fixed links in docs

Author: mikesamuel

README.md

@@ -9,20 +9,20 @@ are only needed by the test suite.  The JSR 305 dependency is a
 compile-only dependency, only needed for annotations. 
 
 This code was written with security best practices in mind, has an
-extensive test suite, and has undergone [adversarial security review](AttackReviewGroundRules).
+extensive test suite, and has undergone [adversarial security review](tree/master/docs/attack_review_ground_rules.md).
 
 ----
 
-[Getting Started](GettingStarted) includes instructions on how to get started with or without Maven.
+[Getting Started](tree/master/docs/getting_started.md) includes instructions on how to get started with or without Maven.
 
-You can use [prepackaged policies](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/Sanitizers.html):
+You can use [prepackaged policies](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/Sanitizers.html):
 
 ```Java
 PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
 String safeHTML = policy.sanitize(untrustedHTML);
 ```
 
-or the [tests](http://code.google.com/p/owasp-java-html-sanitizer/source/browse/trunk/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java) show how to configure your own [policy](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/HtmlPolicyBuilder.html):
+or the [tests](https://github.com/OWASP/java-html-sanitizer/tree/master/src/tests/org/owasp/html/HtmlPolicyBuilderTest.java) show how to configure your own [policy](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/HtmlPolicyBuilder.html):
 
 ```Java
 PolicyFactory policy = new HtmlPolicyBuilder()
@@ -34,7 +34,7 @@ PolicyFactory policy = new HtmlPolicyBuilder()
 String safeHTML = policy.sanitize(untrustedHTML);
 ```
 
