Prepare for 0.14.0 release

Author: robinst

CHANGELOG.md

@@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html),
 with the exception that 0.x versions can break between minor versions.
 
+## [0.14.0] - 2020-01-22
+### Added
+- Add `sanitizeUrls` to `HtmlRenderer.Builder` to enable sanitizing URLs
+  of `<a>` and `<img>` tags. Sanitizing logic can be customized via
+  `urlSanitizer`. Thanks @VandorpeDavid
+
 ## [0.13.1] - 2019-11-25
 ### Fixed
 - Fix potential `StackOverflowError` for regular expressions used in the
@@ -263,6 +269,7 @@ Initial release of commonmark-java, a port of commonmark.js with extensions
 for autolinking URLs, GitHub flavored strikethrough and tables.
 
 
+[0.14.0]: https://github.com/atlassian/commonmark-java/compare/commonmark-parent-0.13.1...commonmark-parent-0.14.0
 [0.13.1]: https://github.com/atlassian/commonmark-java/compare/commonmark-parent-0.13.0...commonmark-parent-0.13.1
 [0.13.0]: https://github.com/atlassian/commonmark-java/compare/commonmark-parent-0.12.1...commonmark-parent-0.13.0
 [0.12.1]: https://github.com/atlassian/commonmark-java/compare/commonmark-parent-0.11.0...commonmark-parent-0.12.1

commonmark/src/main/java/org/commonmark/renderer/html/HtmlNodeRendererContext.java

@@ -1,7 +1,7 @@
 package org.commonmark.renderer.html;
 
-import org.commonmark.node.Link;
 import org.commonmark.node.Image;
+import org.commonmark.node.Link;
 import org.commonmark.node.Node;
 
 import java.util.Map;
@@ -48,14 +48,14 @@ public interface HtmlNodeRendererContext {
     boolean shouldEscapeHtml();
 
     /**
-     *
      * @return true if the {@link UrlSanitizer} should be used.
+     * @since 0.14.0
      */
     boolean shouldSanitizeUrls();
 
     /**
-     *
-     * @return Sanitizer to use for securing {@link Link} href and {@link Image} src if sanitizeUrls is true.
+     * @return Sanitizer to use for securing {@link Link} href and {@link Image} src if {@link #shouldSanitizeUrls()} is true.
+     * @since 0.14.0
      */
     UrlSanitizer urlSanitizer();
 }

commonmark/src/main/java/org/commonmark/renderer/html/HtmlRenderer.java

@@ -3,11 +3,7 @@
 import org.commonmark.Extension;
 import org.commonmark.internal.renderer.NodeRendererMap;
 import org.commonmark.internal.util.Escaping;
-import org.commonmark.node.HtmlBlock;
-import org.commonmark.node.HtmlInline;
-import org.commonmark.node.Link;
-import org.commonmark.node.Image;
-import org.commonmark.node.Node;
+import org.commonmark.node.*;
 import org.commonmark.renderer.NodeRenderer;
 import org.commonmark.renderer.Renderer;
 
@@ -134,22 +130,22 @@ public Builder escapeHtml(boolean escapeHtml) {
 
         /**
          * Whether {@link Image} src and {@link Link} href should be sanitized, defaults to {@code false}.
-         * <p>
          *
          * @param sanitizeUrls true for sanitization, false for preserving raw attribute
          * @return {@code this}
+         * @since 0.14.0
          */
         public Builder sanitizeUrls(boolean sanitizeUrls) {
             this.sanitizeUrls = sanitizeUrls;
             return this;
         }
 
         /**
-         * {@link UrlSanitizer} used to filter URL's if sanitizeUrls is true.
-         * <p>
+         * {@link UrlSanitizer} used to filter URL's if {@link #sanitizeUrls} is true.
          *
          * @param urlSanitizer Filterer used to filter {@link Image} src and {@link Link}.
          * @return {@code this}
+         * @since 0.14.0
          */
         public Builder urlSanitizer(UrlSanitizer urlSanitizer) {
             this.urlSanitizer = urlSanitizer;

commonmark/src/main/java/org/commonmark/renderer/html/UrlSanitizer.java

@@ -6,21 +6,25 @@
 /**
  * Sanitizes urls for img and a elements by whitelisting protocols.
  * This is intended to prevent XSS payloads like [Click this totally safe url](javascript:document.xss=true;)
- *
+ * <p>
  * Implementation based on https://github.com/OWASP/java-html-sanitizer/blob/f07e44b034a45d94d6fd010279073c38b6933072/src/main/java/org/owasp/html/FilterUrlByProtocolAttributePolicy.java
+ *
+ * @since 0.14.0
  */
 public interface UrlSanitizer {
     /**
      * Sanitize a url for use in the href attribute of a {@link Link}.
+     *
      * @param url Link to sanitize
      * @return Sanitized link
      */
-    public String sanitizeLinkUrl(String url);
+    String sanitizeLinkUrl(String url);
 
     /**
      * Sanitize a url for use in the src attribute of a {@link Image}.
+     *
      * @param url Link to sanitize
      * @return Sanitized link {@link Image}
      */
-    public String sanitizeImageUrl(String url);
+    String sanitizeImageUrl(String url);
 }