Release candidate 20200713.1

OWASP · forum-is · Oct 9, 2015 · Oct 9, 2015 · Oct 9, 2015 · Nov 9, 2015
commit 25c3d64c4c0764d86792a2e23b8f5498a449b9de
diff --git a/README.md b/README.md
@@ -35,7 +35,7 @@ how to get started with or without Maven.
 ## Prepackaged Policies
 
 You can use
-[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/Sanitizers.html):
+[prepackaged policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/Sanitizers.html):
 
 ```Java
 PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
@@ -47,7 +47,7 @@ String safeHTML = policy.sanitize(untrustedHTML);
 The
 [tests](https://github.com/OWASP/java-html-sanitizer/blob/master/src/test/java/org/owasp/html/HtmlPolicyBuilderTest.java)
 show how to configure your own
-[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlPolicyBuilder.html):
+[policy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlPolicyBuilder.html):
 
 ```Java
 PolicyFactory policy = new HtmlPolicyBuilder()
@@ -62,7 +62,7 @@ String safeHTML = policy.sanitize(untrustedHTML);
 ## Custom Policies
 
 You can write
-[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/ElementPolicy.html)
+[custom policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/ElementPolicy.html)
 to do things like changing `h1`s to `div`s with a certain class:
 
 ```Java
@@ -85,7 +85,7 @@ need to be explicitly whitelisted using the `allowWithoutAttributes()`
 method if you want them to be allowed through the filter when these
 elements do not include any attributes.
 
-[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks.
+[Attribute policies](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/AttributePolicy.html) allow running custom code too. Adding an attribute policy will not water down any default policy like `style` or URL attribute checks.
 
 ```Java
 new HtmlPolicyBuilder = new HtmlPolicyBuilder()
@@ -153,7 +153,7 @@ of the output.
 
 ## Telemetry
 
-When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlChangeListener.html).
+When a policy rejects an element or attribute it notifies an [HtmlChangeListener](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlChangeListener.html).
 
 You can use this to keep track of policy violation trends and find out when someone
 is making an effort to breach your security.

diff --git a/aggregate/pom.xml b/aggregate/pom.xml
@@ -3,12 +3,12 @@
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>aggregate</artifactId>
  <packaging>pom</packaging>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  <parent>
  <relativePath>../parent</relativePath>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>parent</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  </parent>
 
  <modules>

diff --git a/change_log.md b/change_log.md
@@ -1,6 +1,10 @@
 # OWASP Java HTML Sanitizer Change Log
 
 Most recent at top.
+ * Release 20200713.1
+ * Do not lower-case SVG/MathML names.
+ This shouldn't cause problems since it was hard to write policies for
+ SBG, but be aware that SVG's `<textArea>` is now distinct from HTML's `<textarea>`.
  * Release 20200615.1
  * Change `.and` when combining two policies to respect explicit `skipIfEmpty` decisions.
  * HTML entity decoding now follows HTML standard rules about when a semicolon is optional.

diff --git a/docs/getting_started.md b/docs/getting_started.md
@@ -30,16 +30,16 @@ it to HTML.
 The
 [javadoc](http://javadoc.io/doc/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/)
 covers more detailed topics, including
-[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlPolicyBuilder.html).
+[customization](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlPolicyBuilder.html).
 
 Important classes are:
 
- * [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
- * [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
+ * [Sanitizers](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
+ * [HtmlPolicyBuilder](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
 
 For advanced use, see:
- * [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization.
- * [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
+ * [AttributePolicy](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20180219.1/org/owasp/html/ElementPolicy.html) allow complex customization.
+ * [HtmlStreamEventReceiver](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
 
 ## Asking Questions
 

diff --git a/docs/maven.md b/docs/maven.md
@@ -23,7 +23,7 @@ Bigger numbers are more recent and the [change log](../change_log.md)
 can shed light on the salient differences.
 
 You should be able to build with the HTML sanitizer. You can read the
-[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200615.1/index.html),
+[javadoc](https://static.javadoc.io/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer/20200713.1/index.html),
 and if you have questions that aren't answered by these wiki pages,
 you can ask on the
 [mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support).

diff --git a/empiricism/pom.xml b/empiricism/pom.xml
@@ -2,13 +2,13 @@
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>html-types</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  <packaging>jar</packaging>
  <parent>
  <relativePath>../parent</relativePath>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>parent</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  </parent>
 
  <name>empiricism</name>

diff --git a/html-types/pom.xml b/html-types/pom.xml
@@ -2,13 +2,13 @@
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>html-types</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  <packaging>bundle</packaging>
  <parent>
  <relativePath>../parent</relativePath>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>parent</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  </parent>
 
  <name>OWASP Java HTML Sanitizer Safe HTML Compatibility</name>

diff --git a/parent/pom.xml b/parent/pom.xml
@@ -2,7 +2,7 @@
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>parent</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
 
  <packaging>pom</packaging>
 

diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
  <relativePath>parent</relativePath>
  <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
  <artifactId>parent</artifactId>
- <version>20200615.2-SNAPSHOT</version>
+ <version>20200713.1</version>
  </parent>
 
  <name>OWASP Java HTML Sanitizer</name>