本文整理汇总了Java中org.owasp.html.PolicyFactory类的典型用法代码示例。如果您正苦于以下问题:Java PolicyFactory类的具体用法?Java PolicyFactory怎么用?Java PolicyFactory使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
PolicyFactory类属于org.owasp.html包,在下文中一共展示了PolicyFactory类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doGet
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
PolicyFactory policy = new HtmlPolicyBuilder()
.allowElements("p").toFactory();
String query = req.getQueryString();
String notes = req.getParameter("notes");
String foundIn = req.getParameter("foundIn");
String faultData = req.getParameter("faultData");
String projectId = req.getParameter("projectId");
if (notes == null) notes = "";
if (foundIn == null) foundIn = "";
if (faultData == null) faultData = "";
if (projectId == null) projectId = "-1";
notes = policy.sanitize(notes);
foundIn = policy.sanitize(foundIn);
projectId = policy.sanitize(projectId);
PrintWriter out = new PrintWriter(resp.getWriter());
out.println(String.format(template, notes, foundIn, faultData, projectId));
}
示例2: doPost
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
testBatteryService = appContext.getBean(ITestBatteryService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String pk = policy.sanitize(request.getParameter("id"));
String name = policy.sanitize(request.getParameter("columnName"));
String value = policy.sanitize(request.getParameter("value"));
response.setContentType("text/html");
try {
TestBattery testBattery = testBatteryService.findTestBatteryByKey(Integer.parseInt(pk));
if (name != null && "Description".equals(name.trim())) {
testBattery.setDescription(value);
} else if (name != null && "TestBattery".equals(name.trim())) {
testBattery.setTestbattery(value);
} else {
throw new CerberusException(new MessageGeneral(MessageGeneralEnum.NOT_IMPLEMEMTED));
}
testBatteryService.updateTestBattery(testBattery);
response.getWriter().print(value);
} catch (CerberusException ex) {
response.getWriter().print(ex.getMessageError().getDescription());
}
}
示例3: renderContentAsText
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
public static String renderContentAsText(LocalDispatcher dispatcher, Delegator delegator, String contentId, Map<String, Object> templateContext,
Locale locale, String mimeTypeId, boolean cache) throws GeneralException, IOException {
Writer writer = new StringWriter();
renderContentAsText(dispatcher, delegator, contentId, writer, templateContext, locale, mimeTypeId, null, null, cache);
String rendered = writer.toString();
// According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
// Normally head should be protected by X-XSS-Protection Response Header by default
if (EntityUtilProperties.propertyValueEqualsIgnoreCase("content.properties", "content.sanitize", "true", delegator)
&& (rendered.contains("<script>")
|| rendered.contains("<!--")
|| rendered.contains("<div")
|| rendered.contains("<style>")
|| rendered.contains("<span")
|| rendered.contains("<input")
|| rendered.contains("<input")
|| rendered.contains("<iframe")
|| rendered.contains("<a"))) {
PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.LINKS).and(Sanitizers.STYLES);
rendered = sanitizer.sanitize(rendered);
}
return rendered;
}
示例4: sanitizer
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
public static PolicyFactory sanitizer() {
if (sanitizer == null) {
sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.STYLES);
PolicyFactory html = new HtmlPolicyBuilder()
.allowElements("table", "tr", "td", "thead", "tbody", "th", "font", "button", "input", "select", "option", "video", "audio")
.allowAttributes("class").globally()
.allowAttributes("color").globally()
.allowAttributes("bgcolor").globally()
.allowAttributes("align").globally()
.allowAttributes("target").globally()
.allowAttributes("value").globally()
.allowAttributes("name").globally()
.allowAttributes("controls").globally()
.allowAttributes("src").globally()
.allowAttributes("autoplay").globally()
.allowAttributes("muted").globally()
.allowAttributes("loop").globally()
.allowAttributes("poster").globally()
.allowUrlProtocols("http", "https", "mailto", "chat").allowElements("a")
.allowAttributes("href").onElements("a").requireRelNofollowOnLinks()
.toFactory();
sanitizer = sanitizer.and(html);
}
return sanitizer;
}
示例5: run
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
/**
* Sanitizes inputs to out.
*/
public static void run(Appendable out, String... inputs) throws IOException {
PolicyFactory policyBuilder = new HtmlPolicyBuilder()
.allowAttributes("src").onElements("img")
.allowAttributes("href").onElements("a")
// Allow some URLs through.
