org.nuxeo.ecm.platform.htmlsanitizer
Class HtmlSanitizerServiceImpl

java.lang.Object
  org.nuxeo.runtime.model.DefaultComponent
      org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerServiceImpl

All Implemented Interfaces:

HtmlSanitizerService, Adaptable, Component, Extensible

public class HtmlSanitizerServiceImpl
extends DefaultComponent
implements HtmlSanitizerService

Service that sanitizes some HMTL fields to remove potential cross-site scripting attacks in them.

Field Summary

java.util.LinkedList<HtmlSanitizerAntiSamyDescriptor>	allPolicies All policies registered.
java.util.List<HtmlSanitizerDescriptor>	allSanitizers All sanitizers registered.
static java.lang.String	ANTISAMY_XP
org.owasp.validator.html.Policy	policy Effective policy.
static java.lang.String	SANITIZER_XP
java.util.List<HtmlSanitizerDescriptor>	sanitizers Effective sanitizers.

Constructor Summary

HtmlSanitizerServiceImpl()

Method Summary

void	registerContribution(java.lang.Object contribution, java.lang.String extensionPoint, ComponentInstance contributor)
void	sanitizeDocument(DocumentModel doc) Sanitizes a document's fields, depending on the service configuration.
java.lang.String	sanitizeString(java.lang.String string, java.lang.String info) Sanitizes a string.
void	unregisterContribution(java.lang.Object contribution, java.lang.String extensionPoint, ComponentInstance contributor)

Methods inherited from class org.nuxeo.runtime.model.DefaultComponent

activate, deactivate, getAdapter, registerExtension, unregisterExtension

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ANTISAMY_XP

public static final java.lang.String ANTISAMY_XP

See Also:

Constant Field Values

SANITIZER_XP

public static final java.lang.String SANITIZER_XP

See Also:

Constant Field Values

allPolicies

public java.util.LinkedList<HtmlSanitizerAntiSamyDescriptor> allPolicies

All policies registered.

policy

public org.owasp.validator.html.Policy policy

Effective policy.

allSanitizers

public java.util.List<HtmlSanitizerDescriptor> allSanitizers

All sanitizers registered.

sanitizers

public java.util.List<HtmlSanitizerDescriptor> sanitizers

Effective sanitizers.

Constructor Detail

HtmlSanitizerServiceImpl

public HtmlSanitizerServiceImpl()

Method Detail

registerContribution

public void registerContribution(java.lang.Object contribution,
                                 java.lang.String extensionPoint,
                                 ComponentInstance contributor)

Overrides:

registerContribution in class DefaultComponent

unregisterContribution

public void unregisterContribution(java.lang.Object contribution,
                                   java.lang.String extensionPoint,
                                   ComponentInstance contributor)

Overrides:

unregisterContribution in class DefaultComponent

sanitizeDocument

public void sanitizeDocument(DocumentModel doc)
                      throws ClientException

Description copied from interface: HtmlSanitizerService

Sanitizes a document's fields, depending on the service configuration.

Specified by:

sanitizeDocument in interface HtmlSanitizerService

Throws:

ClientException

sanitizeString

public java.lang.String sanitizeString(java.lang.String string,
                                       java.lang.String info)

Description copied from interface: HtmlSanitizerService

Sanitizes a string.

Specified by:

sanitizeString in interface HtmlSanitizerService

Parameters:

string - the string to sanitize

info - additional info logged when something is sanitized

Returns:

the sanitized string