From b2c69b4a355b47f6da400a21173680daea4f6a4c Mon Sep 17 00:00:00 2001 From: Jesse Glick Date: Mon, 17 Feb 2014 10:45:07 -0500 Subject: [PATCH] Split RawHtmlMarkupFormatter into a bundled plugin (antisamy-markup-formatter). https://trello.com/c/NvZt4WXu/15-rawhtmlmarkupformatter --- changelog.html | 3 +- core/pom.xml | 6 - .../java/hudson/ClassicPluginStrategy.java | 3 +- .../main/java/hudson/markup/EbayPolicy.java | 241 ------------------ .../hudson/markup/EscapedMarkupFormatter.java | 60 +++++ .../hudson/markup/HtmlPolicyBuilder2.java | 42 --- .../java/hudson/markup/MyspacePolicy.java | 102 -------- .../hudson/markup/RawHtmlMarkupFormatter.java | 71 ------ core/src/main/java/jenkins/model/Jenkins.java | 7 +- .../config.jelly | 3 - .../EscapedMarkupFormatter/config.properties | 1 + .../RawHtmlMarkupFormatter/config.properties | 2 - .../config_bg.properties | 4 - .../config_cs.properties | 4 - .../config_da.properties | 23 -- .../config_de.properties | 2 - .../config_es.properties | 24 -- .../config_fi.properties | 3 - .../config_fr.properties | 24 -- .../config_hi_IN.properties | 4 - .../config_hu.properties | 4 - .../config_it.properties | 4 - .../config_ja.properties | 2 - .../config_ko.properties | 4 - .../config_lt.properties | 3 - .../config_lv.properties | 3 - .../config_nb_NO.properties | 24 -- .../config_nl.properties | 24 -- .../config_pl.properties | 4 - .../config_pt_BR.properties | 24 -- .../config_pt_PT.properties | 4 - .../config_ru.properties | 24 -- .../config_sk.properties | 3 - .../config_sv_SE.properties | 24 -- .../config_uk.properties | 4 - .../config_zh_CN.properties | 24 -- .../config_zh_TW.properties | 24 -- .../java/hudson/markup/MyspacePolicyTest.java | 86 ------- test/pom.xml | 5 + .../groovy/lib/form/ApplyButtonTest.groovy | 2 + war/pom.xml | 6 + 41 files changed, 82 insertions(+), 849 deletions(-) delete mode 100644 core/src/main/java/hudson/markup/EbayPolicy.java create mode 100644 core/src/main/java/hudson/markup/EscapedMarkupFormatter.java delete mode 100644 core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java delete mode 100644 core/src/main/java/hudson/markup/MyspacePolicy.java delete mode 100644 core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java rename core/src/main/resources/hudson/markup/{RawHtmlMarkupFormatter => EscapedMarkupFormatter}/config.jelly (68%) create mode 100644 core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties delete mode 100644 core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties delete mode 100644 core/src/test/java/hudson/markup/MyspacePolicyTest.java diff --git a/changelog.html b/changelog.html index ec7672e515..b9f8cb6e00 100644 --- a/changelog.html +++ b/changelog.html @@ -55,7 +55,8 @@ Upcoming changes diff --git a/core/pom.xml b/core/pom.xml index da2dba79d0..381745055a 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -553,12 +553,6 @@ THE SOFTWARE. provided - - org.kohsuke - owasp-html-sanitizer - r88 - - org.mindrot jbcrypt diff --git a/core/src/main/java/hudson/ClassicPluginStrategy.java b/core/src/main/java/hudson/ClassicPluginStrategy.java index c8eb3f343c..9aac065495 100644 --- a/core/src/main/java/hudson/ClassicPluginStrategy.java +++ b/core/src/main/java/hudson/ClassicPluginStrategy.java @@ -273,7 +273,8 @@ public class ClassicPluginStrategy implements PluginStrategy { new DetachedPlugin("pam-auth","1.467.*","1.0"), new DetachedPlugin("mailer","1.493.*","1.2"), new DetachedPlugin("matrix-auth","1.535.*","1.0.2"), - new DetachedPlugin("windows-slaves","1.547.*","1.0") + new DetachedPlugin("windows-slaves","1.547.*","1.0"), + new DetachedPlugin("antisamy-markup-formatter","1.553.*","1.0") ); /** diff --git a/core/src/main/java/hudson/markup/EbayPolicy.java b/core/src/main/java/hudson/markup/EbayPolicy.java deleted file mode 100644 index 75b43f7a79..0000000000 --- a/core/src/main/java/hudson/markup/EbayPolicy.java +++ /dev/null @@ -1,241 +0,0 @@ -// Copyright (c) 2011, Mike Samuel -// All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions -// are met: -// -// Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// Neither the name of the OWASP nor the names of its contributors may -// be used to endorse or promote products derived from this software -// without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. -package hudson.markup; - -import com.google.common.base.Charsets; -import com.google.common.base.Function; -import com.google.common.base.Predicate; -import com.google.common.base.Throwables; -import com.google.common.io.CharStreams; -import org.owasp.html.Handler; -import org.owasp.html.HtmlPolicyBuilder; -import org.owasp.html.HtmlSanitizer; -import org.owasp.html.HtmlSanitizer.Policy; -import org.owasp.html.HtmlStreamEventReceiver; -import org.owasp.html.HtmlStreamRenderer; -import org.owasp.html.PolicyFactory; - -import java.io.IOException; -import java.io.InputStreamReader; -import java.util.regex.Pattern; - -/** - * Based on the - * AntiSamy EBay example. - *
