<groupId>
org.kohsuke
</groupId>
<artifactId>
owasp-html-sanitizer
</artifactId>
<version>
r88
</version>
</dependency>
<dependency>
<groupId>
org.mindrot
</groupId>
<artifactId>
jbcrypt
</artifactId>
...
...
core/src/main/java/hudson/ClassicPluginStrategy.java
浏览文件 @
b2c69b4a
...
...
@@ -273,7 +273,8 @@ public class ClassicPluginStrategy implements PluginStrategy {
new
DetachedPlugin
(
"pam-auth"
,
"1.467.*"
,
"1.0"
),
new
DetachedPlugin
(
"mailer"
,
"1.493.*"
,
"1.2"
),
new
DetachedPlugin
(
"matrix-auth"
,
"1.535.*"
,
"1.0.2"
),
new
DetachedPlugin
(
"windows-slaves"
,
"1.547.*"
,
"1.0"
)
new
DetachedPlugin
(
"windows-slaves"
,
"1.547.*"
,
"1.0"
),
new
DetachedPlugin
(
"antisamy-markup-formatter"
,
"1.553.*"
,
"1.0"
)
);
/**
...
...
core/src/main/java/hudson/markup/EbayPolicy.java
已删除
100644 → 0
浏览文件 @
389a3bcf
// Copyright (c) 2011, Mike Samuel
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
// are met:
//
// Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
// Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the distribution.
// Neither the name of the OWASP nor the names of its contributors may
// be used to endorse or promote products derived from this software
// without specific prior written permission.
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
package
hudson.markup
;
import
com.google.common.base.Charsets
;
import
com.google.common.base.Function
;
import
com.google.common.base.Predicate
;
import
com.google.common.base.Throwables
;
import
com.google.common.io.CharStreams
;
import
org.owasp.html.Handler
;
import
org.owasp.html.HtmlPolicyBuilder
;
import
org.owasp.html.HtmlSanitizer
;
import
org.owasp.html.HtmlSanitizer.Policy
;
import
org.owasp.html.HtmlStreamEventReceiver
;
import
org.owasp.html.HtmlStreamRenderer
;
import
org.owasp.html.PolicyFactory
;
import
java.io.IOException
;
import
java.io.InputStreamReader
;
import
java.util.regex.Pattern
;
/**
* Based on the
* <a href="http://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Stage_2_-_Choosing_a_base_policy_file">AntiSamy EBay example</a>.
* <blockquote>
* eBay (http://www.ebay.com/) is the most popular online auction site in the
* universe, as far as I can tell. It is a public site so anyone is allowed to
* post listings with rich HTML content. It's not surprising that given the
* attractiveness of eBay as a target that it has been subject to a few complex
* XSS attacks. Listings are allowed to contain much more rich content than,
* say, Slashdot- so it's attack surface is considerably larger. The following
* tags appear to be accepted by eBay (they don't publish rules):
* {@code <a>},...
* </blockquote>
*/
public
class
EbayPolicy
{
// Some common regular expression definitions.
// The 16 colors defined by the HTML Spec (also used by the CSS Spec)
private
static
final
Pattern
COLOR_NAME
=
Pattern
.
compile
(
"(?:aqua|black|blue|fuchsia|gray|grey|green|lime|maroon|navy|olive|purple"
+
"|red|silver|teal|white|yellow)"
);
// HTML/CSS Spec allows 3 or 6 digit hex to specify color
private
static
final
Pattern
COLOR_CODE
=
Pattern
.
compile
(
"(?:#(?:[0-9a-fA-F]{3}(?:[0-9a-fA-F]{3})?))"
);
private
static
final
Pattern
NUMBER_OR_PERCENT
=
Pattern
.
compile
(
"[0-9]+%?"
);
private
static
final
Pattern
PARAGRAPH
=
Pattern
.
compile
(
"(?:[\\p{L}\\p{N},'\\.\\s\\-_\\(\\)]|&[0-9]{2};)*"
);
private
static
final
Pattern
HTML_ID
=
Pattern
.
compile
(
"[a-zA-Z0-9\\:\\-_\\.]+"
);
// force non-empty with a '+' at the end instead of '*'
private
static
final
Pattern
HTML_TITLE
=
Pattern
.
compile
(
"[\\p{L}\\p{N}\\s\\-_',:\\[\\]!\\./\\\\\\(\\)&]*"
);
private
static
final
Pattern
HTML_CLASS
=
Pattern
.
compile
(
"[a-zA-Z0-9\\s,\\-_]+"
);
private
static
final
Pattern
ONSITE_URL
=
Pattern
.
compile
(
"(?:[\\p{L}\\p{N}\\\\\\.\\#@\\$%\\+&;\\-_~,\\?=/!]+|\\#(\\w)+)"
);
private
static
final
Pattern
OFFSITE_URL
=
Pattern
.
compile
(
"\\s*(?:(?:ht|f)tps?://|mailto:)[\\p{L}\\p{N}]"
+
"[\\p{L}\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\(\\)]*\\s*"
);
private
static
final
Pattern
NUMBER
=
Pattern
.
compile
(
"[+-]?(?:(?:[0-9]+(?:\\.[0-9]*)?)|\\.[0-9]+)"
);
private
static
final
Pattern
NAME
=
Pattern
.
