Class Policy

java.lang.Object
org.owasp.validator.html.Policy
Direct Known Subclasses:
InternalPolicy

public class Policy extends Object
Policy.java

This file holds the model for our policy engine.

Author:
Arshan Dabirsiaghi
  • Field Details

  • Constructor Details

  • Method Details

    • getTagByLowercaseName

      public Tag getTagByLowercaseName(String tagName)
      The path to the base policy file, used to resolve relative paths when reading included files
    • getPropertyByName

      public Property getPropertyByName(String propertyName)
      Retrieves a CSS Property from the Policy.
      Parameters:
      propertyName - The name of the CSS Property to look up.
      Returns:
      The CSS Property associated with the name specified, or null if none is found.
    • getInstance

      public static Policy getInstance() throws PolicyException
      This retrieves a Policy based on a default location ("resources/antisamy.xml")
      Returns:
      A populated Policy object based on the XML policy file located in the default location.
      Throws:
      PolicyException - If the file is not found or there is a problem parsing the file.
    • getInstance

      public static Policy getInstance(String filename) throws PolicyException
      This retrieves a Policy based on the file name passed in
      Parameters:
      filename - The path to the XML policy file.
      Returns:
      A populated Policy object based on the XML policy file located in the location passed in.
      Throws:
      PolicyException - If the file is not found or there is a problem parsing the file.
    • getInstance

      public static Policy getInstance(InputStream inputStream) throws PolicyException
      This retrieves a Policy based on the InputStream object passed in
      Parameters:
      inputStream - An InputStream which contains thhe XML policy information.
      Returns:
      A populated Policy object based on the XML policy file pointed to by the inputStream parameter.
      Throws:
      PolicyException - If there is a problem parsing the input stream.
    • getInstance

      public static Policy getInstance(File file) throws PolicyException
      This retrieves a Policy based on the File object passed in
      Parameters:
      file - A File object which contains the XML policy information.
      Returns:
      A populated Policy object based on the XML policy file pointed to by the File parameter.
      Throws:
      PolicyException - If the file is not found or there is a problem parsing the file.
    • getInstance

      public static Policy getInstance(URL url) throws PolicyException
      This retrieves a Policy based on the URL object passed in.

      NOTE: This is the only factory method that will work with tags in AntiSamy policy files.

      Parameters:
      url - A URL object which contains the XML policy information.
      Returns:
      A populated Policy object based on the XML policy file pointed to by the File parameter.
      Throws:
      PolicyException - If the file is not found or there is a problem parsing the file.
    • getSimpleParseContext

      protected static Policy.ParseContext getSimpleParseContext(Element topLevelElement) throws PolicyException
      Throws:
      PolicyException
    • getParseContext

      protected static Policy.ParseContext getParseContext(Element topLevelElement, URL baseUrl) throws PolicyException
      Throws:
      PolicyException
    • getTopLevelElement

      protected static Element getTopLevelElement(URL baseUrl) throws PolicyException
      Throws:
      PolicyException
    • getTopLevelElement

      protected static Element getTopLevelElement(InputSource source) throws PolicyException
      Throws:
      PolicyException
    • cloneWithDirective

      public Policy cloneWithDirective(String name, String value)
      Creates a copy of this policy with an added/changed directive.
      Parameters:
      name - The directive to add/modify
      value - The value
      Returns:
      A clone of the policy with the updated directive
    • getGlobalAttributeByName

      public Attribute getGlobalAttributeByName(String name)
      A simple method for returning on of the <global-attribute> entries by name.
      Parameters:
      name - The name of the global-attribute we want to look up.
      Returns:
      An Attribute associated with the global-attribute lookup name specified.
    • getAllowedEmptyTags

      public TagMatcher getAllowedEmptyTags()
      Return all the allowed empty tags configured in the Policy.
      Returns:
      A String array of all the he allowed empty tags configured in the Policy.
    • getRequiresClosingTags

      public TagMatcher getRequiresClosingTags()
      Return all the tags that are required to be closed with an end tag, even if they have no child content.
      Returns:
      A String array of all the tags that are required to be closed with an end tag, even if they have no child content.
    • getDirective

      public String getDirective(String name)
      Return a directive value based on a lookup name.
      Returns:
      A String object containing the directive associated with the lookup name, or null if none is found.
    • resolveEntity

      public static InputSource resolveEntity(String systemId, URL baseUrl) throws IOException, SAXException
      Resolves public & system ids to files stored within the JAR.
      Throws:
      IOException
      SAXException
    • getCommonRegularExpressions

      public AntiSamyPattern getCommonRegularExpressions(String name)