Package org.opencms.util
Class CmsParameterEscaper
- java.lang.Object
-
- org.opencms.util.CmsParameterEscaper
-
public class CmsParameterEscaper extends java.lang.Object
This class is responsible for automatically escaping parameters in Flex requests. It keeps track of which parameters to escape (or not escape), and which parameters need to be processed by AntiSamy.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringDEFAULT_POLICYThe file name of the default policy.protected static org.owasp.validator.html.PolicydefaultPolicyThe default policy, which is used when no policy path is given.
-
Constructor Summary
Constructors Constructor Description CmsParameterEscaper()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description org.owasp.validator.html.AntiSamycreateAntiSamy(CmsObject cms, java.lang.String policyPath)Creates a new AntiSamy instance for a given policy path.voidenableAntiSamy(CmsObject cms, java.lang.String policyPath, java.util.Set<java.lang.String> params)Enables the AntiSamy HTML cleaning for some parameters.java.lang.Stringescape(java.lang.String name, java.lang.String html)Escapes a single parameter value.java.lang.String[]escape(java.lang.String name, java.lang.String[] values)Escapes an array of parameter values.java.lang.StringfilterAntiSamy(java.lang.String html)Filters HTML input using the internal AntiSamy instance.static org.owasp.validator.html.PolicyreadPolicy(CmsObject cms, java.lang.String sitePath)Helper method for reading an AntiSamy policy file from the VFS.voidsetExceptions(java.util.Collection<java.lang.String> exceptions)Sets the set of names of parameters which shouldn't be escaped.
-
-
-
Field Detail
-
DEFAULT_POLICY
public static final java.lang.String DEFAULT_POLICY
The file name of the default policy.- See Also:
- Constant Field Values
-
defaultPolicy
protected static org.owasp.validator.html.Policy defaultPolicy
The default policy, which is used when no policy path is given.
-
-
Constructor Detail
-
CmsParameterEscaper
public CmsParameterEscaper()
-
-
Method Detail
-
readPolicy
public static org.owasp.validator.html.Policy readPolicy(CmsObject cms, java.lang.String sitePath)
Helper method for reading an AntiSamy policy file from the VFS.- Parameters:
cms- the current CMS contextsitePath- the site path of the policy file- Returns:
- the policy object for the given path
-
createAntiSamy
public org.owasp.validator.html.AntiSamy createAntiSamy(CmsObject cms, java.lang.String policyPath)
Creates a new AntiSamy instance for a given policy path.- Parameters:
cms- the current CMS contextpolicyPath- the policy site path- Returns:
- the new AntiSamy instance
-
enableAntiSamy
public void enableAntiSamy(CmsObject cms, java.lang.String policyPath, java.util.Set<java.lang.String> params)
Enables the AntiSamy HTML cleaning for some parameters.- Parameters:
cms- the current CMS contextpolicyPath- the policy site path in the VFSparams- the parameters for which HTML cleaning should be enabled
-
escape
public java.lang.String escape(java.lang.String name, java.lang.String html)
Escapes a single parameter value.- Parameters:
name- the name of the parameterhtml- the value of the parameter- Returns:
- the escaped parameter value
-
escape
public java.lang.String[] escape(java.lang.String name, java.lang.String[] values)
Escapes an array of parameter values.- Parameters:
name- the parameter namevalues- the parameter values- Returns:
- the escaped parameter values
-
filterAntiSamy
public java.lang.String filterAntiSamy(java.lang.String html)
Filters HTML input using the internal AntiSamy instance.- Parameters:
html- the HTML to filter- Returns:
- the filtered HTML
-
setExceptions
public void setExceptions(java.util.Collection<java.lang.String> exceptions)
Sets the set of names of parameters which shouldn't be escaped.- Parameters:
exceptions- a set of parameter names
-
-