-or you can write [custom policies](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/ElementPolicy.html) to do things like changing `h1`s to `div`s with a certain class:
+or you can write [custom policies](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/ElementPolicy.html) to do things like changing `h1`s to `div`s with a certain class:
 
 ```Java
 PolicyFactory policy = new HtmlPolicyBuilder()
@@ -53,8 +53,8 @@ String safeHTML = policy.sanitize(untrustedHTML);
 
 ----
 
-Subscribe to the [mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support) to be notified of known [Vulnerabilities](Vulnerabilities).  If you wish to report a vulnerability, please see [AttackReviewGroundRules](AttackReviewGroundRules).
+Subscribe to the [mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support) to be notified of known [Vulnerabilities](tree/master/docs/vulnerabilities.md).  If you wish to report a vulnerability, please see [AttackReviewGroundRules](tree/master/docs/attack_review_ground_rules.md).
 
 ----
 
-[Thanks to everyone who has helped with criticism and code](Credits)
+[Thanks to everyone who has helped with criticism and code](tree/master/docs/credits.md)

docs/attack_review_ground_rules.md

@@ -3,7 +3,7 @@
 
 # Attack Review Ground Rules 
 
-Please take a look at [http://canyouxssthis.com/HTMLSanitizer](http://canyouxssthis.com/HTMLSanitizer).  That page includes a form that allows you to try out attacks against a sanitizer that implements the AntiSAMY [Ebay policy example](http://code.google.com/p/owasp-java-html-sanitizer/source/browse/trunk/src/main/org/owasp/html/examples/EbayPolicyExample.java).
+Please take a look at [http://canyouxssthis.com/HTMLSanitizer](http://canyouxssthis.com/HTMLSanitizer).  That page includes a form that allows you to try out attacks against a sanitizer that implements the AntiSAMY [Ebay policy example](https://github.com/OWASP/java-html-sanitizer/tree/master/src/main/org/owasp/html/examples/EbayPolicyExample.java).
 
 Enter an attack payload in that form, and it will be reflected back to you.  For example, if you enter `<b>Hello</b>, <i>World!</i>` you should see "**Hello**, _World!_" upon submitting the form.  If you want to see the actual HTML produced, just view source.
 
@@ -25,10 +25,10 @@ If you are the first to provide me with a payload that does any of the following
 
 This is not an exhaustive list and creative attacks are welcome.
 
-If you find the web interface cumbersome, feel free to download and test the sanitizer directly.  See [GettingStarted](GettingStarted) for instructions.
+If you find the web interface cumbersome, feel free to download and test the sanitizer directly.  See [GettingStarted](getting_started.md) for instructions.
 
 ## Reporting Vulnerabilities 
-Please report successful attacks with example input via [the issue tracker](http://code.google.com/p/owasp-java-html-sanitizer/issues/entry).
+Please report successful attacks with example input via [the issue tracker](https://github.com/OWASP/java-html-sanitizer/issues/new).
 
 If you believe the issue might affect production systems, please file the issue with the label `Private`.
 

docs/cve20114457.md

@@ -3,21 +3,27 @@
 
 #CVE-2011-4457
 
-A vulnerability in the [OWASP HTML Sanitizer](http://code.google.com/p/owasp-java-html-sanitizer/)
+A vulnerability in the
+[OWASP HTML Sanitizer](https://github.com/OWASP/java-html-sanitizer)
+
 allows redirecting or POSTing to an arbitrary URL when the user
 interacts with sanitized content and when JavaScript is disabled.
 
-It also allows inclusion of links without "[rel=nofollow](http://microformats.org/wiki/rel-nofollow)" when JavaScript is disabled.
-Crawlers that respect `nofollow` and which look for links inside `<noscript>...</noscript>` could conclude a containing page has link-spam.
+It also allows inclusion of links without
+"[rel=nofollow](http://microformats.org/wiki/rel-nofollow)" when
+JavaScript is disabled.
+
+Crawlers that respect `nofollow` and which look for links inside
+`<noscript>...</noscript>` could conclude a containing page has
+link-spam.
 
 Due to the constrained circumstances and the fact that it does not
 allow exfiltration of data protected by the same-origin policy it is
 considered low risk.  For policies that allow external links, the
 escalation of privilege only includes POSTing, possibly including
 upload of files chosen by the user.
 
-We recommend upgrading to [release 88](http://code.google.com/p/owasp-java-html-sanitizer/source/detail?r=88) or later available via
-[downloads](http://code.google.com/p/owasp-java-html-sanitizer/downloads/list)
+We recommend upgrading to release 88 or later available
 which does not break API compatibility with the previous release.
 
 The project CHANGE log is available at
@@ -36,7 +42,9 @@ The attack hinges on the way `<noscript>` was parsed and rendered.
 </noscript>
 ```
 
-will POST `x=y` to `http://evil.org/` when the submit button is pressed
-and when the user has javascript turned off as when running the NoScript extension.
+will POST `x=y` to `http://evil.org/` when the submit button is
+pressed and when the user has javascript turned off as when running
+the NoScript extension.
 
-The POST will carry user credentials so a vulnerable page can be used to initiate XSRF against vulnerable servers.
+The POST will carry user credentials so a vulnerable page can be used
+to initiate XSRF against vulnerable servers.

docs/getting_started.md

@@ -5,9 +5,9 @@
 
 ## Getting the JARs 
 
-If you are using Maven then follow the [maven](Maven) directions to add a dependency.  Otherwise, [download prebuilt jars](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/lib/) or [checkout](http://code.google.com/p/owasp-java-html-sanitizer/source/checkout) and build the latest source.
+If you are using Maven then follow the [maven](maven.md) directions to add a dependency.  Otherwise, [download prebuilt jars](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/lib/) or [checkout](git@github.com:OWASP/java-html-sanitizer.git) and build the latest source.
 
-Unless maven is managing your [CLASSPATH](http://download.oracle.com/javase/1.3/docs/tooldocs/win32/classpath.html) for you, you need to add both `owasp-java-html-sanitizer.jar` and the Guava JAR.
+Unless maven is managing your [CLASSPATH](http://download.oracle.com//javase/1.3/docs/tooldocs/win32/classpath.html) for you, you need to add both `owasp-java-html-sanitizer.jar` and the Guava JAR.
 
