Remove a deprecated CssHandler constructor to address 1 task in issue #…

…195. Most of the deprecated items listed in this issue have already been addressed by @spassarop.

src/main/java/org/owasp/validator/css/CssHandler.java

@@ -127,12 +127,12 @@ public class CssHandler implements DocumentHandler {
 	 *            the error message bundle to pull from
 	 */
 	public CssHandler(Policy policy, List<String> errorMessages, ResourceBundle messages) {
-		this(policy, null, errorMessages, null, messages);
+		this(policy, errorMessages, messages, null);
 	}
 
 	/**
 	 * Constructs a handler for stylesheets using the given policy. The List of embedded stylesheets
-	 * produced by this constructor is now available via the getImportedStylesheetsURIList() method.
+	 * produced by this constructor is available via the getImportedStylesheetsURIList() method.
 	 *
 	 * @param policy
 	 *            the policy to use
@@ -144,39 +144,14 @@ public CssHandler(Policy policy, List<String> errorMessages, ResourceBundle mess
 	 *            the tag name associated with this inline style
 	 */
 	public CssHandler(Policy policy, List<String> errorMessages, ResourceBundle messages, String tagName) {
-		this(policy, null, errorMessages, tagName, messages);
-	}
-
-	/**
-	 * Constructs a handler for inline style declarations using the given policy
-	 * and queue for imported stylesheets.
-	 *
-	 * @param policy
-	 *            the policy to use
-	 * @param embeddedStyleSheets
-	 *            the queue of stylesheets imported
-	 * @param errorMessages
-	 *            the List of error messages to add error messages too if there are errors
-	 * @param tagName
-	 *            the tag name associated with this inline style
-	 * @param messages
-	 *            the error message bundle to pull from
-	 *
-	 * @deprecated The embeddedStyleSheets List parameter is removed in the newer version of
-	 * this constructor as the handler has its own internal list that can be accessed through
-	 * the getImportedStylesheetsURIList() method.
-	 */
-	@Deprecated
-	public CssHandler(Policy policy, LinkedList<URI> embeddedStyleSheets,
-					  List<String> errorMessages, String tagName, ResourceBundle messages) {
 		assert policy instanceof InternalPolicy : policy.getClass();
 		this.policy = (InternalPolicy) policy;
 		this.errorMessages = errorMessages;
 		this.messages = messages;
 		this.validator = new CssValidator(policy);
 		// Create a queue of all style sheets that need to be validated to
 		// account for any sheets that may be imported by the current CSS
-		this.importedStyleSheets = (embeddedStyleSheets != null ? embeddedStyleSheets : new LinkedList<URI>());
+		this.importedStyleSheets = new LinkedList<URI>();
 		this.tagName = tagName;
 		this.isInline = (tagName != null);
 	}

src/main/java/org/owasp/validator/html/Policy.java

@@ -386,6 +386,7 @@ private static InputStream toByteArrayStream(InputStream in) throws PolicyExcept
 
     private static Element getDocumentElementFromSource(InputSource source, boolean schemaValidationEnabled)
             throws ParserConfigurationException, SAXException, IOException {
+    	// FIXME: remove boolean schemaValidationEnabled from this API and refactor all callers. 
 
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 
@@ -397,11 +398,10 @@ private static Element getDocumentElementFromSource(InputSource source, boolean
         dbf.setFeature(DISALLOW_DOCTYPE_DECL, true);
         dbf.setFeature(LOAD_EXTERNAL_DTD, false);
 
-        if (schemaValidationEnabled) {
-            getPolicySchema();
-            dbf.setNamespaceAware(true);
-            dbf.setSchema(schema);
-        }
+    	// Schema validation is always required now. So turn it on.
+        getPolicySchema();
+        dbf.setNamespaceAware(true);
+        dbf.setSchema(schema);
 
         DocumentBuilder db = dbf.newDocumentBuilder();
         db.setErrorHandler(new SAXErrorHandler());

src/main/java/org/owasp/validator/html/TagMatcher.java

@@ -43,9 +43,9 @@ public TagMatcher(Iterable<String> allowedValues) {
     /**
      * Examines if this tag matches the values in this matcher.
      *
-     * Please note that this is case-insensitive, which is ok for html and xhtml, but not really for xml
+     * Please note that this is case-insensitive, which is OK for HTML, but not really for XML
      * @param tagName The tag name to look for
-     * @return true if the tag name matches this mach
+     * @return true if the tag name matches this matcher
      */
     public boolean matches(String tagName) {
         return allowedLowercase.contains(tagName.toLowerCase());

src/test/java/org/owasp/validator/html/test/AntiSamyTest.java

@@ -1502,10 +1502,8 @@ public void testGithubIssue81() throws ScanException, PolicyException {
     public void entityReferenceEncodedInHtmlAttribute() throws ScanException, PolicyException {
         // Concern is that "&" is not being encoded and "#00058" was not being interpreted as ":"
         // so the validations based on regexp passed and a browser would load "&:" together.
-        // All this when not using the XHTML serializer.
 
         // UPDATE:  Using a new HTML parser library starts decoding entities like #00058
-        // UPDATE 2: XHTML is no longer used
         assertThat(as.scan("<p><a href=\"javascript&#00058x=1,%61%6c%65%72%74%28%22%62%6f%6f%6d%22%29\">xss</a></p>", policy, AntiSamy.DOM).getCleanHTML(),
                 not(containsString("javascript")));
         assertThat(as.scan("<p><a href=\"javascript&#00058x=1,%61%6c%65%72%74%28%22%62%6f%6f%6d%22%29\">xss</a></p>", policy, AntiSamy.SAX).getCleanHTML(),