Class HtmlSanitizerServiceImpl
- java.lang.Object
-
- org.nuxeo.runtime.model.DefaultComponent
-
- org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerServiceImpl
-
- All Implemented Interfaces:
HtmlSanitizerService
,Adaptable
,Component
,Extensible
,TimestampedService
public class HtmlSanitizerServiceImpl extends DefaultComponent implements HtmlSanitizerService
Service that sanitizes some HMTL fields to remove potential cross-site scripting attacks in them.
-
-
Field Summary
Fields Modifier and Type Field Description LinkedList<HtmlSanitizerAntiSamyDescriptor>
allPolicies
All policies registered.List<HtmlSanitizerDescriptor>
allSanitizers
All sanitizers registered.static String
ANTISAMY_XP
org.owasp.html.PolicyFactory
policy
Effective policy.static String
SANITIZER_XP
List<HtmlSanitizerDescriptor>
sanitizers
Effective sanitizers.-
Fields inherited from class org.nuxeo.runtime.model.DefaultComponent
lastModified, name
-
-
Constructor Summary
Constructors Constructor Description HtmlSanitizerServiceImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
addAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)
protected void
addSanitizer(HtmlSanitizerDescriptor desc)
protected List<HtmlSanitizerDescriptor>
getSanitizers()
protected void
initializeBuilder(org.owasp.html.HtmlPolicyBuilder builder)
protected void
refreshPolicy()
protected void
refreshSanitizers()
void
registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
protected void
removeAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)
protected void
removeSanitizer(HtmlSanitizerDescriptor desc)
void
sanitizeDocument(DocumentModel doc)
Sanitizes a document's fields, depending on the service configuration.String
sanitizeString(String string, String info)
Sanitizes a string.void
unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
-
Methods inherited from class org.nuxeo.runtime.model.DefaultComponent
activate, addRuntimeMessage, addRuntimeMessage, deactivate, getAdapter, getDescriptor, getDescriptors, getLastModified, getRegistry, register, registerExtension, setLastModified, setModifiedNow, setName, start, stop, unregister, unregisterExtension
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.nuxeo.runtime.model.Component
applicationStarted, getApplicationStartedOrder
-
-
-
-
Field Detail
-
ANTISAMY_XP
public static final String ANTISAMY_XP
- See Also:
- Constant Field Values
-
SANITIZER_XP
public static final String SANITIZER_XP
- See Also:
- Constant Field Values
-
allPolicies
public LinkedList<HtmlSanitizerAntiSamyDescriptor> allPolicies
All policies registered.
-
policy
public org.owasp.html.PolicyFactory policy
Effective policy.
-
allSanitizers
public List<HtmlSanitizerDescriptor> allSanitizers
All sanitizers registered.
-
sanitizers
public List<HtmlSanitizerDescriptor> sanitizers
Effective sanitizers.
-
-
Constructor Detail
-
HtmlSanitizerServiceImpl
public HtmlSanitizerServiceImpl()
-
-
Method Detail
-
registerContribution
public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
- Overrides:
registerContribution
in classDefaultComponent
-
unregisterContribution
public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
- Overrides:
unregisterContribution
in classDefaultComponent
-
addAntiSamy
protected void addAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)
-
removeAntiSamy
protected void removeAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)
-
refreshPolicy
protected void refreshPolicy()
-
initializeBuilder
protected void initializeBuilder(org.owasp.html.HtmlPolicyBuilder builder)
-
addSanitizer
protected void addSanitizer(HtmlSanitizerDescriptor desc)
-
removeSanitizer
protected void removeSanitizer(HtmlSanitizerDescriptor desc)
-
refreshSanitizers
protected void refreshSanitizers()
-
getSanitizers
protected List<HtmlSanitizerDescriptor> getSanitizers()
-
sanitizeDocument
public void sanitizeDocument(DocumentModel doc)
Description copied from interface:HtmlSanitizerService
Sanitizes a document's fields, depending on the service configuration.- Specified by:
sanitizeDocument
in interfaceHtmlSanitizerService
-
sanitizeString
public String sanitizeString(String string, String info)
Description copied from interface:HtmlSanitizerService
Sanitizes a string.- Specified by:
sanitizeString
in interfaceHtmlSanitizerService
- Parameters:
string
- the string to sanitizeinfo
- additional info logged when something is sanitized- Returns:
- the sanitized string
-
-