Package org.apache.sling.xss.impl
Class XSSFilterImpl
- java.lang.Object
-
- org.apache.sling.xss.impl.XSSFilterImpl
-
- All Implemented Interfaces:
XSSFilter
public class XSSFilterImpl extends Object implements XSSFilter
This class implements theXSSFilterusing the Antisamy XSS protection library found at http://code.google.com/p/owaspantisamy/.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description classXSSFilterImpl.AntiSamyPolicy
-
Field Summary
Fields Modifier and Type Field Description static StringALPHAstatic StringAUTHORITYstatic StringDEC_OCTETstatic StringFRAGMENTstatic StringH16static StringHEX_DIGITstatic StringHIER_PARTstatic StringHOSTstatic StringIP_LITERALstatic StringIPv4_ADDRESSstatic StringIPv6_ADDRESSstatic StringLS32static StringPATH_ABEMPTYstatic StringPATH_ABSOLUTEstatic StringPATH_EMPTYstatic StringPATH_NOSCHEMEstatic StringPATH_ROOTLESSstatic StringPCHARstatic StringPCT_ENCODEDstatic StringPORTstatic StringQUERYstatic StringREG_NAMEstatic StringRELATIVE_PARTstatic StringRELATIVE_REFstatic StringSCHEME_PATTERNstatic StringSEGMENT_NZstatic StringSEGMENT_NZ_NCstatic StringSUB_DELIMSstatic StringUNRESERVED_CHARACTERSstatic StringURIstatic StringUSER_INFO-
Fields inherited from interface org.apache.sling.xss.XSSFilter
DEFAULT_CONTEXT
-
-
Constructor Summary
Constructors Constructor Description XSSFilterImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidactivate(org.osgi.service.component.ComponentContext componentContext, org.apache.sling.xss.impl.XSSFilterImpl.Configuration configuration)booleancheck(ProtectionContext context, String src)Indicates whether or not a given source string contains XSS policy violations.protected voiddeactivate()Stringfilter(String src)Prevents the given source string from containing XSS stuff.Stringfilter(ProtectionContext context, String src)Protects the given source string from containing XSS stuff.XSSFilterImpl.AntiSamyPolicygetActivePolicy()booleanisValidHref(String url)Checks if the given URL is valid to be used for thehrefattribute in aatag.
-
-
-
Field Detail
-
ALPHA
public static final String ALPHA
- See Also:
- Constant Field Values
-
HEX_DIGIT
public static final String HEX_DIGIT
- See Also:
- Constant Field Values
-
PCT_ENCODED
public static final String PCT_ENCODED
- See Also:
- Constant Field Values
-
UNRESERVED_CHARACTERS
public static final String UNRESERVED_CHARACTERS
- See Also:
- Constant Field Values
-
SUB_DELIMS
public static final String SUB_DELIMS
- See Also:
- Constant Field Values
-
REG_NAME
public static final String REG_NAME
- See Also:
- Constant Field Values
-
PCHAR
public static final String PCHAR
- See Also:
- Constant Field Values
-
DEC_OCTET
public static final String DEC_OCTET
- See Also:
- Constant Field Values
-
H16
public static final String H16
- See Also:
- Constant Field Values
-
IPv4_ADDRESS
public static final String IPv4_ADDRESS
- See Also:
- Constant Field Values
-
LS32
public static final String LS32
- See Also:
- Constant Field Values
-
IPv6_ADDRESS
public static final String IPv6_ADDRESS
- See Also:
- Constant Field Values
-
IP_LITERAL
public static final String IP_LITERAL
- See Also:
- Constant Field Values
-
PORT
public static final String PORT
- See Also:
- Constant Field Values
-
HOST
public static final String HOST
- See Also:
- Constant Field Values
-
USER_INFO
public static final String USER_INFO
- See Also:
- Constant Field Values
-
AUTHORITY
public static final String AUTHORITY
- See Also:
- Constant Field Values
-
SCHEME_PATTERN
public static final String SCHEME_PATTERN
- See Also:
- Constant Field Values
-
FRAGMENT
public static final String FRAGMENT
- See Also:
- Constant Field Values
-
QUERY
public static final String QUERY
- See Also:
- Constant Field Values
-
SEGMENT_NZ
public static final String SEGMENT_NZ
- See Also:
- Constant Field Values
-
SEGMENT_NZ_NC
public static final String SEGMENT_NZ_NC
- See Also:
- Constant Field Values
-
PATH_ABEMPTY
public static final String PATH_ABEMPTY
- See Also:
- Constant Field Values
-
PATH_ABSOLUTE
public static final String PATH_ABSOLUTE
- See Also:
- Constant Field Values
-
PATH_NOSCHEME
public static final String PATH_NOSCHEME
- See Also:
- Constant Field Values
-
PATH_ROOTLESS
public static final String PATH_ROOTLESS
- See Also:
- Constant Field Values
-
PATH_EMPTY
public static final String PATH_EMPTY
- See Also:
- Constant Field Values
-
RELATIVE_PART
public static final String RELATIVE_PART
- See Also:
- Constant Field Values
-
HIER_PART
public static final String HIER_PART
- See Also:
- Constant Field Values
-
RELATIVE_REF
public static final String RELATIVE_REF
- See Also:
- Constant Field Values
-
URI
public static final String URI
- See Also:
- Constant Field Values
-
-
Method Detail
-
check
public boolean check(ProtectionContext context, String src)
Description copied from interface:XSSFilterIndicates whether or not a given source string contains XSS policy violations.
-
filter
public String filter(String src)
Description copied from interface:XSSFilterPrevents the given source string from containing XSS stuff.The default protection context is used for checking.
-
filter
public String filter(ProtectionContext context, String src)
Description copied from interface:XSSFilterProtects the given source string from containing XSS stuff.
-
isValidHref
public boolean isValidHref(String url)
Description copied from interface:XSSFilterChecks if the given URL is valid to be used for thehrefattribute in aatag.The default protection context is used for checking.
- Specified by:
isValidHrefin interfaceXSSFilter- Parameters:
url- the URL that should be validated- Returns:
- true if the URL is violation-free
-
getActivePolicy
public XSSFilterImpl.AntiSamyPolicy getActivePolicy()
-
activate
protected void activate(org.osgi.service.component.ComponentContext componentContext, org.apache.sling.xss.impl.XSSFilterImpl.Configuration configuration)
-
deactivate
protected void deactivate()
-
-