compile
(
"[a-zA-Z0-9\\-_\\$]+"
);
private
static
final
Pattern
ALIGN
=
Pattern
.
compile
(
"(?i)center|left|right|justify|char"
);
private
static
final
Pattern
VALIGN
=
Pattern
.
compile
(
"(?i)baseline|bottom|middle|top"
);
private
static
final
Predicate
<
String
>
COLOR_NAME_OR_COLOR_CODE
=
new
Predicate
<
String
>()
{
public
boolean
apply
(
String
s
)
{
return
COLOR_NAME
.
matcher
(
s
).
matches
()
||
COLOR_CODE
.
matcher
(
s
).
matches
();
}
};
private
static
final
Predicate
<
String
>
ONSITE_OR_OFFSITE_URL
=
new
Predicate
<
String
>()
{
public
boolean
apply
(
String
s
)
{
return
ONSITE_URL
.
matcher
(
s
).
matches
()
||
OFFSITE_URL
.
matcher
(
s
).
matches
();
}
};
private
static
final
Pattern
HISTORY_BACK
=
Pattern
.
compile
(
"(?:javascript:)?\\Qhistory.go(-1)\\E"
);
private
static
final
Pattern
ONE_CHAR
=
Pattern
.
compile
(
".?"
,
Pattern
.
DOTALL
);
public
static
final
PolicyFactory
POLICY_DEFINITION
;
static
{
POLICY_DEFINITION
=
new
HtmlPolicyBuilder
()
.
allowAttributes
(
"id"
).
matching
(
HTML_ID
).
globally
()
.
allowAttributes
(
"class"
).
matching
(
HTML_CLASS
).
globally
()
.
allowAttributes
(
"lang"
).
matching
(
Pattern
.
compile
(
"[a-zA-Z]{2,20}"
))
.
globally
()
.
allowAttributes
(
"title"
).
matching
(
HTML_TITLE
).
globally
()
.
allowStyling
()
.
allowAttributes
(
"align"
).
matching
(
ALIGN
).
onElements
(
"p"
)
.
allowAttributes
(
"for"
).
matching
(
HTML_ID
).
onElements
(
"label"
)
.
allowAttributes
(
"color"
).
matching
(
COLOR_NAME_OR_COLOR_CODE
)
.
onElements
(
"font"
)
.
allowAttributes
(
"face"
)
.
matching
(
Pattern
.
compile
(
"[\\w;, \\-]+"
))
.
onElements
(
"font"
)
.
allowAttributes
(
"size"
).
matching
(
NUMBER
).
onElements
(
"font"
)
.
allowAttributes
(
"href"
).
matching
(
ONSITE_OR_OFFSITE_URL
)
.
onElements
(
"a"
)
.
allowStandardUrlProtocols
()
.
allowAttributes
(
"nohref"
).
onElements
(
"a"
)
.
allowAttributes
(
"name"
).
matching
(
NAME
).
onElements
(
"a"
)
.
allowAttributes
(
"onfocus"
,
"onblur"
,
"onclick"
,
"onmousedown"
,
"onmouseup"
)
.
matching
(
HISTORY_BACK
).
onElements
(
"a"
)
.
requireRelNofollowOnLinks
()
.
allowAttributes
(
"src"
).
matching
(
ONSITE_OR_OFFSITE_URL
)
.
onElements
(
"img"
)
.
allowAttributes
(
"name"
).
matching
(
NAME
)
.
onElements
(
"img"
)
.
allowAttributes
(
"alt"
).
matching
(
PARAGRAPH
)
.
onElements
(
"img"
)
.
allowAttributes
(
"border"
,
"hspace"
,
"vspace"
).
matching
(
NUMBER
)
.
onElements
(
"img"
)
.
allowAttributes
(
"border"
,
"cellpadding"
,
"cellspacing"
)
.
matching
(
NUMBER
).
onElements
(
"table"
)
.
allowAttributes
(
"bgcolor"
).
matching
(
COLOR_NAME_OR_COLOR_CODE
)
.
onElements
(
"table"
)
.
allowAttributes
(
"background"
).
matching
(
ONSITE_URL
)
.
onElements
(
"table"
)
.
allowAttributes
(
"align"
).
matching
(
ALIGN
)
.
onElements
(
"table"
)
.
allowAttributes
(
"noresize"
).
matching
(
Pattern
.
compile
(
"(?i)noresize"
))
.
onElements
(
"table"
)
.
allowAttributes
(
"background"
).
matching
(
ONSITE_URL
)
.
onElements
(
"td"
,
"th"
,
"tr"
)
.
allowAttributes
(
"bgcolor"
).
matching
(
COLOR_NAME_OR_COLOR_CODE
)
.
onElements
(
"td"
,
"th"
)
.
allowAttributes
(
"abbr"
).
matching
(
PARAGRAPH
)
.
onElements
(
"td"
,
"th"
)
.
allowAttributes
(
"axis"
,
"headers"
).
matching
(
NAME
)
.
onElements
(
"td"
,
"th"
)
.
allowAttributes
(
"scope"
)
.
matching
(
Pattern
.
compile
(
"(?i)(?:row|col)(?:group)?"
