onedev/commons

■ ■ ■ ■ ■ ■

commons-codeassist/pom.xml

		skipped 4 lines
5	5		<parent>
6	6		<groupId>io.onedev</groupId>
7	7		<artifactId>commons</artifactId>
8		-	<version>2.0.11</version>
	8	+	<version>2.0.12</version>
9	9		</parent>
10	10		<build>
11	11		<plugins>
		skipped 68 lines

■ ■ ■ ■ ■ ■

commons-jsymbol/pom.xml

		skipped 3 lines
4	4		<parent>
5	5		<groupId>io.onedev</groupId>
6	6		<artifactId>commons</artifactId>
7		-	<version>2.0.11</version>
	7	+	<version>2.0.12</version>
8	8		</parent>
9	9		<artifactId>commons-jsymbol</artifactId>
10	10		<build>
		skipped 148 lines

■ ■ ■ ■ ■ ■

commons-jsymbol/src/main/java/io/onedev/commons/jsymbol/util/HighlightableLabel.java

		skipped 3 lines
4	4
5	5		import org.apache.wicket.markup.html.basic.Label;
6	6		import org.apache.wicket.model.LoadableDetachableModel;
	7	+	import org.unbescape.html.HtmlEscape;
7	8
8		-	import io.onedev.commons.utils.HtmlUtils;
9	9		import io.onedev.commons.utils.LinearRange;
10	10
11	11		@SuppressWarnings("serial")
		skipped 9 lines
21	21		String prefix = label.substring(0, highlight.getFrom());
22	22		String middle = label.substring(highlight.getFrom(), highlight.getTo());
23	23		String suffix = label.substring(highlight.getTo());
24		-	return HtmlUtils.escape(prefix)
	24	+	return HtmlEscape.escapeHtml5(prefix)
25	25		+ "<b>"
26		-	+ HtmlUtils.escape(middle)
	26	+	+ HtmlEscape.escapeHtml5(middle)
27	27		+ "</b>"
28		-	+ HtmlUtils.escape(suffix);
	28	+	+ HtmlEscape.escapeHtml5(suffix);
29	29		} else {
30		-	return HtmlUtils.escape(label);
	30	+	return HtmlEscape.escapeHtml5(label);
31	31		}
32	32		} else {
33	33		return "";
		skipped 15 lines
49	49		String prefix = unqualified.substring(0, highlight.getFrom());
50	50		String middle = unqualified.substring(highlight.getFrom(), highlight.getTo());
51	51		String suffix = unqualified.substring(highlight.getTo());
52		-	highlighted = HtmlUtils.escape(prefix)
	52	+	highlighted = HtmlEscape.escapeHtml5(prefix)
53	53		+ "<b>"
54		-	+ HtmlUtils.escape(middle)
	54	+	+ HtmlEscape.escapeHtml5(middle)
55	55		+ "</b>"
56		-	+ HtmlUtils.escape(suffix);
	56	+	+ HtmlEscape.escapeHtml5(suffix);
57	57		} else {
58		-	highlighted = HtmlUtils.escape(unqualified);
	58	+	highlighted = HtmlEscape.escapeHtml5(unqualified);
59	59		}
60	60		String prefix = qualifiedName.getPrefix();
61	61		String suffix = qualifiedName.getSuffix();
62		-	return (prefix!=null?HtmlUtils.escape(prefix):"") + highlighted
63		-	+ (suffix!=null?HtmlUtils.escape(suffix):"");
	62	+	return (prefix!=null?HtmlEscape.escapeHtml5(prefix):"") + highlighted
	63	+	+ (suffix!=null?HtmlEscape.escapeHtml5(suffix):"");
64	64		} else {
65	65		return "";
66	66		}
		skipped 13 lines

