Class CssScanner

java.lang.Object
org.owasp.validator.css.CssScanner
Direct Known Subclasses:
ExternalCssScanner

public class CssScanner extends Object
Encapsulates the parsing and validation of a CSS stylesheet or inline declaration. To make use of this class, instantiate the scanner with the desired policy and call either scanInlineSheet() or scanStyleSheet as appropriate.
Author:
Jason Li
See Also:
  • Field Details

    • DEFAULT_TIMEOUT

      protected static final int DEFAULT_TIMEOUT
      See Also:
    • parser

      protected final org.apache.batik.css.parser.Parser parser
      The parser to be used in any scanning
    • policy

      protected final InternalPolicy policy
      The policy file to be used in any scanning
    • messages

      protected final ResourceBundle messages
      The message bundled to pull error messages from.
  • Constructor Details

    • CssScanner

      public CssScanner(InternalPolicy policy, ResourceBundle messages)
      Constructs a scanner based on the given policy.
      Parameters:
      policy - the policy to follow when scanning
  • Method Details

    • scanStyleSheet

      public CleanResults scanStyleSheet(String taintedCss, int sizeLimit) throws ScanException
      Scans the contents of a full stylesheet (ex. a file based stylesheet or the complete stylesheet contents as declared within <style> tags)
      Parameters:
      taintedCss - a String containing the contents of the CSS stylesheet to validate
      sizeLimit - the limit on the total size in bytes of any imported stylesheets
      Returns:
      a CleanResuts object containing the results of the scan
      Throws:
      ScanException - if an error occurs during scanning
    • scanInlineStyle

      public CleanResults scanInlineStyle(String taintedCss, String tagName, int sizeLimit) throws ScanException
      Scans the contents of an inline style declaration (ex. in the style attribute of an HTML tag) and validates the style sheet according to this CssScanner's policy file.
      Parameters:
      taintedCss - a String containing the contents of the CSS stylesheet to validate
      tagName - the name of the tag for which this inline style was declared
      sizeLimit - the limit on the total size in bites of any imported stylesheets
      Returns:
      a CleanResuts object containing the results of the scan
      Throws:
      ScanException - if an error occurs during scanning
    • parseImportedStylesheets

      protected void parseImportedStylesheets(LinkedList stylesheets, CssHandler handler, List<String> errorMessages, int sizeLimit) throws ScanException
      Parses through a LinkedList of imported stylesheet URIs, this method parses through those stylesheets and validates them
      Parameters:
      stylesheets - the LinkedList of stylesheet URIs to parse
      handler - the CssHandler to use for parsing
      errorMessages - the list of error messages to append to
      sizeLimit - the limit on the total size in bites of any imported stylesheets
      Throws:
      ScanException - if an error occurs during scanning
    • main

      public static void main(String[] args) throws Exception
      Deprecated.
      Test method to demonstrate CSS scanning.
      Parameters:
      args - unused
      Throws:
      Exception - if any error occurs