public class XSSFilterImpl extends Object implements XSSFilter
XSSFilter using the Antisamy XSS protection library found at
http://code.google.com/p/owaspantisamy/.| Modifier and Type | Class and Description |
|---|---|
class |
XSSFilterImpl.AntiSamyPolicy |
| Modifier and Type | Field and Description |
|---|---|
static String |
ALPHA |
static String |
AUTHORITY |
static String |
DEC_OCTET |
static String |
FRAGMENT |
static String |
H16 |
static String |
HEX_DIGIT |
static String |
HIER_PART |
static String |
HOST |
static String |
IP_LITERAL |
static String |
IPv4_ADDRESS |
static String |
IPv6_ADDRESS |
static String |
LS32 |
static String |
PATH_ABEMPTY |
static String |
PATH_ABSOLUTE |
static String |
PATH_EMPTY |
static String |
PATH_NOSCHEME |
static String |
PATH_ROOTLESS |
static String |
PCHAR |
static String |
PCT_ENCODED |
static String |
PORT |
static String |
QUERY |
static String |
REG_NAME |
static String |
RELATIVE_PART |
static String |
RELATIVE_REF |
static String |
SCHEME_PATTERN |
static String |
SEGMENT_NZ |
static String |
SEGMENT_NZ_NC |
static String |
SUB_DELIMS |
static String |
UNRESERVED_CHARACTERS |
static String |
URI |
static String |
USER_INFO |
DEFAULT_CONTEXT| Constructor and Description |
|---|
XSSFilterImpl() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
activate(org.osgi.service.component.ComponentContext componentContext,
org.apache.sling.xss.impl.XSSFilterImpl.Configuration configuration) |
boolean |
check(ProtectionContext context,
String src)
Indicates whether or not a given source string contains XSS policy violations.
|
protected void |
deactivate() |
String |
filter(ProtectionContext context,
String src)
Protects the given source string from containing XSS stuff.
|
String |
filter(String src)
Prevents the given source string from containing XSS stuff.
|
XSSFilterImpl.AntiSamyPolicy |
getActivePolicy() |
boolean |
isValidHref(String url)
Checks if the given URL is valid to be used for the
href attribute in a a tag. |
public static final String ALPHA
public static final String HEX_DIGIT
public static final String PCT_ENCODED
public static final String UNRESERVED_CHARACTERS
public static final String SUB_DELIMS
public static final String REG_NAME
public static final String PCHAR
public static final String DEC_OCTET
public static final String H16
public static final String IPv4_ADDRESS
public static final String LS32
public static final String IPv6_ADDRESS
public static final String IP_LITERAL
public static final String PORT
public static final String HOST
public static final String USER_INFO
public static final String AUTHORITY
public static final String SCHEME_PATTERN
public static final String FRAGMENT
public static final String QUERY
public static final String SEGMENT_NZ
public static final String SEGMENT_NZ_NC
public static final String PATH_ABEMPTY
public static final String PATH_ABSOLUTE
public static final String PATH_NOSCHEME
public static final String PATH_ROOTLESS
public static final String PATH_EMPTY
public static final String RELATIVE_PART
public static final String HIER_PART
public static final String RELATIVE_REF
public static final String URI
public boolean check(ProtectionContext context, String src)
XSSFilterpublic String filter(String src)
XSSFilterThe default protection context is used for checking.
public String filter(ProtectionContext context, String src)
XSSFilterpublic boolean isValidHref(String url)
XSSFilterhref attribute in a a tag.
The default protection context is used for checking.
isValidHref in interface XSSFilterurl - the URL that should be validatedpublic XSSFilterImpl.AntiSamyPolicy getActivePolicy()
protected void activate(org.osgi.service.component.ComponentContext componentContext,
org.apache.sling.xss.impl.XSSFilterImpl.Configuration configuration)
protected void deactivate()
Copyright © 2007–2021 The Apache Software Foundation. All rights reserved.