■ ■ ■ ■ ■ ■

commons-jsyntax/pom.xml

		skipped 3 lines
4	4		<parent>
5	5		<groupId>io.onedev</groupId>
6	6		<artifactId>commons</artifactId>
7		-	<version>2.0.11</version>
	7	+	<version>2.0.12</version>
8	8		</parent>
9	9		<artifactId>commons-jsyntax</artifactId>
10	10		<dependencies>
		skipped 46 lines

■ ■ ■ ■ ■ ■

commons-jsyntax/src/main/java/io/onedev/commons/jsyntax/TokenUtils.java

		skipped 4 lines
5	5
6	6		import javax.annotation.Nullable;
7	7
8		-	import org.apache.commons.lang3.StringUtils;
	8	+	import org.unbescape.html.HtmlEscape;
9	9
10		-	import io.onedev.commons.utils.HtmlUtils;
	10	+	import io.onedev.commons.utils.StringUtils;
11	11
12	12		public class TokenUtils {
13	13
		skipped 83 lines
97	97
98	98		public static String toHtml(TextToken token, @Nullable String cssClasses, @Nullable String style) {
99	99		String escapedText;
100		-	if (token.getText().equals("\r"))
	100	+	if (token.getText().equals("\r")) {
101	101		escapedText = " ";
102		-	else
103		-	escapedText = HtmlUtils.escape(token.getText());
	102	+	} else {
	103	+	escapedText = "";
	104	+	for (int i=0; i<token.getText().length(); i++) {
	105	+	char ch = token.getText().charAt(i);
	106	+	if (ch == ' ' \|\| ch == '\t' \|\| !Character.isWhitespace(ch))
	107	+	escapedText += ch;
	108	+	}
	109	+	escapedText = HtmlEscape.escapeHtml5(escapedText);
	110	+	}
104	111
105	112		StringBuilder cssClassesBuilder = new StringBuilder();
106	113		cssClassesBuilder.append(TokenTypes.getNames(token.getType(), "cm-"));
		skipped 49 lines

■ ■ ■ ■ ■ ■

commons-launcher/commons-launcher-bootstrap/pom.xml

		skipped 3 lines
4	4		<parent>
5	5		<groupId>io.onedev</groupId>
6	6		<artifactId>commons-launcher</artifactId>
7		-	<version>2.0.11</version>
	7	+	<version>2.0.12</version>
8	8		</parent>
9	9		<artifactId>commons-launcher-bootstrap</artifactId>
10	10		<build>
		skipped 30 lines

■ ■ ■ ■ ■ ■

commons-launcher/commons-launcher-loader/pom.xml

		skipped 4 lines
5	5		<parent>
6	6		<groupId>io.onedev</groupId>
7	7		<artifactId>commons-launcher</artifactId>
8		-	<version>2.0.11</version>
	8	+	<version>2.0.12</version>
9	9		</parent>
10	10		<build>
11	11		<plugins>
		skipped 45 lines

■ ■ ■ ■ ■ ■

commons-launcher/pom.xml

		skipped 3 lines
4	4		<parent>
5	5		<groupId>io.onedev</groupId>
6	6		<artifactId>commons</artifactId>
7		-	<version>2.0.11</version>
	7	+	<version>2.0.12</version>
8	8		</parent>
9	9		<artifactId>commons-launcher</artifactId>
10	10		<packaging>pom</packaging>
		skipped 73 lines

■ ■ ■ ■ ■ ■

commons-utils/pom.xml

		skipped 4 lines
5	5		<parent>
6	6		<groupId>io.onedev</groupId>
7	7		<artifactId>commons</artifactId>
8		-	<version>2.0.11</version>
	8	+	<version>2.0.12</version>
9	9		</parent>
10	10		<artifactId>commons-utils</artifactId>
11	11		<dependencies>
		skipped 91 lines

