@Service(value={org.apache.sling.api.resource.observation.ResourceChangeListener.class,XSSFilter.class})
@Property(name="resource.change.types",value={"ADDED","CHANGED","REMOVED"}) @Property(name="resource.paths",value="sling/xss/config.xml")
public class XSSFilterImpl
extends Object
implements XSSFilter, org.apache.sling.api.resource.observation.ResourceChangeListener, org.apache.sling.api.resource.observation.ExternalResourceChangeListener
XSSFilter using the Antisamy XSS protection library found at
http://code.google.com/p/owaspantisamy/.| Modifier and Type | Field and Description |
|---|---|
static String |
DEFAULT_POLICY_PATH |
DEFAULT_CONTEXT| Constructor and Description |
|---|
XSSFilterImpl() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
activate() |
boolean |
check(ProtectionContext context,
String src)
Indicates whether or not a given source string contains XSS policy violations.
|
boolean |
check(ProtectionContext context,
String src,
String policy) |
String |
filter(ProtectionContext context,
String src)
Protects the given source string from containing XSS stuff.
|
String |
filter(ProtectionContext context,
String src,
String policy) |
String |
filter(String src)
Prevents the given source string from containing XSS stuff.
|
boolean |
hasPolicy(String policyName) |
boolean |
isValidHref(String url)
Checks if the given URL is valid to be used for the
href attribute in a a tag. |
void |
loadPolicy(String policyName,
InputStream policyStream) |
void |
onChange(List<org.apache.sling.api.resource.observation.ResourceChange> resourceChanges) |
void |
resetDefaultPolicy() |
void |
setDefaultPolicy(InputStream policyStream) |
void |
unloadPolicy(String policyName) |
public static final String DEFAULT_POLICY_PATH
public void onChange(List<org.apache.sling.api.resource.observation.ResourceChange> resourceChanges)
onChange in interface org.apache.sling.api.resource.observation.ResourceChangeListenerpublic boolean check(ProtectionContext context, String src)
XSSFilterpublic String filter(String src)
XSSFilterThe default protection context is used for checking.
public String filter(ProtectionContext context, String src)
XSSFilter@Activate protected void activate()
public boolean check(ProtectionContext context, String src, String policy)
public String filter(ProtectionContext context, String src, String policy)
public void setDefaultPolicy(InputStream policyStream) throws Exception
Exceptionpublic void resetDefaultPolicy()
public void loadPolicy(String policyName, InputStream policyStream) throws Exception
Exceptionpublic void unloadPolicy(String policyName)
public boolean hasPolicy(String policyName)
public boolean isValidHref(String url)
XSSFilterhref attribute in a a tag.
The default protection context is used for checking.
isValidHref in interface XSSFilterurl - the URL that should be validatedCopyright © 2007–2017 The Apache Software Foundation. All rights reserved.