- * eBay (http://www.ebay.com/) is the most popular online auction site in the - * universe, as far as I can tell. It is a public site so anyone is allowed to - * post listings with rich HTML content. It's not surprising that given the - * attractiveness of eBay as a target that it has been subject to a few complex - * XSS attacks. Listings are allowed to contain much more rich content than, - * say, Slashdot- so it's attack surface is considerably larger. The following - * tags appear to be accepted by eBay (they don't publish rules): - * {@code },... - *
- */ -public class EbayPolicy { - - // Some common regular expression definitions. - - // The 16 colors defined by the HTML Spec (also used by the CSS Spec) - private static final Pattern COLOR_NAME = Pattern.compile( - "(?:aqua|black|blue|fuchsia|gray|grey|green|lime|maroon|navy|olive|purple" - + "|red|silver|teal|white|yellow)"); - - // HTML/CSS Spec allows 3 or 6 digit hex to specify color - private static final Pattern COLOR_CODE = Pattern.compile( - "(?:#(?:[0-9a-fA-F]{3}(?:[0-9a-fA-F]{3})?))"); - - private static final Pattern NUMBER_OR_PERCENT = Pattern.compile( - "[0-9]+%?"); - private static final Pattern PARAGRAPH = Pattern.compile( - "(?:[\\p{L}\\p{N},'\\.\\s\\-_\\(\\)]|&[0-9]{2};)*"); - private static final Pattern HTML_ID = Pattern.compile( - "[a-zA-Z0-9\\:\\-_\\.]+"); - // force non-empty with a '+' at the end instead of '*' - private static final Pattern HTML_TITLE = Pattern.compile( - "[\\p{L}\\p{N}\\s\\-_',:\\[\\]!\\./\\\\\\(\\)&]*"); - private static final Pattern HTML_CLASS = Pattern.compile( - "[a-zA-Z0-9\\s,\\-_]+"); - - private static final Pattern ONSITE_URL = Pattern.compile( - "(?:[\\p{L}\\p{N}\\\\\\.\\#@\\$%\\+&;\\-_~,\\?=/!]+|\\#(\\w)+)"); - private static final Pattern OFFSITE_URL = Pattern.compile( - "\\s*(?:(?:ht|f)tps?://|mailto:)[\\p{L}\\p{N}]" - + "[\\p{L}\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\(\\)]*\\s*"); - - private static final Pattern NUMBER = Pattern.compile( - "[+-]?(?:(?:[0-9]+(?:\\.[0-9]*)?)|\\.[0-9]+)"); - - private static final Pattern NAME = Pattern.compile("[a-zA-Z0-9\\-_\\$]+"); - - private static final Pattern ALIGN = Pattern.compile( - "(?i)center|left|right|justify|char"); - - private static final Pattern VALIGN = Pattern.compile( - "(?i)baseline|bottom|middle|top"); - - private static final Predicate COLOR_NAME_OR_COLOR_CODE - = new Predicate() { - public boolean apply(String s) { - return COLOR_NAME.matcher(s).matches() - || COLOR_CODE.matcher(s).matches(); - } - }; - - private static final Predicate ONSITE_OR_OFFSITE_URL - = new Predicate() { - public boolean apply(String s) { - return ONSITE_URL.matcher(s).matches() - || OFFSITE_URL.matcher(s).matches(); - } - }; - - private static final Pattern HISTORY_BACK = Pattern.compile( - "(?:javascript:)?\\Qhistory.go(-1)\\E"); - - private static final Pattern ONE_CHAR = Pattern.compile( - ".?", Pattern.DOTALL); - - - public static final PolicyFactory POLICY_DEFINITION; - - static { - POLICY_DEFINITION = new HtmlPolicyBuilder() - .allowAttributes("id").matching(HTML_ID).globally() - .allowAttributes("class").matching(HTML_CLASS).globally() - .allowAttributes("lang").matching(Pattern.compile("[a-zA-Z]{2,20}")) - .globally() - .allowAttributes("title").matching(HTML_TITLE).globally() - .allowStyling() - .allowAttributes("align").matching(ALIGN).onElements("p") - .allowAttributes("for").matching(HTML_ID).onElements("label") - .allowAttributes("color").matching(COLOR_NAME_OR_COLOR_CODE) - .onElements("font") - .allowAttributes("face") - .matching(Pattern.compile("[\\w;, \\-]+")) - .onElements("font") - .allowAttributes("size").matching(NUMBER).onElements("font") - .allowAttributes("href").matching(ONSITE_OR_OFFSITE_URL) - .onElements("a") - .allowStandardUrlProtocols() - .allowAttributes("nohref").onElements("a") - .allowAttributes("name").matching(NAME).onElements("a") - .allowAttributes( - "onfocus", "onblur", "onclick", "onmousedown", "onmouseup") - .matching(HISTORY_BACK).onElements("a") - .requireRelNofollowOnLinks() - .allowAttributes("src").matching(ONSITE_OR_OFFSITE_URL) - .onElements("img") - .allowAttributes("name").matching(NAME) - .onElements("img") - .allowAttributes("alt").matching(PARAGRAPH) - .onElements("img") - .allowAttributes("border", "hspace", "vspace").matching(NUMBER) - .onElements("img") - .allowAttributes("border", "cellpadding", "cellspacing") - .matching(NUMBER).onElements("table") - .allowAttributes("bgcolor").matching(COLOR_NAME_OR_COLOR_CODE) - .onElements("table") - .allowAttributes("background").matching(ONSITE_URL) - .onElements("table") - .allowAttributes("align").matching(ALIGN) - .onElements("table") - .allowAttributes("noresize").matching(Pattern.compile("(?i)noresize")) - .onElements("table") - .allowAttributes("background").matching(ONSITE_URL) - .onElements("td", "th", "tr") - .allowAttributes("bgcolor").matching(COLOR_NAME_OR_COLOR_CODE) - .onElements("td", "th") - .allowAttributes("abbr").matching(PARAGRAPH) - .onElements("td", "th") - .allowAttributes("axis", "headers").matching(NAME) - .onElements("td", "th") - .allowAttributes("scope") - .matching(Pattern.compile("(?i)(?:row|col)(?:group)?")) - .onElements("td", "th") - .allowAttributes("nowrap") - .onElements("td", "th") - .allowAttributes("height", "width").matching(NUMBER_OR_PERCENT) - .onElements("table", "td", "th", "tr", "img") - .allowAttributes("align").matching(ALIGN) - .onElements("thead", "tbody", "tfoot", "img", - "td", "th", "tr", "colgroup", "col") - .allowAttributes("valign").matching(VALIGN) - .onElements("thead", "tbody", "tfoot", - "td", "th", "tr", "colgroup", "col") - .allowAttributes("charoff").matching(NUMBER_OR_PERCENT) - .onElements("td", "th", "tr", "colgroup", "col", - "thead", "tbody", "tfoot") - .allowAttributes("char").matching(ONE_CHAR) - .onElements("td", "th", "tr", "colgroup", "col", - "thead", "tbody", "tfoot") - .allowAttributes("colspan", "rowspan").matching(NUMBER) - .onElements("td", "th") - .allowAttributes("span", "width").matching(NUMBER_OR_PERCENT) - .onElements("colgroup", "col") - .allowElements( - "label", "noscript", "h1", "h2", "h3", "h4", "h5", "h6", - "p", "i", "b", "u", "strong", "em", "small", "big", "pre", "code", - "cite", "samp", "sub", "sup", "strike", "center", "blockquote", - "hr", "br", "col", "font", "map", "span", "div", "img", - "ul", "ol", "li", "dd", "dt", "dl", "tbody", "thead", "tfoot", - "table", "td", "th", "tr", "colgroup", "fieldset", "legend") - .toFactory(); - } - - public static void main(String[] args) throws IOException { - if (args.length != 0) { - System.err.println("Reads from STDIN and writes to STDOUT"); - System.exit(-1); - } - System.err.println("[Reading from STDIN]"); - // Fetch the HTML to sanitize. - String html = CharStreams.toString( - new InputStreamReader(System.in, Charsets.UTF_8)); - // Set up an output channel to receive the sanitized HTML. - HtmlStreamRenderer renderer = HtmlStreamRenderer.create( - System.out, - // Receives notifications on a failure to write to the output. - new Handler() { - public void handle(IOException ex) { - Throwables.propagate(ex); // System.out suppresses IOExceptions - } - }, - // Our HTML parser is very lenient, but this receives notifications on - // truly bizarre inputs. - new Handler() { - public void handle(String x) { - throw new AssertionError(x); - } - } - ); - // Use the policy defined above to sanitize the HTML. - HtmlSanitizer.sanitize(html, POLICY_DEFINITION.apply(renderer)); - } -} \ No newline at end of file diff --git a/core/src/main/java/hudson/markup/EscapedMarkupFormatter.java b/core/src/main/java/hudson/markup/EscapedMarkupFormatter.java new file mode 100644 index 0000000000..849a687253 --- /dev/null +++ b/core/src/main/java/hudson/markup/EscapedMarkupFormatter.java @@ -0,0 +1,60 @@ +/* + * The MIT License + * + * Copyright 2011 Seiji Sogabe + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package hudson.markup; + +import hudson.Extension; +import hudson.Util; +import hudson.markup.MarkupFormatter; +import hudson.markup.MarkupFormatterDescriptor; +import java.io.IOException; +import java.io.Writer; +import org.kohsuke.stapler.DataBoundConstructor; + +/** + * @link MarkupFormatter} that treats the input as the escaped html. + * + * @author Seiji Sogabe + * @since 1.553 + */ +public class EscapedMarkupFormatter extends MarkupFormatter { + + @DataBoundConstructor + public EscapedMarkupFormatter() { + } + + @Override + public void translate(String markup, Writer output) throws IOException { + output.write(Util.escape(markup)); + } + + @Extension + public static class DescriptorImpl extends MarkupFormatterDescriptor { + + @Override + public String getDisplayName() { + return "Escaped HTML"; + } + } + +} diff --git a/core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java b/core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java deleted file mode 100644 index 4f6ea5435e..0000000000 --- a/core/src/main/java/hudson/markup/HtmlPolicyBuilder2.java +++ /dev/null @@ -1,42 +0,0 @@ -package hudson.markup; - -import com.google.common.base.Predicate; -import org.owasp.html.HtmlPolicyBuilder; - -import java.util.regex.Pattern; - -/** - * {@link HtmlPolicyBuilder} with additional - * functions to simplify transcoding policy definition - * from OWASP AntiSamy policy files. - * - * @author Kohsuke Kawaguchi - */ -class HtmlPolicyBuilder2 extends HtmlPolicyBuilder { - public void tag(String names, Object... attributes) { - String[] tags = names.split(","); - for (int i=0; iOWASP AntiSamy MySpace Policy - */ -public class MyspacePolicy { - public static final PolicyFactory POLICY_DEFINITION; - - private static final Pattern ONSITE_URL = Pattern.compile( - "(?:[\\p{L}\\p{N}\\\\\\.\\#@\\$%\\+&;\\-_~,\\?=/!]+|\\#(\\w)+)"); - private static final Pattern OFFSITE_URL = Pattern.compile( - "\\s*(?:(?:ht|f)tps?://|mailto:)[\\p{L}\\p{N}]" - + "[\\p{L}\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\(\\)]*\\s*"); - - private static final Predicate ONSITE_OR_OFFSITE_URL - = new Predicate() { - public boolean apply(String s) { - return ONSITE_URL.matcher(s).matches() - || OFFSITE_URL.matcher(s).matches(); - } - }; - - static { - POLICY_DEFINITION = new HtmlPolicyBuilder2() {{ - allowAttributes("id","class","lang","title", - "alt","style","media","href","name","shape", - "border","cellpadding","cellspacing","colspan","rowspan", - "background","bgcolor","abbr","headers","charoff","char", - "aixs","nowrap","width","height","align","valign","scope", - "tabindex","disabled","readonly","accesskey","size", - "autocomplete","rows","cols").globally(); - - disallowElements( - // I'm allowing iframe - "script","noscript",/*"iframe",*/"frameset","frame"); - - tag("label", "for"); - tag("form", "action",ONSITE_URL, - "method"); - tag("button", "value", "type"); - tag("input", "maxlength","checked", - "src",ONSITE_OR_OFFSITE_URL, - "usemap",ONSITE_URL, - "type","value"); - tag("select", "multiple"); - tag("option", "value","label","selected"); - tag("textarea"); - tag("h1,h2,h3,h4,h5,h6,p,i,b,u,strong,em,small,big,pre,code,cite,samp,sub,sup,strike,center,blockquote"); - tag("hr,br,col"); - tag("font", "color", "face", "size"); - tag("a", "nohref","rel"); - tag("style", "type"); - tag("span,div"); - tag("img", "src",ONSITE_OR_OFFSITE_URL, - "hspace","vspace"); - tag("ul,ol,li,dd,dl,dt,thead,tbody,tfoot"); - tag("table", "noresize"); - tag("td,th,tr"); - tag("colgroup", "span"); - tag("col", "span"); - tag("fieldset,legend"); - allowStandardUrlProtocols(); - }}.toFactory(); - } - - public static void main(String[] args) throws IOException { - // Fetch the HTML to sanitize. - String html = "Google"; - // Set up an output channel to receive the sanitized HTML. - HtmlStreamRenderer renderer = HtmlStreamRenderer.create( - System.out, - // Receives notifications on a failure to write to the output. - new Handler() { - public void handle(IOException ex) { - Throwables.propagate(ex); // System.out suppresses IOExceptions - } - }, - // Our HTML parser is very lenient, but this receives notifications on - // truly bizarre inputs. - new Handler() { - public void handle(String x) { - throw new AssertionError(x); - } - } - ); - // Use the policy defined above to sanitize the HTML. - HtmlSanitizer.sanitize(html, POLICY_DEFINITION.apply(renderer)); - } -} diff --git a/core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java b/core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java deleted file mode 100644 index 89b0eca43d..0000000000 --- a/core/src/main/java/hudson/markup/RawHtmlMarkupFormatter.java +++ /dev/null @@ -1,71 +0,0 @@ -package hudson.markup; - -import com.google.common.base.Throwables; -import hudson.Extension; -import org.kohsuke.stapler.DataBoundConstructor; -import org.owasp.html.Handler; -import org.owasp.html.HtmlSanitizer; -import org.owasp.html.HtmlStreamRenderer; - -import java.io.IOException; -import java.io.Writer; - -/** - * {@link MarkupFormatter} that treats the input as the raw html. - * This is the backward compatible behaviour. - * - * @author Kohsuke Kawaguchi - */ -public class RawHtmlMarkupFormatter extends MarkupFormatter { - - final boolean