■ ■ ■ ■ ■ ■

commons-utils/src/main/java/io/onedev/commons/utils/HtmlUtils.java

1	-	package io.onedev.commons.utils;
2	-
3	-	import java.util.Collection;
4	-	import java.util.regex.Matcher;
5	-
6	-	import org.jsoup.Jsoup;
7	-	import org.jsoup.nodes.Attribute;
8	-	import org.jsoup.nodes.Document;
9	-	import org.jsoup.nodes.Element;
10	-	import org.jsoup.nodes.Node;
11	-	import org.jsoup.nodes.TextNode;
12	-	import org.jsoup.safety.Cleaner;
13	-	import org.jsoup.safety.Whitelist;
14	-	import org.unbescape.html.HtmlEscape;
15	-
16	-	import com.google.common.collect.Lists;
17	-
18	-	public class HtmlUtils {
19	-
20	-	private static final String[] SAFE_TAGS = new String[] { "h1", "h2", "h3", "h4", "h5", "h6", "h7", "h8", "br", "b",
21	-	"i", "strong", "em", "a", "pre", "code", "img", "tt", "div", "ins", "del", "sup", "sub", "p", "ol", "ul",
22	-	"li", "table", "thead", "tbody", "tfoot", "th", "tr", "td", "rt", "rp", "blockquote", "dl", "dt", "dd",
23	-	"kbd", "q", "hr", "strike", "caption", "cite", "col", "colgroup", "small", "span", "u", "input", "video", "source"};
24	-
25	-	private static final String[] SAFE_ATTRIBUTES = new String[] { "abbr", "accept", "accept-charset", "accesskey",
26	-	"action", "align", "alt", "axis", "border", "cellpadding", "cellspacing", "char", "charoff", "charset",
27	-	"checked", "cite", "clear", "cols", "colspan", "color", "compact", "coords", "datetime", "details", "dir",
28	-	"disabled", "enctype", "for", "frame", "headers", "height", "hreflang", "hspace", "ismap", "label", "lang",
29	-	"longdesc", "maxlength", "media", "method", "multiple", "name", "nohref", "noshade", "nowrap", "prompt",
30	-	"readonly", "rel", "rev", "rows", "rowspan", "rules", "scope", "selected", "shape", "size", "span", "start",
31	-	"style", "summary", "tabindex", "target", "title", "type", "usemap", "valign", "value", "vspace", "width",
32	-	"itemprop", "class", "controls", "id"};
33	-
34	-	private static final String[] SAFE_ANCHOR_SCHEMES = new String[] { "http", "https", "mailto", };
35	-
36	-	private static final Whitelist whiteList;
37	-
38	-	static {
39	-	whiteList = new Whitelist() {
40	-
41	-	@Override
42	-	protected boolean isSafeAttribute(String tagName, Element el, Attribute attr) {
43	-	if (attr.getKey().startsWith("data-"))
44	-	return true;
45	-	else
46	-	return super.isSafeAttribute(tagName, el, attr);
47	-	}
48	-
49	-	};
50	-
51	-	whiteList.addTags(SAFE_TAGS)
52	-	.addAttributes("a", "href", "title")
53	-	.addAttributes("img", "align", "alt", "height", "src", "title", "width")
54	-	.addAttributes("div", "itemscope", "itemtype")
55	-	.addAttributes("source", "src")
56	-	.addAttributes(":all", SAFE_ATTRIBUTES)
57	-	.addProtocols("a", "href", SAFE_ANCHOR_SCHEMES)
58	-	.addProtocols("blockquote", "cite", "http", "https")
59	-	.addProtocols("cite", "cite", "http", "https")
60	-	.addProtocols("img", "src", "http", "https")
61	-	.addProtocols("q", "cite", "http", "https")
62	-	.preserveRelativeLinks(true);
63	-	}
64	-
65	-	public static boolean hasAncestor(Node node, Collection<String> tags) {
66	-	Node parent = node.parentNode();
67	-	while (parent != null) {
68	-	if (parent instanceof Element) {
69	-	Element e = (Element) parent;
70	-	if (tags.contains(e.tagName().toLowerCase())) {
71	-	return true;
72	-	}
73	-	}
74	-
75	-	parent = parent.parentNode();
76	-	}
77	-
78	-	return false;
79	-	}
80	-
81	-	public static boolean hasAncestor(Node node, String tag) {
82	-	return hasAncestor(node, Lists.newArrayList(tag));
83	-	}
84	-
85	-	public static void appendReplacement(Matcher matcher, Node node, String replacement) {
86	-	StringBuffer buffer = new StringBuffer();
87	-	matcher.appendReplacement(buffer, "");
88	-	if (buffer.length() != 0)
89	-	node.before(new TextNode(buffer.toString(), node.baseUri()));
90	-	node.before(replacement);
91	-	}
92	-
93	-	public static void appendTail(Matcher matcher, Node node) {
94	-	StringBuffer buffer = new StringBuffer();
95	-	matcher.appendTail(buffer);
96	-	if (buffer.length() != 0)
97	-	node.before(new TextNode(buffer.toString(), node.baseUri()));
98	-	node.remove();
99	-	}
100	-
101	-	public static Document sanitize(Document doc) {
102	-	return new Cleaner(whiteList).clean(doc);
103	-	}
104	-
105	-	public static Document parse(String html) {
106	-	// Use a faked baseURI, otherwise all relative urls will be stripped out
107	-	return Jsoup.parseBodyFragment(html, "http://localhost/sanitize");
108	-	}
109	-
110	-	public static String escape(String text) {
111	-	String escapedText = "";
112	-	for (int i=0; i<text.length(); i++) {
113	-	char ch = text.charAt(i);
114	-	if (ch == ' ' \|\| ch == '\t' \|\| !Character.isWhitespace(ch))
115	-	escapedText += ch;
116	-	}
117	-	return HtmlEscape.escapeHtml5(escapedText);
118	-	}
119	-
120	-	public static String formatAsHtml(String text) {
121	-	text = HtmlEscape.escapeHtml5(text);
122	-	text = StringUtils.replace(text, "\n", "<br>");
123	-	text = StringUtils.replace(text, " ", " ");
124	-	return text;
125	-	}
126	-	}
127	-

