Package org.owasp.validator.css
Class CssScanner
java.lang.Object
org.owasp.validator.css.CssScanner
- Direct Known Subclasses:
ExternalCssScanner
Encapsulates the parsing and validation of a CSS stylesheet or inline
declaration. To make use of this class, instantiate the scanner with the
desired policy and call either
scanInlineSheet()
or
scanStyleSheet
as appropriate.- Author:
- Jason Li
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final int
protected final ResourceBundle
The message bundled to pull error messages from.protected final org.apache.batik.css.parser.Parser
The parser to be used in any scanningprotected final InternalPolicy
The policy file to be used in any scanning -
Constructor Summary
ConstructorsConstructorDescriptionCssScanner
(InternalPolicy policy, ResourceBundle messages) Constructs a scanner based on the given policy. -
Method Summary
Modifier and TypeMethodDescriptionstatic void
Deprecated.protected void
parseImportedStylesheets
(LinkedList stylesheets, CssHandler handler, List<String> errorMessages, int sizeLimit) Parses through aLinkedList
of imported stylesheet URIs, this method parses through those stylesheets and validates themscanInlineStyle
(String taintedCss, String tagName, int sizeLimit) Scans the contents of an inline style declaration (ex.scanStyleSheet
(String taintedCss, int sizeLimit) Scans the contents of a full stylesheet (ex.
-
Field Details
-
DEFAULT_TIMEOUT
protected static final int DEFAULT_TIMEOUT- See Also:
-
parser
protected final org.apache.batik.css.parser.Parser parserThe parser to be used in any scanning -
policy
The policy file to be used in any scanning -
messages
The message bundled to pull error messages from.
-
-
Constructor Details
-
CssScanner
Constructs a scanner based on the given policy.- Parameters:
policy
- the policy to follow when scanning
-
-
Method Details
-
scanStyleSheet
Scans the contents of a full stylesheet (ex. a file based stylesheet or the complete stylesheet contents as declared within <style> tags)- Parameters:
taintedCss
- aString
containing the contents of the CSS stylesheet to validatesizeLimit
- the limit on the total size in bytes of any imported stylesheets- Returns:
- a
CleanResuts
object containing the results of the scan - Throws:
ScanException
- if an error occurs during scanning
-
scanInlineStyle
public CleanResults scanInlineStyle(String taintedCss, String tagName, int sizeLimit) throws ScanException Scans the contents of an inline style declaration (ex. in the style attribute of an HTML tag) and validates the style sheet according to thisCssScanner
's policy file.- Parameters:
taintedCss
- aString
containing the contents of the CSS stylesheet to validatetagName
- the name of the tag for which this inline style was declaredsizeLimit
- the limit on the total size in bites of any imported stylesheets- Returns:
- a
CleanResuts
object containing the results of the scan - Throws:
ScanException
- if an error occurs during scanning
-
parseImportedStylesheets
protected void parseImportedStylesheets(LinkedList stylesheets, CssHandler handler, List<String> errorMessages, int sizeLimit) throws ScanException Parses through aLinkedList
of imported stylesheet URIs, this method parses through those stylesheets and validates them- Parameters:
stylesheets
- theLinkedList
of stylesheet URIs to parsehandler
- theCssHandler
to use for parsingerrorMessages
- the list of error messages to append tosizeLimit
- the limit on the total size in bites of any imported stylesheets- Throws:
ScanException
- if an error occurs during scanning
-
main
Deprecated.Test method to demonstrate CSS scanning.- Parameters:
args
- unused- Throws:
Exception
- if any error occurs
-