Package org.owasp.validator.html
Class Policy
- java.lang.Object
-
- org.owasp.validator.html.Policy
-
- Direct Known Subclasses:
InternalPolicy
public class Policy extends java.lang.Object
Policy.java This file holds the model for our policy engine.- Author:
- Arshan Dabirsiaghi
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static class
Policy.ParseContext
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ACTION_FILTER
static java.lang.String
ACTION_TRUNCATE
static java.lang.String
ACTION_VALIDATE
static java.lang.String
ANCHORS_NOFOLLOW
static java.util.regex.Pattern
ANYTHING_REGEXP
static java.lang.String
CONNECTION_TIMEOUT
static int
DEFAULT_MAX_INPUT_SIZE
static int
DEFAULT_MAX_STYLESHEET_IMPORTS
protected static java.lang.String
DEFAULT_POLICY_URI
protected java.util.Map<java.lang.String,java.lang.String>
directives
static java.lang.String
EMBED_STYLESHEETS
static java.lang.String
ENTITY_ENCODE_INTL_CHARS
static java.lang.String
FORMAT_OUTPUT
static java.lang.String
OMIT_DOCTYPE_DECLARATION
static java.lang.String
OMIT_XML_DECLARATION
static java.lang.String
PRESERVE_COMMENTS
static java.lang.String
PRESERVE_SPACE
protected java.util.Map<java.lang.String,Tag>
tagRules
static java.lang.String
USE_XHTML
static java.lang.String
VALIDATE_PARAM_AS_EMBED
-
Constructor Summary
Constructors Modifier Constructor Description protected
Policy(Policy.ParseContext parseContext)
protected
Policy(Policy old, java.util.Map<java.lang.String,java.lang.String> directives, java.util.Map<java.lang.String,Tag> tagRules)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description Policy
cloneWithDirective(java.lang.String name, java.lang.String value)
Creates a copy of this policy with an added/changed directive.TagMatcher
getAllowedEmptyTags()
Return all the allowed empty tags configured in the Policy.AntiSamyPattern
getCommonRegularExpressions(java.lang.String name)
java.lang.String
getDirective(java.lang.String name)
Return a directive value based on a lookup name.Attribute
getGlobalAttributeByName(java.lang.String name)
A simple method for returning on of theentries by name. static Policy
getInstance()
This retrieves a Policy based on a default location ("resources/antisamy.xml")static Policy
getInstance(java.io.File file)
This retrieves a Policy based on the File object passed instatic Policy
getInstance(java.io.InputStream inputStream)
This retrieves a Policy based on the InputStream object passed instatic Policy
getInstance(java.lang.String filename)
This retrieves a Policy based on the file name passed instatic Policy
getInstance(java.net.URL url)
This retrieves a Policy based on the URL object passed in.protected static Policy.ParseContext
getParseContext(org.w3c.dom.Element topLevelElement, java.net.URL baseUrl)
Property
getPropertyByName(java.lang.String propertyName)
Retrieves a CSS Property from the Policy.TagMatcher
getRequiresClosingTags()
Return all the tags that are required to be closed with an end tag, even if they have no child content.protected static Policy.ParseContext
getSimpleParseContext(org.w3c.dom.Element topLevelElement)
Tag
getTagByLowercaseName(java.lang.String tagName)
The path to the base policy file, used to resolve relative paths when reading included filesprotected static org.w3c.dom.Element
getTopLevelElement(java.net.URL baseUrl)
protected static org.w3c.dom.Element
getTopLevelElement(org.xml.sax.InputSource source)
static org.xml.sax.InputSource
resolveEntity(java.lang.String systemId, java.net.URL baseUrl)
Resolves public & system ids to files stored within the JAR.
-
-
-
Field Detail
-
ANYTHING_REGEXP
public static final java.util.regex.Pattern ANYTHING_REGEXP
-
DEFAULT_POLICY_URI
protected static final java.lang.String DEFAULT_POLICY_URI
- See Also:
- Constant Field Values
-
DEFAULT_MAX_INPUT_SIZE
public static final int DEFAULT_MAX_INPUT_SIZE
- See Also:
- Constant Field Values
-
DEFAULT_MAX_STYLESHEET_IMPORTS
public static final int DEFAULT_MAX_STYLESHEET_IMPORTS
- See Also:
- Constant Field Values
-
OMIT_XML_DECLARATION
public static final java.lang.String OMIT_XML_DECLARATION
- See Also:
- Constant Field Values
-
OMIT_DOCTYPE_DECLARATION
public static final java.lang.String OMIT_DOCTYPE_DECLARATION
- See Also:
- Constant Field Values
-
USE_XHTML
public static final java.lang.String USE_XHTML
- See Also:
- Constant Field Values
-
FORMAT_OUTPUT
public static final java.lang.String FORMAT_OUTPUT
- See Also:
- Constant Field Values
-
EMBED_STYLESHEETS
public static final java.lang.String EMBED_STYLESHEETS
- See Also:
- Constant Field Values
-
CONNECTION_TIMEOUT
public static final java.lang.String CONNECTION_TIMEOUT
- See Also:
- Constant Field Values
-
ANCHORS_NOFOLLOW
public static final java.lang.String ANCHORS_NOFOLLOW
- See Also:
- Constant Field Values
-
VALIDATE_PARAM_AS_EMBED
public static final java.lang.String VALIDATE_PARAM_AS_EMBED
- See Also:
- Constant Field Values
-
PRESERVE_SPACE
public static final java.lang.String PRESERVE_SPACE
- See Also:
- Constant Field Values
-
PRESERVE_COMMENTS
public static final java.lang.String PRESERVE_COMMENTS
- See Also:
- Constant Field Values
-
ENTITY_ENCODE_INTL_CHARS
public static final java.lang.String ENTITY_ENCODE_INTL_CHARS
- See Also:
- Constant Field Values
-
ACTION_VALIDATE
public static final java.lang.String ACTION_VALIDATE
- See Also:
- Constant Field Values
-
ACTION_FILTER
public static final java.lang.String ACTION_FILTER
- See Also:
- Constant Field Values
-
ACTION_TRUNCATE
public static final java.lang.String ACTION_TRUNCATE
- See Also:
- Constant Field Values
-
tagRules
protected final java.util.Map<java.lang.String,Tag> tagRules
-
directives
protected final java.util.Map<java.lang.String,java.lang.String> directives
-
-
Constructor Detail
-
Policy
protected Policy(Policy.ParseContext parseContext) throws PolicyException
- Throws:
PolicyException
-
-
Method Detail
-
getTagByLowercaseName
public Tag getTagByLowercaseName(java.lang.String tagName)
The path to the base policy file, used to resolve relative paths when reading included files
-
getPropertyByName
public Property getPropertyByName(java.lang.String propertyName)
Retrieves a CSS Property from the Policy.- Parameters:
propertyName
- The name of the CSS Property to look up.- Returns:
- The CSS Property associated with the name specified, or null if none is found.
-
getInstance
public static Policy getInstance() throws PolicyException
This retrieves a Policy based on a default location ("resources/antisamy.xml")- Returns:
- A populated Policy object based on the XML policy file located in the default location.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getInstance
public static Policy getInstance(java.lang.String filename) throws PolicyException
This retrieves a Policy based on the file name passed in- Parameters:
filename
- The path to the XML policy file.- Returns:
- A populated Policy object based on the XML policy file located in the location passed in.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getInstance
public static Policy getInstance(java.io.InputStream inputStream) throws PolicyException
This retrieves a Policy based on the InputStream object passed in- Parameters:
inputStream
- An InputStream which contains thhe XML policy information.- Returns:
- A populated Policy object based on the XML policy file pointed to by the inputStream parameter.
- Throws:
PolicyException
- If there is a problem parsing the input stream.
-
getInstance
public static Policy getInstance(java.io.File file) throws PolicyException
This retrieves a Policy based on the File object passed in- Parameters:
file
- A File object which contains the XML policy information.- Returns:
- A populated Policy object based on the XML policy file pointed to by the File parameter.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getInstance
public static Policy getInstance(java.net.URL url) throws PolicyException
This retrieves a Policy based on the URL object passed in. NOTE: This is the only factory method that will work withtags in AntiSamy policy files. - Parameters:
url
- A URL object which contains the XML policy information.- Returns:
- A populated Policy object based on the XML policy file pointed to by the File parameter.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getSimpleParseContext
protected static Policy.ParseContext getSimpleParseContext(org.w3c.dom.Element topLevelElement) throws PolicyException
- Throws:
PolicyException
-
getParseContext
protected static Policy.ParseContext getParseContext(org.w3c.dom.Element topLevelElement, java.net.URL baseUrl) throws PolicyException
- Throws:
PolicyException
-
getTopLevelElement
protected static org.w3c.dom.Element getTopLevelElement(java.net.URL baseUrl) throws PolicyException
- Throws:
PolicyException
-
getTopLevelElement
protected static org.w3c.dom.Element getTopLevelElement(org.xml.sax.InputSource source) throws PolicyException
- Throws:
PolicyException
-
cloneWithDirective
public Policy cloneWithDirective(java.lang.String name, java.lang.String value)
Creates a copy of this policy with an added/changed directive.- Parameters:
name
- The directive to add/modifyvalue
- The value- Returns:
- A clone of the policy with the updated directive
-
getGlobalAttributeByName
public Attribute getGlobalAttributeByName(java.lang.String name)
A simple method for returning on of theentries by name. - Parameters:
name
- The name of the global-attribute we want to look up.- Returns:
- An Attribute associated with the global-attribute lookup name specified.
-
getAllowedEmptyTags
public TagMatcher getAllowedEmptyTags()
Return all the allowed empty tags configured in the Policy.- Returns:
- A String array of all the he allowed empty tags configured in the Policy.
-
getRequiresClosingTags
public TagMatcher getRequiresClosingTags()
Return all the tags that are required to be closed with an end tag, even if they have no child content.- Returns:
- A String array of all the tags that are required to be closed with an end tag, even if they have no child content.
-
getDirective
public java.lang.String getDirective(java.lang.String name)
Return a directive value based on a lookup name.- Returns:
- A String object containing the directive associated with the lookup name, or null if none is found.
-
resolveEntity
public static org.xml.sax.InputSource resolveEntity(java.lang.String systemId, java.net.URL baseUrl) throws java.io.IOException, org.xml.sax.SAXException
Resolves public & system ids to files stored within the JAR.- Throws:
java.io.IOException
org.xml.sax.SAXException
-
getCommonRegularExpressions
public AntiSamyPattern getCommonRegularExpressions(java.lang.String name)
-
-