■ ■ ■ ■ ■ ■

pom.xml

		skipped 8 lines
9	9		<version>1.0.5</version>
10	10		</parent>
11	11		<artifactId>commons</artifactId>
12		-	<version>2.0.11</version>
	12	+	<version>2.0.12</version>
13	13		<packaging>pom</packaging>
14	14		<modules>
15	15		<module>commons-utils</module>
		skipped 78 lines
94	94		<dependency>
95	95		<groupId>org.apache.commons</groupId>
96	96		<artifactId>commons-compress</artifactId>
97		-	<version>1.19</version>
	97	+	<version>1.21</version>
98	98		</dependency>
99	99		<dependency>
100	100		<groupId>com.google.code.findbugs</groupId>
		skipped 23 lines
124	124		<dependency>
125	125		<groupId>org.apache.ant</groupId>
126	126		<artifactId>ant</artifactId>
127		-	<version>1.10.9</version>
	127	+	<version>1.10.11</version>
128	128		</dependency>
129	129		<dependency>
130	130		<groupId>commons-io</groupId>
		skipped 167 lines
298	298		<slf4j.version>1.7.5</slf4j.version>
299	299		<logback.version>1.2.0</logback.version>
300	300		<antlr.version>4.7.2</antlr.version>
301		-	<jetty.version>9.4.37.v20210219</jetty.version>
302		-	<wicket.version>7.14.0</wicket.version>
	301	+	<jetty.version>9.4.43.v20210629</jetty.version>
	302	+	<wicket.version>7.17.0</wicket.version>
303	303		<guice.version>4.2.2</guice.version>
304	304		</properties>
305	305		</project>
		skipped 1 lines

Update some third party libraries