disableSyntaxHighlighting; - - @DataBoundConstructor - public RawHtmlMarkupFormatter(final boolean disableSyntaxHighlighting) { - this.disableSyntaxHighlighting = disableSyntaxHighlighting; - } - - public boolean isDisableSyntaxHighlighting() { - return disableSyntaxHighlighting; - } - - @Override - public void translate(String markup, Writer output) throws IOException { - HtmlStreamRenderer renderer = HtmlStreamRenderer.create( - output, - // Receives notifications on a failure to write to the output. - new Handler() { - public void handle(IOException ex) { - Throwables.propagate(ex); // System.out suppresses IOExceptions - } - }, - // Our HTML parser is very lenient, but this receives notifications on - // truly bizarre inputs. - new Handler() { - public void handle(String x) { - throw new Error(x); - } - } - ); - // Use the policy defined above to sanitize the HTML. - HtmlSanitizer.sanitize(markup, MyspacePolicy.POLICY_DEFINITION.apply(renderer)); - } - - public String getCodeMirrorMode() { - return disableSyntaxHighlighting ? null : "htmlmixed"; - } - - public String getCodeMirrorConfig() { - return "mode:'text/html'"; - } - - @Extension - public static class DescriptorImpl extends MarkupFormatterDescriptor { - @Override - public String getDisplayName() { - return "Raw HTML"; - } - } - - public static final MarkupFormatter INSTANCE = new RawHtmlMarkupFormatter(false); -} diff --git a/core/src/main/java/jenkins/model/Jenkins.java b/core/src/main/java/jenkins/model/Jenkins.java index dc87020a82..a23b19fe6f 100644 --- a/core/src/main/java/jenkins/model/Jenkins.java +++ b/core/src/main/java/jenkins/model/Jenkins.java @@ -120,7 +120,7 @@ import hudson.cli.declarative.CLIResolver; import hudson.lifecycle.Lifecycle; import hudson.logging.LogRecorderManager; import hudson.lifecycle.RestartNotSupportedException; -import hudson.markup.RawHtmlMarkupFormatter; +import hudson.markup.EscapedMarkupFormatter; import hudson.remoting.Callable; import hudson.remoting.LocalChannel; import hudson.remoting.VirtualChannel; @@ -1282,8 +1282,9 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve * never null. * @since 1.391 */ - public MarkupFormatter getMarkupFormatter() { - return markupFormatter!=null ? markupFormatter : RawHtmlMarkupFormatter.INSTANCE; + public @Nonnull MarkupFormatter getMarkupFormatter() { + MarkupFormatter f = markupFormatter; + return f != null ? f : new EscapedMarkupFormatter(); } /** diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.jelly b/core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.jelly similarity index 68% rename from core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.jelly rename to core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.jelly index 945e93ee59..724f54a7ad 100644 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.jelly +++ b/core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.jelly @@ -4,7 +4,4 @@ ${%blurb} - - - diff --git a/core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.properties b/core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.properties new file mode 100644 index 0000000000..43b9b97393 --- /dev/null +++ b/core/src/main/resources/hudson/markup/EscapedMarkupFormatter/config.properties @@ -0,0 +1 @@ +blurb=Treats all input as plain text, with no HTML permitted. diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties deleted file mode 100644 index b94a034a7f..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config.properties +++ /dev/null @@ -1,2 +0,0 @@ -blurb=Treat the text as HTML and use it as is without any translation -disableSyntaxHighlighting=Disable syntax highlighting diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties deleted file mode 100644 index a29b3125ad..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_bg.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=\u0421\u0447\u0438\u0442\u0430\u0439 \u0442\u0435\u043A\u0441\u0442\u0430 \u0437\u0430 HTML \u0438 \u0433\u043E \u043F\u0440\u0438\u0435\u043C\u0438 \u0431\u0435\u0437 \u043F\u0440\u0435\u0432\u043E\u0434 -disableSyntaxHighlighting=\u0418\u0437\u043A\u043B\u044E\u0447\u0432\u0430\u043D\u0435 \u043D\u0430 \u043E\u0446\u0432\u0435\u0442\u044F\u0432\u0430\u043D\u0435 \u043D\u0430 \u0441\u0438\u043D\u0442\u0430\u043A\u0441\u0438\u0441\u0430 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties deleted file mode 100644 index 9fbfb9db2c..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_cs.