本文整理汇总了Java中org.owasp.html.HtmlPolicyBuilder类的典型用法代码示例。如果您正苦于以下问题:Java HtmlPolicyBuilder类的具体用法?Java HtmlPolicyBuilder怎么用?Java HtmlPolicyBuilder使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
HtmlPolicyBuilder类属于org.owasp.html包,在下文中一共展示了HtmlPolicyBuilder类的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doGet
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
PolicyFactory policy = new HtmlPolicyBuilder()
.allowElements("p").toFactory();
String query = req.getQueryString();
String notes = req.getParameter("notes");
String foundIn = req.getParameter("foundIn");
String faultData = req.getParameter("faultData");
String projectId = req.getParameter("projectId");
if (notes == null) notes = "";
if (foundIn == null) foundIn = "";
if (faultData == null) faultData = "";
if (projectId == null) projectId = "-1";
notes = policy.sanitize(notes);
foundIn = policy.sanitize(foundIn);
projectId = policy.sanitize(projectId);
PrintWriter out = new PrintWriter(resp.getWriter());
out.println(String.format(template, notes, foundIn, faultData, projectId));
}
示例2: sanitizer
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
public static PolicyFactory sanitizer() {
if (sanitizer == null) {
sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.STYLES);
PolicyFactory html = new HtmlPolicyBuilder()
.allowElements("table", "tr", "td", "thead", "tbody", "th", "font", "button", "input", "select", "option", "video", "audio")
.allowAttributes("class").globally()
.allowAttributes("color").globally()
.allowAttributes("bgcolor").globally()
.allowAttributes("align").globally()
.allowAttributes("target").globally()
.allowAttributes("value").globally()
.allowAttributes("name").globally()
.allowAttributes("controls").globally()
.allowAttributes("src").globally()
.allowAttributes("autoplay").globally()
.allowAttributes("muted").globally()
.allowAttributes("loop").globally()
.allowAttributes("poster").globally()
.allowUrlProtocols("http", "https", "mailto", "chat").allowElements("a")
.allowAttributes("href").onElements("a").requireRelNofollowOnLinks()
.toFactory();
sanitizer = sanitizer.and(html);
}
return sanitizer;
}
示例3: run
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
/**
* Sanitizes inputs to out.
*/
public static void run(Appendable out, String... inputs) throws IOException {
PolicyFactory policyBuilder = new HtmlPolicyBuilder()
.allowAttributes("src").onElements("img")
.allowAttributes("href").onElements("a")
// Allow some URLs through.
.allowStandardUrlProtocols()
.allowElements(
"a", "label", "h1", "h2", "h3", "h4", "h5", "h6",
"p", "i", "b", "u", "strong", "em", "small", "big", "pre", "code",
"cite", "samp", "sub", "sup", "strike", "center", "blockquote",
"hr", "br", "col", "font", "span", "div", "img",
"ul", "ol", "li", "dd", "dt", "dl", "tbody", "thead", "tfoot",
"table", "td", "th", "tr", "colgroup", "fieldset", "legend"
)
.withPostprocessor(
new HtmlStreamEventProcessor() {
public HtmlStreamEventReceiver wrap(HtmlStreamEventReceiver sink) {
return new AppendDomainAfterText(sink);
}
}
).toFactory();
out.append(policyBuilder.sanitize(Joiner.on('\n').join(inputs)));
}
示例4: configure
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
public void configure(HtmlPolicyBuilder policyBuilder) {
String elementName = getElement();
if (elementPolicy.isPresent()) {
policyBuilder.allowElements(elementPolicy.get(), elementName);
} else {
policyBuilder.allowElements(elementName);
}
Set<String> allowedAttributes = attributesAndWhitelist.keySet();
AttributeBuilder attributesBuilder = policyBuilder.allowAttributes(allowedAttributes.toArray(new String[]{}));
for (String attribute : allowedAttributes) {
String regex = attributesAndWhitelist.get(attribute);
if(regex != null){
attributesBuilder.matching(compile(regex));
continue;
}
}
attributesBuilder.onElements(elementName);
}
示例5: sanitize
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
public String sanitize(String text) {
// Telegram does not support <br> but does support new lines.
text = text.replace("<br/>", "\n");
text = text.replace("<br>", "\n");
text = text.replace("</br>", "");
text = text.replace("<p/>", "\n");
text = text.replace("<p>", "\n");
text = text.replace("</p>", "");
text = text.replace("<li>", "\n");
text = text.replace("</li>", "");
text = text.replace("<ul>", "");
text = text.replace("</ul>", "\n");
text = text.replace("<ol>", "");
text = text.replace("</ol>", "\n");
if (sanitizer == null) {
sanitizer = new HtmlPolicyBuilder().allowElements(
"b", "i", "strong", "code", "em", "pre").toFactory().and(Sanitizers.LINKS);
}
String result = sanitizer.sanitize(text);
if (result.contains("&")) {
// The sanitizer is too aggressive and escaping some chars.
//result = result.replace(""", "\"");
result = result.replace("`", "`");
//result = result.replace("'", "'");
result = result.replace("@", "@");
result = result.replace("=", "=");
result = result.replace("+", "+");
result = result.replace("&", "&");
}
return result;
}
示例6: testSafeHtml
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
@Test
public static final void testSafeHtml() {
PolicyFactory f = new HtmlPolicyBuilder()
.allowElements("b")
.toFactory();
SafeHtmlMint m = SafeHtmlMint.fromPolicyFactory(f);
assertEquals("", m.sanitize("").getSafeHtmlString());
assertEquals(
"<b>foo</b>",
m.sanitize("<b onmouseover=alert(1337)>foo</b>").getSafeHtmlString());
assertEquals("I <3 HTML", m.sanitize("I <3 HTML").getSafeHtmlString());
}
示例7: setUp
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
@PostConstruct
public void setUp(){
List<HtmlElement> allowedElements = builder.build();
HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
for (HtmlElement htmlElement : allowedElements) {
htmlElement.configure(policyBuilder);
}
policy = policyBuilder
.allowUrlProtocols("https", "http")
.requireRelNofollowOnLinks()
.toFactory();
}
示例8: makePolicy
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
private static Policy makePolicy(Appendable buffer) {
final HtmlStreamRenderer renderer = HtmlStreamRenderer.create(
buffer,
new Handler<IOException>() {
public void handle(IOException ex) {
throw new RuntimeException(ex);
}
},
new Handler<String>() {
public void handle(String errorMessage) {
throw new RuntimeException(errorMessage);
}
});
return new HtmlPolicyBuilder()
.allowElements( "h1", "h2", "h3", "h4", "p",
"ol", "li", "ul",
"i", "u", "b",
"blockquote",
"a", "br", "div", "img", "span")
.allowAttributes("href").onElements("a")
.allowAttributes("src").onElements("img")
.allowAttributes("width").onElements("img")
.allowAttributes("height").onElements("img")
.allowAttributes("alt").onElements("img")
.allowAttributes("class", "id", "title").globally()
.allowStandardUrlProtocols()
// .requireRelNofollowOnLinks()
// .disallowElements("script")
.build(renderer);
}
示例9: sanitize
import org.owasp.html.HtmlPolicyBuilder; //导入依赖的package包/类
private String sanitize(String markedDescription) {
return new HtmlPolicyBuilder().toFactory().sanitize(markedDescription) + "...";
}