))
.
onElements
(
"td"
,
"th"
)
.
allowAttributes
(
"nowrap"
)
.
onElements
(
"td"
,
"th"
)
.
allowAttributes
(
"height"
,
"width"
).
matching
(
NUMBER_OR_PERCENT
)
.
onElements
(
"table"
,
"td"
,
"th"
,
"tr"
,
"img"
)
.
allowAttributes
(
"align"
).
matching
(
ALIGN
)
.
onElements
(
"thead"
,
"tbody"
,
"tfoot"
,
"img"
,
"td"
,
"th"
,
"tr"
,
"colgroup"
,
"col"
)
.
allowAttributes
(
"valign"
).
matching
(
VALIGN
)
.
onElements
(
"thead"
,
"tbody"
,
"tfoot"
,
"td"
,
"th"
,
"tr"
,
"colgroup"
,
"col"
)
.
allowAttributes
(
"charoff"
).
matching
(
NUMBER_OR_PERCENT
)
.
onElements
(
"td"
,
"th"
,
"tr"
,
"colgroup"
,
"col"
,
"thead"
,
"tbody"
,
"tfoot"
)
.
allowAttributes
(
"char"
).
matching
(
ONE_CHAR
)
.
onElements
(
"td"
,
"th"
,
"tr"
,
"colgroup"
,
"col"
,
"thead"
,
"tbody"
,
"tfoot"
)
.
allowAttributes
(
"colspan"
,
"rowspan"
).
matching
(
NUMBER
)
.
onElements
(
"td"
,
"th"
)
.
allowAttributes
(
"span"
,
"width"
).
matching
(
NUMBER_OR_PERCENT
)
.
onElements
(
"colgroup"
,
"col"
)
.
allowElements
(
"label"
,
"noscript"
,
"h1"
,
"h2"
,
"h3"
,
"h4"
,
"h5"
,
"h6"
,
"p"
,
"i"
,
"b"
,
"u"
,
"strong"
,
"em"
,
"small"
,
"big"
,
"pre"
,
"code"
,
"cite"
,
"samp"
,
"sub"
,
"sup"
,
"strike"
,
"center"
,
"blockquote"
,
"hr"
,
"br"
,
"col"
,
"font"
,
"map"
,
"span"
,
"div"
,
"img"
,
"ul"
,
"ol"
,
"li"
,
"dd"
,
"dt"
,
"dl"
,
"tbody"
,
"thead"
,
"tfoot"
,
"table"
,
"td"
,
"th"
,
"tr"
,
"colgroup"
,
"fieldset"
,
"legend"
)
.
toFactory
();
}
public
static
void
main
(
String
[]
args
)
throws
IOException
{
if
(
args
.
length
!=
0
)
{
System
.
err
.
println
(
"Reads from STDIN and writes to STDOUT"
);
System
.
exit
(-
1
);
}
System
.
err
.
println
(
"[Reading from STDIN]"
);
// Fetch the HTML to sanitize.
String
html
=
CharStreams
.
toString
(
new
InputStreamReader
(
System
.
in
,
Charsets
.
UTF_8
));
// Set up an output channel to receive the sanitized HTML.
HtmlStreamRenderer
renderer
=
HtmlStreamRenderer
.
create
(
System
.
out
,
// Receives notifications on a failure to write to the output.
new
Handler
<
IOException
>()
{
public
void
handle
(
IOException
ex
)
{
Throwables
.
propagate
(
ex
);
// System.out suppresses IOExceptions
}
},
// Our HTML parser is very lenient, but this receives notifications on
// truly bizarre inputs.
new
Handler
<
String
>()
{
public
void
handle
(
String
x
)
{
throw
new
AssertionError
(
x
);
}
}
);
// Use the policy defined above to sanitize the HTML.
HtmlSanitizer
.
sanitize
(
html
,
POLICY_DEFINITION
.
apply
(
renderer
));
}
}
\ No newline at end of file
core/src/main/java/hudson/markup/EscapedMarkupFormatter.java
0 → 100644
浏览文件 @
b2c69b4a
/*
* The MIT License
*
* Copyright 2011 Seiji Sogabe
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
hudson.markup
;
import
hudson.Extension
;
import
hudson.Util
;
import
hudson.markup.MarkupFormatter
;
import
hudson.markup.MarkupFormatterDescriptor
;
import
java.io.IOException
;
import
java.io.Writer
;
import
org.kohsuke.stapler.DataBoundConstructor
;
/**
* @link MarkupFormatter} that treats the input as the escaped html.
*
* @author Seiji Sogabe
* @since 1.553
*/
public
class
EscapedMarkupFormatter
extends
MarkupFormatter
{
@DataBoundConstructor
public
EscapedMarkupFormatter
()
{
}
@Override
public
void
translate
(
String
markup
,
Writer
output
)
throws
IOException
{
output
.
write
(
Util
.
escape
(
markup
));
}
@Extension
public
static
class
DescriptorImpl
extends
MarkupFormatterDescriptor
{
@Override
public
String
getDisplayName
()
{
return
"Escaped HTML"
;
}
}
}
core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java
已删除
100644 → 0
浏览文件 @
389a3bcf
package
hudson.markup
;
import
com.google.common.base.Predicate
;
import
org.owasp.html.HtmlPolicyBuilder
;
import
java.util.regex.Pattern
;
/**
* {@link HtmlPolicyBuilder} with additional
* functions to simplify transcoding policy definition
* from OWASP AntiSamy policy files.