 Once you have your CLASSPATH set up correctly with the relevant JARs you should be able to add
 
@@ -19,18 +19,18 @@ to one of your project's `.java` files and compile it.
 
 ## Using the APIs 
 
-The [examples](http://code.google.com/p/owasp-java-html-sanitizer/source/browse/trunk/#trunk%2Fsrc%2Fmain%2Forg%2Fowasp%2Fhtml%2Fexamples) include source code which defines a sanitization policy, and applies it to HTML.
+The [examples](https://github.com/OWASP/java-html-sanitizer/tree/master/#trunk%2Fsrc%2Fmain%2Forg%2Fowasp%2Fhtml%2Fexamples) include source code which defines a sanitization policy, and applies it to HTML.
 
-The [javadoc](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/index.html) covers more detailed topics, including [customization](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/HtmlPolicyBuilder.html).
+The [javadoc](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/index.html) covers more detailed topics, including [customization](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/HtmlPolicyBuilder.html).
 
 Important classes are:
 
-  * [Sanitizers](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
-  * [HtmlPolicyBuilder](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
+  * [Sanitizers](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/Sanitizers.html) contains combinable pre-packaged policies.
+  * [HtmlPolicyBuilder](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/HtmlPolicyBuilder.html) lets you easily build custom policies.
 
 For advanced use, see:
-  * [AttributePolicy](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/AttributePolicy.html) and [ElementPolicy](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/ElementPolicy.html) allow complex customization.
-  * [HtmlStreamEventReceiver](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
+  * [AttributePolicy](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/AttributePolicy.html) and [ElementPolicy](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/ElementPolicy.html) allow complex customization.
+  * [HtmlStreamEventReceiver](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/org/owasp/html/HtmlStreamEventReceiver.html) if you don't just want a `String` as output.
 
 ## Asking Questions 
 

docs/maven.md

@@ -17,8 +17,8 @@ Including among your POMs `<dependencies>` this snippet of XML
 
 will make the sanitizer available.
 
-Be sure to change the [version](http://docs.codehaus.org/display/MAVEN/Dependency+Mediation+and+Conflict+Resolution#DependencyMediationandConflictResolution-DependencyVersionRanges) to a range suitable to your project.  There are no unstable releases in maven.  Bigger numbers are more recent and the [change log](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/CHANGE_LOG.html) can shed light on the salient differences.
+Be sure to change the [version](http://docs.codehaus.org/display/MAVEN/Dependency+Mediation+and+Conflict+Resolution#DependencyMediationandConflictResolution-DependencyVersionRanges) to a range suitable to your project.  There are no unstable releases in maven.  Bigger numbers are more recent and the [change log](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/CHANGE_LOG.html) can shed light on the salient differences.
 
-You should be able to build with the HTML sanitizer.  You can peruse the [javadoc](http://owasp-java-html-sanitizer.googlecode.com/svn/trunk/distrib/javadoc/index.html), and if you have questions that aren't answered by these wiki pages, you can ask on the [mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support).
+You should be able to build with the HTML sanitizer.  You can peruse the [javadoc](https://rawgit.com/OWASP/java-html-sanitizer/tree/master/distrib/javadoc/index.html), and if you have questions that aren't answered by these wiki pages, you can ask on the [mailing list](http://groups.google.com/group/owasp-java-html-sanitizer-support).
 
 Happy sanitizing...

docs/side_bar.md

@@ -1,2 +1,2 @@
-  * [GettingStarted](GettingStarted)
-  * [Maven](Maven)
+  * [GettingStarted](getting_started.md)
+  * [Maven](maven.md)

docs/vulnerabilities.md

@@ -3,4 +3,4 @@
 
 ## Known & public vulnerabilities in this project 
 
-  * [CVE-2011-4457](CVE20114457) - 17 Nov. 2011 - Recommend upgrade to r88 or later.
+  * [CVE-2011-4457](cve20114457.md) - 17 Nov. 2011 - Recommend upgrade to r88 or later.