Class HtmlSanitizerServiceImpl
java.lang.Object
org.nuxeo.runtime.model.DefaultComponent
org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerServiceImpl
- All Implemented Interfaces:
HtmlSanitizerService,Adaptable,Component,Extensible,TimestampedService
Service that sanitizes some HMTL fields to remove potential cross-site scripting attacks in them.
-
Field Summary
FieldsModifier and TypeFieldDescriptionAll policies registered.All sanitizers registered.static final Stringorg.owasp.html.PolicyFactoryEffective policy.static final StringEffective sanitizers.Fields inherited from class org.nuxeo.runtime.model.DefaultComponent
lastModified, name -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidprotected voidprotected List<HtmlSanitizerDescriptor>protected voidinitializeBuilder(org.owasp.html.HtmlPolicyBuilder builder) protected voidprotected voidvoidregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor) protected voidprotected voidvoidSanitizes a document's fields, depending on the service configuration.sanitizeString(String string, String info) Sanitizes a string.voidunregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor) Methods inherited from class org.nuxeo.runtime.model.DefaultComponent
activate, addRuntimeMessage, addRuntimeMessage, deactivate, getAdapter, getDescriptor, getDescriptors, getLastModified, getRegistry, register, registerExtension, setLastModified, setModifiedNow, setName, start, stop, unregister, unregisterExtensionMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.nuxeo.runtime.model.Component
getApplicationStartedOrder
-
Field Details
-
ANTISAMY_XP
- See Also:
-
SANITIZER_XP
- See Also:
-
allPolicies
All policies registered. -
policy
public org.owasp.html.PolicyFactory policyEffective policy. -
allSanitizers
All sanitizers registered. -
sanitizers
Effective sanitizers.
-
-
Constructor Details
-
HtmlSanitizerServiceImpl
public HtmlSanitizerServiceImpl()
-
-
Method Details
-
registerContribution
public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor) - Overrides:
registerContributionin classDefaultComponent
-
unregisterContribution
public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor) - Overrides:
unregisterContributionin classDefaultComponent
-
addAntiSamy
-
removeAntiSamy
-
refreshPolicy
protected void refreshPolicy() -
initializeBuilder
protected void initializeBuilder(org.owasp.html.HtmlPolicyBuilder builder) -
addSanitizer
-
removeSanitizer
-
refreshSanitizers
protected void refreshSanitizers() -
getSanitizers
-
sanitizeDocument
Description copied from interface:HtmlSanitizerServiceSanitizes a document's fields, depending on the service configuration.- Specified by:
sanitizeDocumentin interfaceHtmlSanitizerService
-
sanitizeString
Description copied from interface:HtmlSanitizerServiceSanitizes a string.- Specified by:
sanitizeStringin interfaceHtmlSanitizerService- Parameters:
string- the string to sanitizeinfo- additional info logged when something is sanitized- Returns:
- the sanitized string
-