*
* @author Kohsuke Kawaguchi
*/
class
HtmlPolicyBuilder2
extends
HtmlPolicyBuilder
{
public
void
tag
(
String
names
,
Object
...
attributes
)
{
String
[]
tags
=
names
.
split
(
","
);
for
(
int
i
=
0
;
i
<
attributes
.
length
;
i
++)
{
String
attName
=
(
String
)
attributes
[
i
];
if
(
i
+
1
<
attributes
.
length
)
{
Object
operand
=
attributes
[
i
+
1
];
if
(
operand
instanceof
Predicate
)
{
Predicate
p
=
(
Predicate
)
operand
;
allowAttributes
(
attName
).
matching
(
p
).
onElements
(
tags
);
i
++;
continue
;
}
if
(
operand
instanceof
Pattern
)
{
Pattern
p
=
(
Pattern
)
operand
;
allowAttributes
(
attName
).
matching
(
p
).
onElements
(
tags
);
i
++;
continue
;
}
}
// operand-less
allowAttributes
(
attName
).
onElements
(
tags
);
}
allowElements
(
tags
);
}
}
core/src/main/java/hudson/markup/MyspacePolicy.java
已删除
100644 → 0
浏览文件 @
389a3bcf
package
hudson.markup
;
import
com.google.common.base.Predicate
;
import
com.google.common.base.Throwables
;
import
org.owasp.html.Handler
;
import
org.owasp.html.HtmlSanitizer
;
import
org.owasp.html.HtmlStreamRenderer
;
import
org.owasp.html.PolicyFactory
;
import
java.io.IOException
;
import
java.util.regex.Pattern
;
/**
* Policy definition based on OWASP AntiSamy MySpace policy.
*
* @author Kohsuke Kawaguchi
* @see <a href="https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project#Stage_2_-_Choosing_a_base_policy_file">OWASP AntiSamy MySpace Policy</a>
*/
public
class
MyspacePolicy
{
public
static
final
PolicyFactory
POLICY_DEFINITION
;
private
static
final
Pattern
ONSITE_URL
=
Pattern
.
compile
(
"(?:[\\p{L}\\p{N}\\\\\\.\\#@\\$%\\+&;\\-_~,\\?=/!]+|\\#(\\w)+)"
);
private
static
final
Pattern
OFFSITE_URL
=
Pattern
.
compile
(
"\\s*(?:(?:ht|f)tps?://|mailto:)[\\p{L}\\p{N}]"
+
"[\\p{L}\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\(\\)]*\\s*"
);
private
static
final
Predicate
<
String
>
ONSITE_OR_OFFSITE_URL
=
new
Predicate
<
String
>()
{
public
boolean
apply
(
String
s
)
{
return
ONSITE_URL
.
matcher
(
s
).
matches
()
||
OFFSITE_URL
.
matcher
(
s
).
matches
();
}
};
static
{
POLICY_DEFINITION
=
new
HtmlPolicyBuilder2
()
{{
allowAttributes
(
"id"
,
"class"
,
"lang"
,
"title"
,
"alt"
,
"style"
,
"media"
,
"href"
,
"name"
,
"shape"
,
"border"
,
"cellpadding"
,
"cellspacing"
,
"colspan"
,
"rowspan"
,
"background"
,
"bgcolor"
,
"abbr"
,
"headers"
,
"charoff"
,
"char"
,
"aixs"
,
"nowrap"
,
"width"
,
"height"
,
"align"
,
"valign"
,
"scope"
,
"tabindex"
,
"disabled"
,
"readonly"
,
"accesskey"
,
"size"
,
"autocomplete"
,
"rows"
,
"cols"
).
globally
();
disallowElements
(
// I'm allowing iframe
"script"
,
"noscript"
,
/*"iframe",*/
"frameset"
,
"frame"
);
tag
(
"label"
,
"for"
);
tag
(
"form"
,
"action"
,
ONSITE_URL
,
"method"
);
tag
(
"button"
,
"value"
,
"type"
);
tag
(
"input"
,
"maxlength"
,
"checked"
,
"src"
,
ONSITE_OR_OFFSITE_URL
,
"usemap"
,
ONSITE_URL
,
"type"
,
"value"
);
tag
(
"select"
,
"multiple"
);
tag
(
"option"
,
"value"
,
"label"
,
"selected"
);
tag
(
"textarea"
);
tag
(
"h1,h2,h3,h4,h5,h6,p,i,b,u,strong,em,small,big,pre,code,cite,samp,sub,sup,strike,center,blockquote"
);
tag
(
"hr,br,col"
);
tag
(
"font"
,
"color"
,
"face"
,
"size"
);
tag
(
"a"
,
"nohref"
,
"rel"
);
tag
(
"style"
,
"type"
);
tag
(
"span,div"
);
tag
(
"img"
,
"src"
,
ONSITE_OR_OFFSITE_URL
,
"hspace"
,
"vspace"
);
tag
(
"ul,ol,li,dd,dl,dt,thead,tbody,tfoot"
);
tag
(
"table"
,
"noresize"
);
tag
(
"td,th,tr"
);
tag
(
"colgroup"
,
"span"
);
tag
(
"col"
,
"span"
);
tag
(
"fieldset,legend"
);
allowStandardUrlProtocols
();
}}.
toFactory
();
}
public
static
void
main
(
String
[]
args
)
throws
IOException
{
// Fetch the HTML to sanitize.
