Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18000

Upgrade to CSS4J 3.1.0

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.8
    • Fix Version/s: 12.10
    • Component/s: Dependency Upgrades
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Similar issues:

      Description

      Release Highlights
      Previous versions were vulnerable to DoS attacks, and the new protections use the new CSSDocument.isAuthorizedOrigin(URL) method.
      The method ErrorHandler.hasErrors() now returns true if there are I/O errors. Those errors were previously considered transient, and therefore weren't appearing there.
      DOM: on attribute nodes, getTextContent() now returns the attribute value instead of the empty string.
      [3.1] DOM: DOMDocument.getDomConfig() was undeprecated, and the DOMConfiguration can be used to control the normalisation of the document.
      [3.1] DOM: DOM nodes now implement java.io.Serializable.
      [3.1] DefaultEntityResolver.resolveEntity(DocumentTypeDeclaration) is deprecated.
      ("DOM:" means that the change applies to "Native DOM implementation").
      
      
      
      These new behaviours mean that the new releases are not fully backwards-compatible with the latest releases from their branches, so the minor versions were bumped to 3.1, 2.2 and 1.1.
      
      
      
      Additionally, the following are important fixes/improvements:
      
      [3.1] Case sensitivity fixes: Native DOM correctly matched the selector [Foo] to the attribute foo="bar" in HTML documents, but neither the XML-oriented DOM implementations in the DOM wrapper nor the DOM4J back-end did. Now they both do, and a few other smaller case sensitivity fixes were applied as well.
      [3.1] DOM: indented serialisation of inline-block elements in DOMWriter.
      DOM: normalisation of element-content whitespace is now based on the value of the whitespace CSS property, and so does DOMWriter serialisation (note: 1.0.9 already had this fix, and only 3.1 has configurable normalisation).
      Due to the security fixes, all users that process untrusted HTML or CSS with css4j should upgrade.
      

        Attachments

          Activity

            People

            Assignee:
            vmassol Vincent Massol
            Reporter:
            vmassol Vincent Massol
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: