Package org.owasp.validator.html
Class Policy
java.lang.Object
org.owasp.validator.html.Policy
- Direct Known Subclasses:
InternalPolicy
Policy.java
This file holds the model for our policy engine.
- Author:
- Arshan Dabirsiaghi
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final Pattern
static final String
static final int
static final int
protected static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
static final String
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncloneWithDirective
(String name, String value) Creates a copy of this policy with an added/changed directive.Return all the allowed empty tags configured in the Policy.getDirective
(String name) Return a directive value based on a lookup name.A simple method for returning on of the <global-attribute> entries by name.static Policy
This retrieves a Policy based on a default location ("resources/antisamy.xml")static Policy
getInstance
(File file) This retrieves a Policy based on the File object passed instatic Policy
getInstance
(InputStream inputStream) This retrieves a Policy based on the InputStream object passed instatic Policy
getInstance
(String filename) This retrieves a Policy based on the file name passed instatic Policy
getInstance
(URL url) This retrieves a Policy based on the URL object passed in.protected static Policy.ParseContext
getParseContext
(Element topLevelElement, URL baseUrl) getPropertyByName
(String propertyName) Retrieves a CSS Property from the Policy.Return all the tags that are required to be closed with an end tag, even if they have no child content.protected static Policy.ParseContext
getSimpleParseContext
(Element topLevelElement) getTagByLowercaseName
(String tagName) The path to the base policy file, used to resolve relative paths when reading included filesprotected static Element
getTopLevelElement
(URL baseUrl) protected static Element
getTopLevelElement
(InputSource source) static InputSource
resolveEntity
(String systemId, URL baseUrl) Resolves public & system ids to files stored within the JAR.
-
Field Details
-
ANYTHING_REGEXP
-
DEFAULT_POLICY_URI
- See Also:
-
DEFAULT_MAX_INPUT_SIZE
public static final int DEFAULT_MAX_INPUT_SIZE- See Also:
-
DEFAULT_MAX_STYLESHEET_IMPORTS
public static final int DEFAULT_MAX_STYLESHEET_IMPORTS- See Also:
-
OMIT_XML_DECLARATION
- See Also:
-
OMIT_DOCTYPE_DECLARATION
- See Also:
-
USE_XHTML
- See Also:
-
FORMAT_OUTPUT
- See Also:
-
EMBED_STYLESHEETS
- See Also:
-
CONNECTION_TIMEOUT
- See Also:
-
ANCHORS_NOFOLLOW
- See Also:
-
VALIDATE_PARAM_AS_EMBED
- See Also:
-
PRESERVE_SPACE
- See Also:
-
PRESERVE_COMMENTS
- See Also:
-
ENTITY_ENCODE_INTL_CHARS
- See Also:
-
ACTION_VALIDATE
- See Also:
-
ACTION_FILTER
- See Also:
-
ACTION_TRUNCATE
- See Also:
-
tagRules
-
directives
-
-
Constructor Details
-
Policy
- Throws:
PolicyException
-
Policy
-
-
Method Details
-
getTagByLowercaseName
The path to the base policy file, used to resolve relative paths when reading included files -
getPropertyByName
Retrieves a CSS Property from the Policy.- Parameters:
propertyName
- The name of the CSS Property to look up.- Returns:
- The CSS Property associated with the name specified, or null if none is found.
-
getInstance
This retrieves a Policy based on a default location ("resources/antisamy.xml")- Returns:
- A populated Policy object based on the XML policy file located in the default location.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getInstance
This retrieves a Policy based on the file name passed in- Parameters:
filename
- The path to the XML policy file.- Returns:
- A populated Policy object based on the XML policy file located in the location passed in.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getInstance
This retrieves a Policy based on the InputStream object passed in- Parameters:
inputStream
- An InputStream which contains thhe XML policy information.- Returns:
- A populated Policy object based on the XML policy file pointed to by the inputStream parameter.
- Throws:
PolicyException
- If there is a problem parsing the input stream.
-
getInstance
This retrieves a Policy based on the File object passed in- Parameters:
file
- A File object which contains the XML policy information.- Returns:
- A populated Policy object based on the XML policy file pointed to by the File parameter.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getInstance
This retrieves a Policy based on the URL object passed in. NOTE: This is the only factory method that will work withtags in AntiSamy policy files. - Parameters:
url
- A URL object which contains the XML policy information.- Returns:
- A populated Policy object based on the XML policy file pointed to by the File parameter.
- Throws:
PolicyException
- If the file is not found or there is a problem parsing the file.
-
getSimpleParseContext
protected static Policy.ParseContext getSimpleParseContext(Element topLevelElement) throws PolicyException - Throws:
PolicyException
-
getParseContext
protected static Policy.ParseContext getParseContext(Element topLevelElement, URL baseUrl) throws PolicyException - Throws:
PolicyException
-
getTopLevelElement
- Throws:
PolicyException
-
getTopLevelElement
- Throws:
PolicyException
-
cloneWithDirective
Creates a copy of this policy with an added/changed directive.- Parameters:
name
- The directive to add/modifyvalue
- The value- Returns:
- A clone of the policy with the updated directive
-
getGlobalAttributeByName
A simple method for returning on of the <global-attribute> entries by name.- Parameters:
name
- The name of the global-attribute we want to look up.- Returns:
- An Attribute associated with the global-attribute lookup name specified.
-
getAllowedEmptyTags
Return all the allowed empty tags configured in the Policy.- Returns:
- A String array of all the he allowed empty tags configured in the Policy.
-
getRequiresClosingTags
Return all the tags that are required to be closed with an end tag, even if they have no child content.- Returns:
- A String array of all the tags that are required to be closed with an end tag, even if they have no child content.
-
getDirective
Return a directive value based on a lookup name.- Returns:
- A String object containing the directive associated with the lookup name, or null if none is found.
-
resolveEntity
public static InputSource resolveEntity(String systemId, URL baseUrl) throws IOException, SAXException Resolves public & system ids to files stored within the JAR.- Throws:
IOException
SAXException
-
getCommonRegularExpressions
-