String
html
=
"<a href='http://www.google.com/'>Google</a><img src='http://www.yahoo.com'>"
;
// Set up an output channel to receive the sanitized HTML.
HtmlStreamRenderer
renderer
=
HtmlStreamRenderer
.
create
(
System
.
out
,
// Receives notifications on a failure to write to the output.
new
Handler
<
IOException
>()
{
public
void
handle
(
IOException
ex
)
{
Throwables
.
propagate
(
ex
);
// System.out suppresses IOExceptions
}
},
// Our HTML parser is very lenient, but this receives notifications on
// truly bizarre inputs.
new
Handler
<
String
>()
{
public
void
handle
(
String
x
)
{
throw
new
AssertionError
(
x
);
}
}
);
// Use the policy defined above to sanitize the HTML.
HtmlSanitizer
.
sanitize
(
html
,
POLICY_DEFINITION
.
apply
(
renderer
));
}
}
core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java
已删除
100644 → 0
浏览文件 @
389a3bcf
package
hudson.markup
;
import
com.google.common.base.Throwables
;
import
hudson.Extension
;
import
org.kohsuke.stapler.DataBoundConstructor
;
import
org.owasp.html.Handler
;
import
org.owasp.html.HtmlSanitizer
;
import
org.owasp.html.HtmlStreamRenderer
;
import
java.io.IOException
;
import
java.io.Writer
;
/**
* {@link MarkupFormatter} that treats the input as the raw html.
* This is the backward compatible behaviour.
*
* @author Kohsuke Kawaguchi
*/
public
class
RawHtmlMarkupFormatter
extends
MarkupFormatter
{
final
boolean
disableSyntaxHighlighting
;
@DataBoundConstructor
public
RawHtmlMarkupFormatter
(
final
boolean
disableSyntaxHighlighting
)
{
this
.
disableSyntaxHighlighting
=
disableSyntaxHighlighting
;
}
public
boolean
isDisableSyntaxHighlighting
()
{
return
disableSyntaxHighlighting
;
}
@Override
public
void
translate
(
String
markup
,
Writer
output
)
throws
IOException
{
HtmlStreamRenderer
renderer
=
HtmlStreamRenderer
.
create
(
output
,
// Receives notifications on a failure to write to the output.
new
Handler
<
IOException
>()
{
public
void
handle
(
IOException
ex
)
{
Throwables
.
propagate
(
ex
);
// System.out suppresses IOExceptions
}
},
// Our HTML parser is very lenient, but this receives notifications on
// truly bizarre inputs.
new
Handler
<
String
>()
{
public
void
handle
(
String
x
)
{
throw
new
Error
(
x
);
}
}
);
// Use the policy defined above to sanitize the HTML.
HtmlSanitizer
.
sanitize
(
markup
,
MyspacePolicy
.
POLICY_DEFINITION
.
apply
(
renderer
));
}
public
String
getCodeMirrorMode
()
{
return
disableSyntaxHighlighting
?
null
:
"htmlmixed"
;
}
public
String
getCodeMirrorConfig
()
{
return
"mode:'text/html'"
;
}
@Extension
public
static
class
DescriptorImpl
extends
MarkupFormatterDescriptor
{
@Override
public
String
getDisplayName
()
{
return
"Raw HTML"
;
}
}
public
static
final
MarkupFormatter
INSTANCE
=
new
RawHtmlMarkupFormatter
(
false
);
}
core/src/main/java/jenkins/model/Jenkins.java
浏览文件 @
b2c69b4a
...
...
@@ -120,7 +120,7 @@ import hudson.cli.declarative.CLIResolver;
import
hudson.lifecycle.Lifecycle
;
import
hudson.logging.LogRecorderManager
;
import
hudson.lifecycle.RestartNotSupportedException
;
import
hudson.markup.
RawHtml
MarkupFormatter
;
import
hudson.markup.
Escaped
MarkupFormatter
;
import
hudson.remoting.Callable
;
import
hudson.remoting.LocalChannel
;
import
hudson.remoting.VirtualChannel
;
...
...
@@ -1282,8 +1282,9 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
* never null.
* @since 1.391
*/
public
MarkupFormatter
getMarkupFormatter
()
{
return
markupFormatter
!=
null
?
markupFormatter
:
RawHtmlMarkupFormatter
.
INSTANCE
;
public
@Nonnull
MarkupFormatter
getMarkupFormatter
()
{
MarkupFormatter
f
=
markupFormatter
;
return
f
!=
null
?
f
:
new
EscapedMarkupFormatter
();
}
/**
...
...
core/src/main/resources/hudson/markup/
RawHtml
MarkupFormatter/config.jelly
→
core/src/main/resources/hudson/markup/
Escaped
MarkupFormatter/config.jelly
浏览文件 @
b2c69b4a
...
...
@@ -4,7 +4,4 @@
<f:description>
${%blurb}
</f:description>
<f:entry field="disableSyntaxHighlighting">
<f:checkbox title="${%disableSyntaxHighlighting}"/>
</f:entry>
</j:jelly>
core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.properties
0 → 100644
浏览文件 @
b2c69b4a
blurb
=
Treats all input as plain text, with no HTML permitted.