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=Br\u00E1t text jako HTML a pou\u017E\u00EDt ho bez jak\u00E9hokoliv p\u0159ekladu -disableSyntaxHighlighting=Zru\u0161it zv\u00FDraz\u0148ov\u00E1n\u00ED syntaxe diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties deleted file mode 100644 index f9b9b7f219..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_da.properties +++ /dev/null @@ -1,23 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -disableSyntaxHighlighting=Sl\u00E5 syntaks markering fra diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties deleted file mode 100644 index bb70491a0b..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_de.properties +++ /dev/null @@ -1,2 +0,0 @@ -blurb=Behandle den Text als HTML ohne jede bersetzung -disableSyntaxHighlighting=Syntaxhervorhebung abschalten diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties deleted file mode 100644 index 21aa3bf912..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_es.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-, Kohsuke Kawaguchi, Sun Microsystems, Inc., and a number of other of contributers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=Utiliza el texto como HTML -disableSyntaxHighlighting=Deshabilitar coloreado de sintaxis. diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties deleted file mode 100644 index 4409a15661..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fi.properties +++ /dev/null @@ -1,3 +0,0 @@ -# This file is under the MIT License by authors - -blurb=K\u00E4sittele teksti\u00E4 HTML:n\u00E4 ja k\u00E4yt\u00E4 sit\u00E4 sellaisenaan ilman k\u00E4\u00E4nn\u00F6st\u00E4 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties deleted file mode 100644 index e5d31cf342..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_fr.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=Consid\u00E9rer le texte comme du HTML et l''utiliser sans le traduire -disableSyntaxHighlighting=D\u00E9sactiver la coloration syntaxique diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties deleted file mode 100644 index 27999f33ef..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hi_IN.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=\u092A\u093E\u0920 \u0915\u094B HTML \u0915\u0947 \u0930\u0942\u092A \u092E\u0947\u0902 \u0926\u0947\u0916\u093F\u090F \u0914\u0930 \u0907\u0938\u0915\u093E \u0909\u092A\u092F\u094B\u0917 \u0915\u093F\u0938\u0940 \u092D\u0940 \u0905\u0928\u0941\u0935\u093E\u0926 \u0915\u0947 \u092C\u093F\u0928\u093E \u0915\u0930\u0947\u0902 -disableSyntaxHighlighting=\u0935\u093E\u0915\u094D\u092F \u0930\u091A\u0928\u093E \u0938\u0947 \u092A\u094D\u0930\u0915\u093E\u0936 \u0939\u091F\u093E\u092F\u0947\u0902 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties deleted file mode 100644 index d1ba030ac7..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_hu.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=A sz\u00F6veg kezel\u00E9se HTML-k\u00E9nt \u00E9s felhaszn\u00E1l\u00E1sa ford\u00EDt\u00E1s n\u00E9lk\u00FCl -disableSyntaxHighlighting=Szintaxis kiemel\u00E9s tilt\u00E1sa diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties deleted file mode 100644 index a40c7f44de..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_it.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=tratta il testo come HTML e usalo senza intepretarlo -disableSyntaxHighlighting=Disabilita il syntax highlighting diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties deleted file mode 100644 index 01bec629cc..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ja.properties +++ /dev/null @@ -1,2 +0,0 @@ -blurb=\u30c6\u30ad\u30b9\u30c8\u3092HTML\u3068\u3057\u3066\u6271\u3044\u3001\u5909\u66f4\u3059\u308b\u3053\u3068\u306a\u304f\u305d\u306e\u307e\u307e\u4f7f\u7528\u3057\u307e\u3059\u3002 -disableSyntaxHighlighting=\u30b7\u30f3\u30bf\u30c3\u30af\u30b9\u30cf\u30a4\u30e9\u30a4\u30c8\u3092\u7121\u52b9\u306b\u3059\u308b \ No newline at end of file diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties deleted file mode 100644 index 8eb6bde30c..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ko.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=\uD14D\uC2A4\uD2B8\uB97C HTML\uB85C \uB2E4\uB8E8\uACE0 \uBC88\uC5ED\uD558\uC9C0 \uC54A\uACE0 \uADF8\uB300\uB85C \uC0AC\uC6A9\uD569\uB2C8\uB2E4. -disableSyntaxHighlighting=\uBB38\uBC95 \uD558\uC774\uB77C\uC774\uD305 \uBE44\uD65C\uC131\uD654 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties deleted file mode 100644 index 281c3a427a..