Package org.apache.sling.xss.impl
Class XSSFilterImpl
- java.lang.Object
-
- org.apache.sling.xss.impl.XSSFilterImpl
-
- All Implemented Interfaces:
XSSFilter
public class XSSFilterImpl extends Object implements XSSFilter
This class implements theXSSFilter
using the Antisamy XSS protection library found at http://code.google.com/p/owaspantisamy/.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
XSSFilterImpl.AntiSamyPolicy
-
Field Summary
Fields Modifier and Type Field Description static String
ALPHA
static String
AUTHORITY
static String
DEC_OCTET
static String
FRAGMENT
static String
H16
static String
HEX_DIGIT
static String
HIER_PART
static String
HOST
static String
IP_LITERAL
static String
IPv4_ADDRESS
static String
IPv6_ADDRESS
static String
LS32
static String
PATH_ABEMPTY
static String
PATH_ABSOLUTE
static String
PATH_EMPTY
static String
PATH_NOSCHEME
static String
PATH_ROOTLESS
static String
PCHAR
static String
PCT_ENCODED
static String
PORT
static String
QUERY
static String
REG_NAME
static String
RELATIVE_PART
static String
RELATIVE_REF
static String
SCHEME_PATTERN
static String
SEGMENT_NZ
static String
SEGMENT_NZ_NC
static String
SUB_DELIMS
static String
UNRESERVED_CHARACTERS
static String
URI
static String
USER_INFO
-
Fields inherited from interface org.apache.sling.xss.XSSFilter
DEFAULT_CONTEXT
-
-
Constructor Summary
Constructors Constructor Description XSSFilterImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
activate(org.osgi.service.component.ComponentContext componentContext, org.apache.sling.xss.impl.XSSFilterImpl.Configuration configuration)
boolean
check(ProtectionContext context, String src)
Indicates whether or not a given source string contains XSS policy violations.protected void
deactivate()
String
filter(String src)
Prevents the given source string from containing XSS stuff.String
filter(ProtectionContext context, String src)
Protects the given source string from containing XSS stuff.XSSFilterImpl.AntiSamyPolicy
getActivePolicy()
boolean
isValidHref(String url)
Checks if the given URL is valid to be used for thehref
attribute in aa
tag.
-
-
-
Field Detail
-
ALPHA
public static final String ALPHA
- See Also:
- Constant Field Values
-
HEX_DIGIT
public static final String HEX_DIGIT
- See Also:
- Constant Field Values
-
PCT_ENCODED
public static final String PCT_ENCODED
- See Also:
- Constant Field Values
-
UNRESERVED_CHARACTERS
public static final String UNRESERVED_CHARACTERS
- See Also:
- Constant Field Values
-
SUB_DELIMS
public static final String SUB_DELIMS
- See Also:
- Constant Field Values
-
REG_NAME
public static final String REG_NAME
- See Also:
- Constant Field Values
-
PCHAR
public static final String PCHAR
- See Also:
- Constant Field Values
-
DEC_OCTET
public static final String DEC_OCTET
- See Also:
- Constant Field Values
-
H16
public static final String H16
- See Also:
- Constant Field Values
-
IPv4_ADDRESS
public static final String IPv4_ADDRESS
- See Also:
- Constant Field Values
-
LS32
public static final String LS32
- See Also:
- Constant Field Values
-
IPv6_ADDRESS
public static final String IPv6_ADDRESS
- See Also:
- Constant Field Values
-
IP_LITERAL
public static final String IP_LITERAL
- See Also:
- Constant Field Values
-
PORT
public static final String PORT
- See Also:
- Constant Field Values
-
HOST
public static final String HOST
- See Also:
- Constant Field Values
-
USER_INFO
public static final String USER_INFO
- See Also:
- Constant Field Values
-
AUTHORITY
public static final String AUTHORITY
- See Also:
- Constant Field Values
-
SCHEME_PATTERN
public static final String SCHEME_PATTERN
- See Also:
- Constant Field Values
-
FRAGMENT
public static final String FRAGMENT
- See Also:
- Constant Field Values
-
QUERY
public static final String QUERY
- See Also:
- Constant Field Values
-
SEGMENT_NZ
public static final String SEGMENT_NZ
- See Also:
- Constant Field Values
-
SEGMENT_NZ_NC
public static final String SEGMENT_NZ_NC
- See Also:
- Constant Field Values
-
PATH_ABEMPTY
public static final String PATH_ABEMPTY
- See Also:
- Constant Field Values
-
PATH_ABSOLUTE
public static final String PATH_ABSOLUTE
- See Also:
- Constant Field Values
-
PATH_NOSCHEME
public static final String PATH_NOSCHEME
- See Also:
- Constant Field Values
-
PATH_ROOTLESS
public static final String PATH_ROOTLESS
- See Also:
- Constant Field Values
-
PATH_EMPTY
public static final String PATH_EMPTY
- See Also:
- Constant Field Values
-
RELATIVE_PART
public static final String RELATIVE_PART
- See Also:
- Constant Field Values
-
HIER_PART
public static final String HIER_PART
- See Also:
- Constant Field Values
-
RELATIVE_REF
public static final String RELATIVE_REF
- See Also:
- Constant Field Values
-
URI
public static final String URI
- See Also:
- Constant Field Values
-
-
Method Detail
-
check
public boolean check(ProtectionContext context, String src)
Description copied from interface:XSSFilter
Indicates whether or not a given source string contains XSS policy violations.
-
filter
public String filter(String src)
Description copied from interface:XSSFilter
Prevents the given source string from containing XSS stuff.The default protection context is used for checking.
-
filter
public String filter(ProtectionContext context, String src)
Description copied from interface:XSSFilter
Protects the given source string from containing XSS stuff.
-
isValidHref
public boolean isValidHref(String url)
Description copied from interface:XSSFilter
Checks if the given URL is valid to be used for thehref
attribute in aa
tag.The default protection context is used for checking.
- Specified by:
isValidHref
in interfaceXSSFilter
- Parameters:
url
- the URL that should be validated- Returns:
- true if the URL is violation-free
-
getActivePolicy
public XSSFilterImpl.AntiSamyPolicy getActivePolicy()
-
activate
protected void activate(org.osgi.service.component.ComponentContext componentContext, org.apache.sling.xss.impl.XSSFilterImpl.Configuration configuration)
-
deactivate
protected void deactivate()
-
-