Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18000

Upgrade to CSS4J 3.1.0



    • New Feature
    • Resolution: Fixed
    • Major
    • 12.10
    • 12.8
    • Dependency Upgrades
    • None
    • Unknown
    • N/A


      Release Highlights
      Previous versions were vulnerable to DoS attacks, and the new protections use the new CSSDocument.isAuthorizedOrigin(URL) method.
      The method ErrorHandler.hasErrors() now returns true if there are I/O errors. Those errors were previously considered transient, and therefore weren't appearing there.
      DOM: on attribute nodes, getTextContent() now returns the attribute value instead of the empty string.
      [3.1] DOM: DOMDocument.getDomConfig() was undeprecated, and the DOMConfiguration can be used to control the normalisation of the document.
      [3.1] DOM: DOM nodes now implement java.io.Serializable.
      [3.1] DefaultEntityResolver.resolveEntity(DocumentTypeDeclaration) is deprecated.
      ("DOM:" means that the change applies to "Native DOM implementation").
      These new behaviours mean that the new releases are not fully backwards-compatible with the latest releases from their branches, so the minor versions were bumped to 3.1, 2.2 and 1.1.
      Additionally, the following are important fixes/improvements:
      [3.1] Case sensitivity fixes: Native DOM correctly matched the selector [Foo] to the attribute foo="bar" in HTML documents, but neither the XML-oriented DOM implementations in the DOM wrapper nor the DOM4J back-end did. Now they both do, and a few other smaller case sensitivity fixes were applied as well.
      [3.1] DOM: indented serialisation of inline-block elements in DOMWriter.
      DOM: normalisation of element-content whitespace is now based on the value of the whitespace CSS property, and so does DOMWriter serialisation (note: 1.0.9 already had this fix, and only 3.1 has configurable normalisation).
      Due to the security fixes, all users that process untrusted HTML or CSS with css4j should upgrade.




            vmassol Vincent Massol
            vmassol Vincent Massol
            0 Vote for this issue
            1 Start watching this issue