Code Monkey home page Code Monkey logo

Comments (3)

soundasleep avatar soundasleep commented on September 2, 2024

With a bit of hacking I've found a way to configure a local installation (through Gradle) to use nekohtml 2.59.

Configure your build.gradle to exclude the transitive dependency:

implementation("net.sf.cssbox:cssbox:$cssboxVersion") {
  exclude group: "net.sourceforge.nekohtml", module: "nekohtml" 
}
implementation "net.sourceforge.htmlunit:neko-htmlunit:$nekoHtmlUnitVersion"

And then it looks like the only change one needs to make is to not use DefaultDOMSource:

public class BetterDOMSource extends DOMSource {
	public BetterDOMSource(DocumentSource src) {
		super(src);
	}

	@Override
	public Document parse() throws SAXException, IOException {
		DOMParser parser = new DOMParser(new HTMLConfiguration(););
		parser.setProperty("http://cyberneko.org/html/properties/names/elems", "lower");
		if (charset != null)
			parser.setProperty("http://cyberneko.org/html/properties/default-encoding", charset);
		parser.parse(new org.xml.sax.InputSource(getDocumentSource().getInputStream()));
		return parser.getDocument();
	}
}

And use this source to load your Documents instead:

ByteArrayInputStream is = new ByteArrayInputStream(html.getBytes(Charset.forName("UTF-8")));
StreamDocumentSource source = new StreamDocumentSource(is, url, "text/html");

DOMSource parser = new BetterDOMSource(source);
Document document = parser.parse();

from cssbox.

miurahr avatar miurahr commented on September 2, 2024

I think we can use org.htmlunit:htmlunit-neko:3.6.0 for CSSBox project.
It solves CVE-2022-29546 and CVE-2022-28366.

I've changed DefaultDOMSource like

    public Document parse() throws SAXException, IOException
    {
        DOMParser parser = new DOMParser(HTMLDocumentImpl.class);
        parser.setProperty("http://cyberneko.org/html/properties/names/elems", "lower");
        if (charset != null)
            parser.setProperty("http://cyberneko.org/html/properties/default-encoding", charset);
        parser.parse(new org.xml.sax.InputSource(getDocumentSource().getInputStream()));
        return parser.getDocument();
    }

from cssbox.

miurahr avatar miurahr commented on September 2, 2024

I've proposed the change to [email protected] in Apr. 2023, and further update today.
#81

from cssbox.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.