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
blurb
=
Treat the text as HTML and use it as is without any translation
disableSyntaxHighlighting
=
Disable syntax highlighting
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
\u0421\u0447\u0438\u0442\u0430\u0439
\u0442\u0435\u
043A
\u0441\u0442\u0430
\u0437\u0430
HTML
\u0438
\u0433\u
043E
\u
043F
\u0440\u0438\u0435\u
043C
\u0438
\u0431\u0435\u0437
\u
043F
\u0440\u0435\u0432\u
043E
\u0434
disableSyntaxHighlighting
=
\u0418\u0437\u
043A
\u
043B
\u
044E
\u0447\u0432\u0430\u
043D
\u0435
\u
043D
\u0430
\u
043E
\u0446\u0432\u0435\u0442\u
044F
\u0432\u0430\u
043D
\u0435
\u
043D
\u0430
\u0441\u0438\u
043D
\u0442\u0430\u
043A
\u0441\u0438\u0441\u0430
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
Br
\u
00E1t text jako HTML a pou
\u
017E
\u
00EDt ho bez jak
\u
00E9hokoliv p
\u0159
ekladu
disableSyntaxHighlighting
=
Zru
\u0161
it zv
\u
00FDraz
\u0148
ov
\u
00E1n
\u
00ED syntaxe
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
disableSyntaxHighlighting
=
Sl
\u
00E5 syntaks markering fra
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
blurb
=
Behandle den Text als HTML ohne jede bersetzung
disableSyntaxHighlighting
=
Syntaxhervorhebung abschalten
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-, Kohsuke Kawaguchi, Sun Microsystems, Inc., and a number of other of contributers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
Utiliza el texto como HTML
disableSyntaxHighlighting
=
Deshabilitar coloreado de sintaxis.
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
K
\u
00E4sittele teksti
\u
00E4 HTML:n
\u
00E4 ja k
\u
00E4yt
\u
00E4 sit
\u
00E4 sellaisenaan ilman k
\u
00E4
\u
00E4nn
\u
00F6st
\u
00E4
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
Consid
\u
00E9rer le texte comme du HTML et l''utiliser sans le traduire
disableSyntaxHighlighting
=
D
\u
00E9sactiver la coloration syntaxique
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
\u
092A
\u
093E
\u0920
\u0915\u
094B HTML
\u0915\u0947
\u0930\u0942\u
092A
\u
092E
\u0947\u0902
\u0926\u0947\u0916\u
093F
\u
090F
\u0914\u0930
\u0907\u0938\u0915\u
093E
\u0909\u
092A
\u
092F
\u
094B
\u0917
\u0915\u
093F
\u0938\u0940
\u
092D
\u0940
\u0905\u0928\u0941\u0935\u
093E
\u0926
\u0915\u0947
\u
092C
\u
093F
\u0928\u
093E
\u0915\u0930\u0947\u0902
disableSyntaxHighlighting=
\u0935\u
093E
\u0915\u
094D
\u
092F
\u0930\u
091A
\u0928\u
093E
\u0938\u0947
\u
092A
\u
094D
\u0930\u0915\u
093E
\u0936
\u0939\u
091F
\u
093E
\u
092F
\u0947\u0902
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
A sz
\u
00F6veg kezel
\u
00E9se HTML-k
\u
00E9nt
\u
00E9s felhaszn
\u
00E1l
\u
00E1sa ford
\u
00EDt
\u
00E1s n
\u
00E9lk
\u
00FCl
disableSyntaxHighlighting
=
Szintaxis kiemel
\u
00E9s tilt
\u
00E1sa
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
tratta il testo come HTML e usalo senza intepretarlo
disableSyntaxHighlighting
=
Disabilita il syntax highlighting
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
blurb
=
\u
30c6
\u
30ad
\u
30b9
\u
30c8
\u3092
HTML
\u3068\u3057\u3066\u6271\u3044\u3001\u5909\u
66f4
\u3059\u
308b
\u3053\u3068\u
306a
\u
304f
\u
305d
\u
306e
\u
307e
\u
307e
\u
4f7f
\u7528\u3057\u
307e
\u3059\u3002
disableSyntaxHighlighting
=
\u
30b7
\u
30f3
\u
30bf
\u
30c3
\u
30af
\u
30b9
\u
30cf
\u
30a4
\u
30e9
\u
30a4
\u
30c8
\u3092\u7121\u
52b9
\u
306b
\u3059\u
308b
\ No newline at end of file
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
\u
D14D
\u
C2A4
\u
D2B8
\u
B97C HTML
\u
B85C
\u
B2E4
\u
B8E8
\u
ACE0
\u
BC88
\u
C5ED
\u
D558
\u
C9C0
\u
C54A
\u
ACE0
\u
ADF8
\u
B300
\u
B85C
\u
C0AC
\u
C6A9
\u
D569
\u
B2C8
\u
B2E4.