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lt.properties +++ /dev/null @@ -1,3 +0,0 @@ -# This file is under the MIT License by authors - -disableSyntaxHighlighting=I\u0161jungti spalvinim\u0105 pagal sintaks\u0119 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties deleted file mode 100644 index e89ef35678..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_lv.properties +++ /dev/null @@ -1,3 +0,0 @@ -# This file is under the MIT License by authors - -disableSyntaxHighlighting=Atsp\u0113jot sintakses izgaismo\u0161anu diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties deleted file mode 100644 index c3bd7a35b4..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nb_NO.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=Behandle teksten som HTML og bruk den uten oversettelse -disableSyntaxHighlighting=Skru av syntaksmarkering diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties deleted file mode 100644 index 9a3abd4f69..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_nl.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=Gebruik deze tekst als HTML zonder vertaling -disableSyntaxHighlighting=Syntaxnadruk uitschakelen diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties deleted file mode 100644 index 73faff5b54..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pl.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=Uznaj tekst za HTML i u\u017Cyj go bez jakiegokolwiek t\u0142umaczenia -disableSyntaxHighlighting=Wy\u0142\u0105cz wyr\u00F3\u017Cnianie sk\u0142adni diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties deleted file mode 100644 index ce55662f01..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_BR.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=Tratar o texto como HTML e us\u00E1-lo como \u00E9, sem qualquer tradu\u00E7\u00E3o -disableSyntaxHighlighting=Desabilitar destaque de sintaxe diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties deleted file mode 100644 index bd32412409..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_pt_PT.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=Tratar o texto como HTML e usar sem qualquer transla\u00E7\u00E3o -disableSyntaxHighlighting=Desactivar destaque de sintaxe. diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties deleted file mode 100644 index 05a3e9d1fc..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_ru.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=\u0422\u0440\u0430\u043A\u0442\u043E\u0432\u0430\u0442\u044C \u0442\u0435\u043A\u0441\u0442 \u043A\u0430\u043A HTML \u0438 \u0438\u0441\u043F\u043E\u043B\u044C\u0437\u043E\u0432\u0430\u0442\u044C \u0435\u0433\u043E "\u043A\u0430\u043A \u0435\u0441\u0442\u044C", \u0431\u0435\u0437 \u043A\u0430\u043A\u043E\u0439-\u043B\u0438\u0431\u043E \u043E\u0431\u0440\u0430\u0431\u043E\u0442\u043A\u0438 -disableSyntaxHighlighting=\u0412\u044B\u043A\u043B\u044E\u0447\u0438\u0442\u044C \u043F\u043E\u0434\u0441\u0432\u0435\u0442\u043A\u0443 \u0441\u0438\u043D\u0442\u0430\u043A\u0441\u0438\u0441\u0430 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties deleted file mode 100644 index 29e9e67603..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sk.properties +++ /dev/null @@ -1,3 +0,0 @@ -# This file is under the MIT License by authors - -disableSyntaxHighlighting=Zak\u00E1\u017E syntaktick\u00E9 zv\u00FDraz\u0148ovanie diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties deleted file mode 100644 index 495024ec73..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_sv_SE.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=Behandla texten som HTML och anv\u00E4nd den som den \u00E4r, utan att \u00F6vers\u00E4tta den -disableSyntaxHighlighting=Inaktivera syntaxmarkering diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties deleted file mode 100644 index 1ac6072bce..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_uk.properties +++ /dev/null @@ -1,4 +0,0 @@ -# This file is under the MIT License by authors - -blurb=\u0421\u043F\u0440\u0438\u0439\u043C\u0430\u0442\u0438 \u0442\u0435\u043A\u0441\u0442 \u044F\u043A HTML \u0456 \u0432\u0438\u043A\u043E\u0440\u0438\u0441\u0442\u043E\u0432\u0443\u0432\u0430\u0442\u0438 \u0439\u043E\u0433\u043E "\u044F\u043A \u0454" \u0431\u0435\u0437 \u0436\u043E\u0434\u043D\u043E\u0433\u043E \u043F\u0435\u0440\u0435\u043A\u043B\u0430\u0434\u0443 -disableSyntaxHighlighting=\u0412\u0438\u043C\u043A\u043D\u0443\u0442\u0438 \u043F\u0456\u0434\u0441\u0432\u0456\u0442\u043A\u0443 \u0441\u0438\u043D\u0442\u0430\u043A\u0441\u0438\u0441\u0443 diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties deleted file mode 100644 index 2818748770..