Package com.day.cq.xss

Interface XSSProtectionService

@Deprecated public interface XSSProtectionService
Deprecated.
Use the XSSFilter instead.
This interface must be implemented by all services that can be used for preventing XSS attacks.

  • Method Details

    • invalidatePolicy

      @Deprecated void invalidatePolicy(String policyPath)
      Deprecated.
      Invalidates the given policy.

      This is used to declare cached policies as invalid and enforce reloading when protectFromXss() is called the next time.

      Invalidating policies manually is not necessary anymore, as changes get detetcted automatically since CQ 5.4.

      Parameters:
      policyPath - policy path (as used for protectFromXSS()) to invalidate

    • protectFromXSS

      String protectFromXSS(String src) throws XSSProtectionException
      Deprecated.
      Prevents the given source string from containing XSS stuff.

      The default policy is used for checking.

      Parameters:
      src - source string
      Returns:
      string that does not contain XSS stuff
      Throws:
      XSSProtectionException - if loading the default policy or scanning the source string didn't succeed.

    • protectFromXSS

      String protectFromXSS(String src, String policyPath) throws XSSProtectionException
      Deprecated.
      Protects the given source string from containing XSS stuff.

      The default policy is used for checking.

      Parameters:
      src - source string
      policyPath - path to policy configuration node; the default configuration will be taken if this parameter is set to null
      Returns:
      string that does not contain XSS stuff
      Throws:
      XSSProtectionException - if loading the given policy or scanning the source string didn't succeed.

    • protectForContext

      String protectForContext(ProtectionContext context, String src, String policyPath) throws XSSProtectionException
      Deprecated.
      Protected the given source string from containing XSS stuff, considering the specified protection context.

      For more information about protection contexts, see ProtectionContext and http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

      Parameters:
      context - The protection context
      src - The string to protect
      policyPath - The path to a configuration node that contains the policy to be used (dependant on the protection context); null to use the default policy.
      Returns:
      The protected String
      Throws:
      XSSProtectionException - if loading the policy or scanning the source does not succeed
      Since:
      5.4

    • protectForContext

      String protectForContext(ProtectionContext context, String src) throws XSSProtectionException
      Deprecated.
      Protected the given source string from containing XSS stuff, considering the specified protection context.

      For more information about protection contexts, see ProtectionContext and http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

      Parameters:
      context - The protection context
      src - The string to protect
      Returns:
      The protected String
      Throws:
      XSSProtectionException - if loading the policy or scanning the source does not succeed
      Since:
      5.4