disableSyntaxHighlighting
=
\u
BB38
\u
BC95
\u
D558
\u
C774
\u
B77C
\u
C774
\u
D305
\u
BE44
\u
D65C
\u
C131
\u
D654
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
disableSyntaxHighlighting
=
I
\u0161
jungti spalvinim
\u0105
pagal sintaks
\u0119
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
disableSyntaxHighlighting
=
Atsp
\u0113
jot sintakses izgaismo
\u0161
anu
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
Behandle teksten som HTML og bruk den uten oversettelse
disableSyntaxHighlighting
=
Skru av syntaksmarkering
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
Gebruik deze tekst als HTML zonder vertaling
disableSyntaxHighlighting
=
Syntaxnadruk uitschakelen
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
Uznaj tekst za HTML i u
\u
017Cyj go bez jakiegokolwiek t
\u0142
umaczenia
disableSyntaxHighlighting
=
Wy
\u0142\u0105
cz wyr
\u
00F3
\u
017Cnianie sk
\u0142
adni
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
Tratar o texto como HTML e us
\u
00E1-lo como
\u
00E9, sem qualquer tradu
\u
00E7
\u
00E3o
disableSyntaxHighlighting
=
Desabilitar destaque de sintaxe
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
Tratar o texto como HTML e usar sem qualquer transla
\u
00E7
\u
00E3o
disableSyntaxHighlighting
=
Desactivar destaque de sintaxe.
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
\u0422\u0440\u0430\u
043A
\u0442\u
043E
\u0432\u0430\u0442\u
044C
\u0442\u0435\u
043A
\u0441\u0442
\u
043A
\u0430\u
043A HTML
\u0438
\u0438\u0441\u
043F
\u
043E
\u
043B
\u
044C
\u0437\u
043E
\u0432\u0430\u0442\u
044C
\u0435\u0433\u
043E "
\u
043A
\u0430\u
043A
\u0435\u0441\u0442\u
044C",
\u0431\u0435\u0437
\u
043A
\u0430\u
043A
\u
043E
\u0439
-
\u
043B
\u0438\u0431\u
043E
\u
043E
\u0431\u0440\u0430\u0431\u
043E
\u0442\u
043A
\u0438
disableSyntaxHighlighting
=
\u0412\u
044B
\u
043A
\u
043B
\u
044E
\u0447\u0438\u0442\u
044C
\u
043F
\u
043E
\u0434\u0441\u0432\u0435\u0442\u
043A
\u0443
\u0441\u0438\u
043D
\u0442\u0430\u
043A
\u0441\u0438\u0441\u0430
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
disableSyntaxHighlighting
=
Zak
\u
00E1
\u
017E syntaktick
\u
00E9 zv
\u
00FDraz
\u0148
ovanie
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
Behandla texten som HTML och anv
\u
00E4nd den som den
\u
00E4r, utan att
\u
00F6vers
\u
00E4tta den
disableSyntaxHighlighting
=
Inaktivera syntaxmarkering
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# This file is under the MIT License by authors
blurb
=
\u0421\u
043F
\u0440\u0438\u0439\u
043C
\u0430\u0442\u0438
\u0442\u0435\u
043A
\u0441\u0442
\u
044F
\u
043A HTML
\u0456
\u0432\u0438\u
043A
\u
043E
\u0440\u0438\u0441\u0442\u
043E
\u0432\u0443\u0432\u0430\u0442\u0438
\u0439\u
043E
\u0433\u
043E "
\u
044F
\u
043A
\u0454
"
\u0431\u0435\u0437
\u0436\u
043E
\u0434\u
043D
\u
043E
\u0433\u
043E
\u
043F
\u0435\u0440\u0435\u
043A
\u
043B
\u0430\u0434\u0443
disableSyntaxHighlighting=
\u0412\u0438\u
043C
\u
043A
\u
043D
\u0443\u0442\u0438
\u
043F
\u0456\u0434\u0441\u0432\u0456\u0442\u
043A
\u0443
\u0441\u0438\u
043D
\u0442\u0430\u
043A
\u0441\u0438\u0441\u0443
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
\u
5C06
\u6587\u
672C
\u
4F5C
\u
4E3A HTML
\u
5E76
\u
4E14
\u
4E0D
\u
52A0
\u
4EFB
\u
4F55
\u
7FFB
\u
8BD1
disableSyntaxHighlighting
=
\u7981\u7528\u
8BED
\u
6CD5
\u
9AD8
\u
4EAE
core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties
已删除
100644 → 0
浏览文件 @
389a3bcf
# The MIT License
#
# Copyright (c) 2004-2010, Sun Microsystems, Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
blurb
=
\u
5C07
\u9019\u
4E9B
\u6587\u
5B57
\u8996\u
70BA HTML
\u
FF0C
\u
539F
\u
6C41
\u
539F
\u5473\u7684\u
986F
\u
793A
\u
51FA
\u
4F86
disableSyntaxHighlighting
=
\u
95DC
\u9589\u
8A9E
\u
6CD5
\u
5F69
\u8272\u
6A19
\u
793A
core/src/test/java/hudson/markup/MyspacePolicyTest.java
已删除
100644 → 0
浏览文件 @
389a3bcf
package
hudson.markup
;
import
com.google.common.base.Throwables
;
import
org.junit.Assert
;
import
org.junit.Test
;
import
org.owasp.html.Handler
;
import
org.owasp.html.HtmlSanitizer
;
import
org.owasp.html.HtmlStreamRenderer
;
import
java.io.IOException
;
/**
* @author Kohsuke Kawaguchi
*/
public
class
