@Service(value={org.apache.sling.api.resource.observation.ResourceChangeListener.class,XSSFilter.class}) @Property(name="resource.change.types",value={"ADDED","CHANGED","REMOVED"}) @Property(name="resource.paths",value="sling/xss/config.xml") public class XSSFilterImpl extends Object implements XSSFilter, org.apache.sling.api.resource.observation.ResourceChangeListener, org.apache.sling.api.resource.observation.ExternalResourceChangeListener
XSSFilter
using the Antisamy XSS protection library found at
http://code.google.com/p/owaspantisamy/.Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_POLICY_PATH |
DEFAULT_CONTEXT
Constructor and Description |
---|
XSSFilterImpl() |
Modifier and Type | Method and Description |
---|---|
protected void |
activate() |
boolean |
check(ProtectionContext context,
String src)
Indicates whether or not a given source string contains XSS policy violations.
|
boolean |
check(ProtectionContext context,
String src,
String policy) |
String |
filter(ProtectionContext context,
String src)
Protects the given source string from containing XSS stuff.
|
String |
filter(ProtectionContext context,
String src,
String policy) |
String |
filter(String src)
Prevents the given source string from containing XSS stuff.
|
boolean |
hasPolicy(String policyName) |
boolean |
isValidHref(String url)
Checks if the given URL is valid to be used for the
href attribute in a a tag. |
void |
loadPolicy(String policyName,
InputStream policyStream) |
void |
onChange(List<org.apache.sling.api.resource.observation.ResourceChange> resourceChanges) |
void |
resetDefaultPolicy() |
void |
setDefaultPolicy(InputStream policyStream) |
void |
unloadPolicy(String policyName) |
public static final String DEFAULT_POLICY_PATH
public void onChange(List<org.apache.sling.api.resource.observation.ResourceChange> resourceChanges)
onChange
in interface org.apache.sling.api.resource.observation.ResourceChangeListener
public boolean check(ProtectionContext context, String src)
XSSFilter
public String filter(String src)
XSSFilter
The default protection context is used for checking.
public String filter(ProtectionContext context, String src)
XSSFilter
@Activate protected void activate()
public boolean check(ProtectionContext context, String src, String policy)
public String filter(ProtectionContext context, String src, String policy)
public void setDefaultPolicy(InputStream policyStream) throws Exception
Exception
public void resetDefaultPolicy()
public void loadPolicy(String policyName, InputStream policyStream) throws Exception
Exception
public void unloadPolicy(String policyName)
public boolean hasPolicy(String policyName)
public boolean isValidHref(String url)
XSSFilter
href
attribute in a a
tag.
The default protection context is used for checking.
isValidHref
in interface XSSFilter
url
- the URL that should be validatedCopyright © 2007–2017 The Apache Software Foundation. All rights reserved.