Class HtmlSanitizerServiceImpl
- java.lang.Object
-
- org.nuxeo.runtime.model.DefaultComponent
-
- org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerServiceImpl
-
- All Implemented Interfaces:
HtmlSanitizerService,Adaptable,Component,Extensible,TimestampedService
public class HtmlSanitizerServiceImpl extends DefaultComponent implements HtmlSanitizerService
Service that sanitizes some HMTL fields to remove potential cross-site scripting attacks in them.
-
-
Field Summary
Fields Modifier and Type Field Description LinkedList<HtmlSanitizerAntiSamyDescriptor>allPoliciesAll policies registered.List<HtmlSanitizerDescriptor>allSanitizersAll sanitizers registered.static StringANTISAMY_XPorg.owasp.html.PolicyFactorypolicyEffective policy.static StringSANITIZER_XPList<HtmlSanitizerDescriptor>sanitizersEffective sanitizers.-
Fields inherited from class org.nuxeo.runtime.model.DefaultComponent
lastModified, name
-
-
Constructor Summary
Constructors Constructor Description HtmlSanitizerServiceImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidaddAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)protected voidaddSanitizer(HtmlSanitizerDescriptor desc)protected List<HtmlSanitizerDescriptor>getSanitizers()protected voidinitializeBuilder(org.owasp.html.HtmlPolicyBuilder builder)protected voidrefreshPolicy()protected voidrefreshSanitizers()voidregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor)protected voidremoveAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)protected voidremoveSanitizer(HtmlSanitizerDescriptor desc)voidsanitizeDocument(DocumentModel doc)Sanitizes a document's fields, depending on the service configuration.StringsanitizeString(String string, String info)Sanitizes a string.voidunregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor)-
Methods inherited from class org.nuxeo.runtime.model.DefaultComponent
activate, addRuntimeMessage, addRuntimeMessage, deactivate, getAdapter, getDescriptor, getDescriptors, getLastModified, getRegistry, register, registerExtension, setLastModified, setModifiedNow, setName, start, stop, unregister, unregisterExtension
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.nuxeo.runtime.model.Component
applicationStarted, getApplicationStartedOrder
-
-
-
-
Field Detail
-
ANTISAMY_XP
public static final String ANTISAMY_XP
- See Also:
- Constant Field Values
-
SANITIZER_XP
public static final String SANITIZER_XP
- See Also:
- Constant Field Values
-
allPolicies
public LinkedList<HtmlSanitizerAntiSamyDescriptor> allPolicies
All policies registered.
-
policy
public org.owasp.html.PolicyFactory policy
Effective policy.
-
allSanitizers
public List<HtmlSanitizerDescriptor> allSanitizers
All sanitizers registered.
-
sanitizers
public List<HtmlSanitizerDescriptor> sanitizers
Effective sanitizers.
-
-
Method Detail
-
registerContribution
public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
- Overrides:
registerContributionin classDefaultComponent
-
unregisterContribution
public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
- Overrides:
unregisterContributionin classDefaultComponent
-
addAntiSamy
protected void addAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)
-
removeAntiSamy
protected void removeAntiSamy(HtmlSanitizerAntiSamyDescriptor desc)
-
refreshPolicy
protected void refreshPolicy()
-
initializeBuilder
protected void initializeBuilder(org.owasp.html.HtmlPolicyBuilder builder)
-
addSanitizer
protected void addSanitizer(HtmlSanitizerDescriptor desc)
-
removeSanitizer
protected void removeSanitizer(HtmlSanitizerDescriptor desc)
-
refreshSanitizers
protected void refreshSanitizers()
-
getSanitizers
protected List<HtmlSanitizerDescriptor> getSanitizers()
-
sanitizeDocument
public void sanitizeDocument(DocumentModel doc)
Description copied from interface:HtmlSanitizerServiceSanitizes a document's fields, depending on the service configuration.- Specified by:
sanitizeDocumentin interfaceHtmlSanitizerService
-
sanitizeString
public String sanitizeString(String string, String info)
Description copied from interface:HtmlSanitizerServiceSanitizes a string.- Specified by:
sanitizeStringin interfaceHtmlSanitizerService- Parameters:
string- the string to sanitizeinfo- additional info logged when something is sanitized- Returns:
- the sanitized string
-
-