MyspacePolicyTest
extends
Assert
{
@Test
public
void
testPolicy
()
{
assertIntact
(
"<a href='http://www.cloudbees.com'>CB</a>"
);
assertIntact
(
"<a href='relative/link'>relative</a>"
);
assertIntact
(
"<a href='mailto:kk@kohsuke.org'>myself</a>"
);
assertReject
(
"javascript"
,
"<a href='javascript:alert(5)'>test</a>"
);
assertIntact
(
"<img src='http://www.cloudbees.com'>"
);
assertIntact
(
"<img src='relative/test.png'>"
);
assertIntact
(
"<img src='relative/test.png'>"
);
assertReject
(
"javascript"
,
"<img src='javascript:alert(5)'>"
);
assertIntact
(
"<b><i><u><strike>basic tag</strike></u></i></b>"
);
assertIntact
(
"<div><p>basic block tags</p></div>"
);
assertIntact
(
"<ul><li>1</li><li>2</li><li>3</li></ul>"
);
assertIntact
(
"<ol><li>x</li></ol>"
);
assertIntact
(
"<dl><dt>abc</dt><dd>foo</dd></dl>"
);
assertIntact
(
"<table><tr><th>header</th></tr><tr><td>something</td></tr></table>"
);
assertIntact
(
"<h1>title</h1><blockquote>blurb</blockquote>"
);
assertReject
(
"iframe"
,
"<iframe src='nested'></iframe>"
);
assertReject
(
"script"
,
"<script>window.alert(5);</script>"
);
assertReject
(
"script"
,
"<script src='http://foo/evil.js'></script>"
);
assertReject
(
"script"
,
"<script src='relative.js'></script>"
);
assertIntact
(
"<style>H1 { display:none; }</style>"
);
assertReject
(
"link"
,
"<link rel='stylesheet' type='text/css' href='http://www.microsoft.com/'>"
);
assertIntact
(
"<div style='background-color:white'>inline CSS</div>"
);
assertIntact
(
"<br><hr>"
);
assertReject
(
"sun.com"
,
"<form method='post' action='http://sun.com/'><input type='text' name='foo'><input type='password' name='pass'></form>"
);
}
private
void
assertIntact
(
String
input
)
{
input
=
input
.
replace
(
'\''
,
'\"'
);
assertSanitize
(
input
,
input
);
}
private
void
assertReject
(
String
problematic
,
String
input
)
{
String
out
=
sanitize
(
input
);
assertFalse
(
out
,
out
.
contains
(
problematic
));
}
private
void
assertSanitize
(
String
expected
,
String
input
)
{
assertEquals
(
expected
,
sanitize
(
input
));
}
private
String
sanitize
(
String
input
)
{
StringBuilder
buf
=
new
StringBuilder
();
HtmlStreamRenderer
renderer
=
HtmlStreamRenderer
.
create
(
buf
,
// Receives notifications on a failure to write to the output.
new
Handler
<
IOException
>()
{
public
void
handle
(
IOException
ex
)
{
Throwables
.
propagate
(
ex
);
// System.out suppresses IOExceptions
}
},
// Our HTML parser is very lenient, but this receives notifications on
// truly bizarre inputs.
new
Handler
<
String
>()
{
public
void
handle
(
String
x
)
{
throw
new
AssertionError
(
x
);
}
}
);
HtmlSanitizer
.
sanitize
(
input
,
MyspacePolicy
.
POLICY_DEFINITION
.
apply
(
renderer
));
return
buf
.
toString
();
}
}
test/pom.xml
浏览文件 @
b2c69b4a
...
...
@@ -87,6 +87,11 @@ THE SOFTWARE.
<artifactId>
matrix-auth
</artifactId>
<version>
1.0.2
</version>
</dependency>
<dependency>
<groupId>
org.jenkins-ci.plugins
</groupId>
<artifactId>
antisamy-markup-formatter
</artifactId>
<version>
1.0
</version>
</dependency>
<dependency>
<groupId>
org.mortbay.jetty
</groupId>
<artifactId>
jetty
</artifactId>
...
...
test/src/test/groovy/lib/form/ApplyButtonTest.groovy
浏览文件 @
b2c69b4a
package
lib.form
import
hudson.markup.RawHtmlMarkupFormatter
import
org.junit.Rule
import
org.junit.Test
import
org.jvnet.hudson.test.Bug
...
...
@@ -18,6 +19,7 @@ class ApplyButtonTest {
*/
@Test
@Bug
(
18436
)
public
void
editDescription
()
{
j
.
jenkins
.
markupFormatter
=
RawHtmlMarkupFormatter
.
INSTANCE
// need something using CodeMirror
def
p
=
j
.
createFreeStyleProject
()
def
b
=
j
.
assertBuildStatusSuccess
(
p
.
scheduleBuild2
(
0
))
...
...
war/pom.xml
浏览文件 @
b2c69b4a
...
...
@@ -350,6 +350,12 @@ THE SOFTWARE.
<version>
1.0
</version>
<type>
hpi
</type>
</artifactItem>
<artifactItem>
<groupId>
org.jenkins-ci.plugins
</groupId>
<artifactId>
antisamy-markup-formatter
</artifactId>
<version>
1.0
</version>
<type>
hpi
</type>
</artifactItem>
</artifactItems>
<outputDirectory>
${project.build.directory}/${project.build.finalName}/WEB-INF/plugins
</outputDirectory>
<stripVersion>
true
</stripVersion>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录