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_CN.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=\u5C06\u6587\u672C\u4F5C\u4E3A HTML \u5E76\u4E14\u4E0D\u52A0\u4EFB\u4F55\u7FFB\u8BD1 -disableSyntaxHighlighting=\u7981\u7528\u8BED\u6CD5\u9AD8\u4EAE diff --git a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties b/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties deleted file mode 100644 index 30d6898a7e..0000000000 --- a/core/src/main/resources/hudson/markup/RawHtmlMarkupFormatter/config_zh_TW.properties +++ /dev/null @@ -1,24 +0,0 @@ -# The MIT License -# -# Copyright (c) 2004-2010, Sun Microsystems, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - -blurb=\u5C07\u9019\u4E9B\u6587\u5B57\u8996\u70BA HTML\uFF0C\u539F\u6C41\u539F\u5473\u7684\u986F\u793A\u51FA\u4F86 -disableSyntaxHighlighting=\u95DC\u9589\u8A9E\u6CD5\u5F69\u8272\u6A19\u793A diff --git a/core/src/test/java/hudson/markup/MyspacePolicyTest.java b/core/src/test/java/hudson/markup/MyspacePolicyTest.java deleted file mode 100644 index 6885afecf8..0000000000 --- a/core/src/test/java/hudson/markup/MyspacePolicyTest.java +++ /dev/null @@ -1,86 +0,0 @@ -package hudson.markup; - -import com.google.common.base.Throwables; -import org.junit.Assert; -import org.junit.Test; -import org.owasp.html.Handler; -import org.owasp.html.HtmlSanitizer; -import org.owasp.html.HtmlStreamRenderer; - -import java.io.IOException; - -/** - * @author Kohsuke Kawaguchi - */ -public class MyspacePolicyTest extends Assert { - @Test - public void testPolicy() { - assertIntact("CB"); - assertIntact("relative"); - assertIntact("myself"); - assertReject("javascript","test"); - - assertIntact(""); - assertIntact(""); - assertIntact(""); - assertReject("javascript",""); - - assertIntact("basic tag"); - assertIntact("

basic block tags

"); - - assertIntact("
  • 1
  • 2
  • 3
"); - assertIntact("
  1. x
"); - assertIntact("
abc
foo
"); - assertIntact("
header
something
"); - assertIntact("

title

blurb
"); - - assertReject("iframe", ""); - - assertReject("script",""); - assertReject("script",""); - assertReject("script",""); - - assertIntact(""); - assertReject("link", ""); - assertIntact("
inline CSS
"); - assertIntact("
"); - - assertReject("sun.com", "
"); - } - - private void assertIntact(String input) { - input = input.replace('\'','\"'); - assertSanitize(input,input); - } - - private void assertReject(String problematic, String input) { - String out = sanitize(input); - assertFalse(out, out.contains(problematic)); - } - - private void assertSanitize(String expected, String input) { - assertEquals(expected,sanitize(input)); - } - - private String sanitize(String input) { - StringBuilder buf = new StringBuilder(); - HtmlStreamRenderer renderer = HtmlStreamRenderer.create( - buf, - // Receives notifications on a failure to write to the output. - new Handler() { - public void handle(IOException ex) { - Throwables.propagate(ex); // System.out suppresses IOExceptions - } - }, - // Our HTML parser is very lenient, but this receives notifications on - // truly bizarre inputs. - new Handler() { - public void handle(String x) { - throw new AssertionError(x); - } - } - ); - HtmlSanitizer.sanitize(input, MyspacePolicy.POLICY_DEFINITION.apply(renderer)); - return buf.toString(); - } -} diff --git a/test/pom.xml b/test/pom.xml index 9d756e4359..c9c15fb1e4 100644 --- a/test/pom.xml +++ b/test/pom.xml @@ -87,6 +87,11 @@ THE SOFTWARE. matrix-auth 1.0.2 + + org.jenkins-ci.plugins + antisamy-markup-formatter + 1.0 + org.mortbay.jetty jetty diff --git a/test/src/test/groovy/lib/form/ApplyButtonTest.groovy b/test/src/test/groovy/lib/form/ApplyButtonTest.groovy index 93f3d5c21d..be84961f20 100644 --- a/test/src/test/groovy/lib/form/ApplyButtonTest.groovy +++ b/test/src/test/groovy/lib/form/ApplyButtonTest.groovy @@ -1,5 +1,6 @@ package lib.form +import hudson.markup.RawHtmlMarkupFormatter import org.junit.Rule import org.junit.Test import org.jvnet.hudson.test.Bug @@ -18,6 +19,7 @@ class ApplyButtonTest { */ @Test @Bug(18436) public void editDescription() { + j.jenkins.markupFormatter = RawHtmlMarkupFormatter.INSTANCE // need something using CodeMirror def p = j.createFreeStyleProject() def b = j.assertBuildStatusSuccess(p.scheduleBuild2(0)) diff --git a/war/pom.xml b/war/pom.xml index 46f2ad1a43..9b0e66bbe0 100644 --- a/war/pom.xml +++ b/war/pom.xml @@ -350,6 +350,12 @@ THE SOFTWARE. 1.0 hpi + + org.jenkins-ci.plugins + antisamy-markup-formatter + 1.0 + hpi + ${project.build.directory}/${project.build.finalName}/WEB-INF/plugins true -- GitLab