diff --git a/_service b/_service index 577f47c..5ffdfba 100644 --- a/_service +++ b/_service @@ -2,8 +2,10 @@ git https://github.com/jhy/jsoup.git - 1.14.2 - jsoup-1.14.2 + jsoup-1.15.3 + jsoup-* + @PARENT_TAG@ + jsoup-(.*) src/test/resources diff --git a/jsoup-1.14.2.tar.xz b/jsoup-1.14.2.tar.xz deleted file mode 100644 index 3059833..0000000 --- a/jsoup-1.14.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0857c2c3399879acdd239ef3d56fdcbfe73311d304cf72fb9f3c7ac24f3ef221 -size 227624 diff --git a/jsoup-1.15.3.tar.xz b/jsoup-1.15.3.tar.xz new file mode 100644 index 0000000..ad45566 --- /dev/null +++ b/jsoup-1.15.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cbc46c73b0316f0dd14c6ac39c31373160410d0117df30589d480710ca005b27 +size 249288 diff --git a/jsoup-build.xml b/jsoup-build.xml index b24b1f1..9cf3233 100644 --- a/jsoup-build.xml +++ b/jsoup-build.xml @@ -11,7 +11,7 @@ - + @@ -131,12 +131,16 @@ + - - + + + + + diff --git a/jsoup.changes b/jsoup.changes index 69ebd21..83ea5eb 100644 --- a/jsoup.changes +++ b/jsoup.changes @@ -1,3 +1,181 @@ +------------------------------------------------------------------- +Mon Oct 17 05:42:39 UTC 2022 - Fridrich Strba + +- Upgrade to upstream version 1.15.3 +- Changes of 1.15.3 + * Security + + Fixed bsc#1203459 (CVE-2022-36033), an issue where the jsoup + cleaner may incorrectly sanitize crafted XSS attempts if + SafeList.preserveRelativeLinks is enabled. See the security + advisory for more details. + * Improvements + + The Cleaner will preserve the source position of cleaned + elements, if source tracking is enabled in the original parse. + + The error messages output from Validate are more descriptive. + Exceptions are now ValidationExceptions + (extending IllegalArgumentException). Stack traces do not + include the Validate class, to make it simpler to see where + the exception originated. Common validation errors including + malformed URLs and empty selector results have more explicit + error messages. + + Build Improvement: added implementation version and related + fields to the jar manifest. + * Bug Fixes + + The DataUtil would incorrectly read from InputStreams that + emitted reads less than the requested size. This lead to + incorrect results when parsing from chunked server responses, + for example. +- Changes of 1.15.2 + * Improvements + + Added the ability to track the position (line, column, index) + in the original input source from where a given node was + parsed. Accessible via Node.sourceRange() and + Element.endSourceRange(). + + Added Element.firstElementChild(), Element.lastElementChild(), + Node.firstChild(), Node.lastChild(), as convenient accessors + to those child nodes and elements. + + Added Element.expectFirst(), which is just like + Element.selectFirst(), but instead of returning a null if + there is no match, will throw an IllegalArgumentException. + This is useful if you want to simply abort processing if an + expected match is not found, such as in test cases. + + When pretty-printing HTML, doctypes are emitted on a newline + if there is a preceding comment. + + When pretty-printing, trim the leading and trailing spaces of + textnodes in block tags when possible, so that they are + indented correctly. + + In Element.selectXpath(), disable namespace awareness. This + makes it possible to always select elements by their simple + local name, regardless of whether an xmlns attribute was set. + * Bug Fixes + + When using the DataUtil.readToByteBuffer() method, such as in + Connection.Response.body(), if the document has not already + been parsed and must be read fully, and there is any maximum + buffer size being applied, only the default internal buffer + size was read. + + When serializing HTML, newlines in elements descending from a + pre tag were incorrectly skipped. That caused what should have + been preformatted output to instead be a run of text. + + When pretty-print serializing HTML, newlines separating + phrasing content (e.g. a tag within a

tag would be + incorrectly skipped, instead of normalized to a space. + Additionally, improved space normalization between other end + of line occurences, and whitespace handling after a closing + +- Changes of 1.15.1 + * Changes + + Removed previously deprecated methods and classes (including + org.jsoup.safety.Whitelist; use org.jsoup.safety.Safelist + instead). + * Improvements + + When converting jsoup Documents to W3C Documents in W3CDom, + preserve HTML valid attribute names if the input document is + using the HTML syntax. (Previously, would always coerce using + the more restrictive XML syntax.) + + Added the :containsWholeText(text) selector, to match against + non-normalized Element text. That can be useful when elements + can only be distinguished by e.g. specific case, or leading + whitespace, etc. + + Added Element#wholeOwnText() to retrieve the original + (non-normalized) ownText of an Element. Also added the + :containsWholeOwnText(text) selector, to match against that. + BR elements are now treated as newlines in the wholeText + methods. + + Added the :matchesWholeText(regex) and + :matchesWholeOwnText(regex) selectors, to match against whole + (non-normalized, case sensitive) element text and own text, + respectively. + + When evaluating an XPath query against a context element, the + complete document is now visible to the query, vs only the + context element's sub-tree. This enables support for queries + outside (parent or sibling) the element, e.g. + ancestor-or-self::*. + + Allow a maxPaddingWidth on the indent level in OutputSettings + when pretty printing. This defaults to 30 to limit the indent + level for very deeply nested elements, and may be disabled by + setting to -1. + + When cloning a Node or an Element, the clone gets a cloned + OwnerDocument containing only that clone, so as to preserve + applicable settings, such as the Pretty Print settings. + + Added a convenience method Jsoup.parse(File). + + In the NodeTraversor, added default implementations for + NodeVisitor.tail() and NodeFilter.tail(), so that code using + only head() methods can be written as lambdas. + + In NodeTraversor, added support for removing nodes via + Node.remove() during NodeVisitor.head(). + + Added Node.forEachNode(Consumer) and + Element.forEach(Consumer) should not emit a parse + error. + + When throwing a SelectorParseException for an invalid + selector, don't try to String.format the input, as that could + throw an IllegalFormatException. + + When serializing HTML with Pretty Print enabled, extraneous + whitespace may be added on closing tags, or extra newlines may + be added at the end of script blocks. + + When copy-creating a Safelist from another, perform a + deep-copy of the original's settings, so that changes to the + original after creation do not affect the copy. + + Speed improvement when parsing constructed HTML containing + very deeply incorrectly stacked formatting elements with many + attributes. + + During parsing, a StackOverflowException was possible given + crafted HTML with hundreds of nested table elements followed + by invalid formatting elements. +- Changes of 1.14.3 + * Improvements + + Added native XPath support with Element.selectXpath(String) + + Added full support for the