.allowStandardUrlProtocols()
.allowElements(
"a", "label", "h1", "h2", "h3", "h4", "h5", "h6",
"p", "i", "b", "u", "strong", "em", "small", "big", "pre", "code",
"cite", "samp", "sub", "sup", "strike", "center", "blockquote",
"hr", "br", "col", "font", "span", "div", "img",
"ul", "ol", "li", "dd", "dt", "dl", "tbody", "thead", "tfoot",
"table", "td", "th", "tr", "colgroup", "fieldset", "legend"
)
.withPostprocessor(
new HtmlStreamEventProcessor() {
public HtmlStreamEventReceiver wrap(HtmlStreamEventReceiver sink) {
return new AppendDomainAfterText(sink);
}
}
).toFactory();
out.append(policyBuilder.sanitize(Joiner.on('\n').join(inputs)));
}
示例6: setUp
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Before
public void setUp(){
envReturns(ALLOWED_ELEMENTS_KEY, "a, blockquote, code, em, h1, h2, hr, img, kbd, li, ol, p, pre, strong, ul, iframe");
envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"a", "href");
envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"pre", "class");
envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"img", "src, alt, width, height");
envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"iframe", "src, width, height, scrolling, frameborder");
envReturns(ALLOWED_ATTRIBUTES_KEY_PREFIX+"iframe"+ALLOWED_ATTRIBUTES_WHITELIST_KEY_SUFIX+"href", ".*soundcloud.com\\/tracks\\/.*|.*youtube.com\\/embed\\/.*|.*//player.vimeo.com\\/video\\/.*");
final HtmlElementsBuilder htmlElementsBuilder = new HtmlElementsBuilder(env, new HtmlAttributesBuilder(env));
htmlElementsBuilder.setUp();
MamutePolicyProducer mamutePolicyProducer = new MamutePolicyProducer(htmlElementsBuilder);
mamutePolicyProducer.setUp();
PolicyFactory policy = mamutePolicyProducer.getInstance();
htmlSanitizer = new HtmlSanitizer(policy);
}
示例7: doPost
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseStepActionExecutionService testCaseExecutionDetailService = appContext.getBean(ITestCaseStepActionExecutionService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
String testcase = policy.sanitize(httpServletRequest.getParameter("testcase"));
String country = policy.sanitize(httpServletRequest.getParameter("country"));
JSONArray data = testCaseExecutionDetailService.lastActionExecutionDuration(test, testcase, country);
try {
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(data.toString());
} catch (Exception e) {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(e.getMessage());
}
}
示例8: doGet
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IDocumentationService docService = appContext.getBean(IDocumentationService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String result = "";
String docTable = policy.sanitize(httpServletRequest.getParameter("docTable"));
String docField = policy.sanitize(httpServletRequest.getParameter("docField"));
String docLabel = policy.sanitize(httpServletRequest.getParameter("docLabel"));
String lang = ParameterParserUtil.parseStringParamAndSanitize(httpServletRequest.getParameter("lang"), "en");
result = docService.findLabelHTML(docTable, docField, docLabel, lang);
try {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(result);
} catch (Exception exception) {
LOG.warn(exception.toString());
}
}
示例9: doGet
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse response) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IDocumentationService docService = appContext.getBean(IDocumentationService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
JSONObject jsonResponse = new JSONObject();
List<Documentation> result = new ArrayList<Documentation>();
JSONObject format = new JSONObject();
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
String lang = ParameterParserUtil.parseStringParamAndSanitize(httpServletRequest.getParameter("lang"), "en");
result = docService.findAllWithEmptyDocLabel(lang);
format = docService.formatGroupByDocTable(result);
try {
jsonResponse.put("labelTable", format);
} catch (JSONException ex) {
LOG.warn(ex);
}
response.getWriter().print(jsonResponse.toString());
}
示例10: doPost
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
testBatteryService = appContext.getBean(ITestBatteryService.class);
factoryTestBattery = appContext.getBean(IFactoryTestBattery.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testbattery = policy.sanitize(request.getParameter("TestBattery"));
String description = policy.sanitize(request.getParameter("Description"));
response.setContentType("text/html");
testBatteryService.createTestBattery(factoryTestBattery.create(null, testbattery, description));
String newTestBatteryId = String.valueOf(testBatteryService.findTestBatteryByTestBatteryName(testbattery).getTestbatteryID());
response.getWriter().append(newTestBatteryId).close();
} catch (CerberusException ex) {
LOG.warn(ex);
response.getWriter().append("-1").close();
}
}
示例11: processRequest
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String system = policy.sanitize(request.getParameter("system"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (String test : testService.findTestWithTestCaseActiveAutomatedBySystem(system)) {
array.put(test);
}
try {
jsonObject.put("testsList", array);
response.setContentType("application/json");
response.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例12: doGet
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testName = policy.sanitize(httpServletRequest.getParameter("test"));
String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseCountryService testCaseCountryService = appContext.getBean(ITestCaseCountryService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (String country : testCaseCountryService.findListOfCountryByTestTestCase(testName, testCaseName)) {
array.put(country);
}
try {
jsonObject.put("countriesList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例13: doGet
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (TestCase testcase : testService.findTestCaseByTest(test)) {
array.put(testcase.getTestCase());
}
try {
jsonObject.put("testcasesList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例14: processRequest
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
* @throws org.json.JSONException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, CerberusException, JSONException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String application = policy.sanitize(request.getParameter("application"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ICountryEnvParamService ceService = appContext.getBean(ICountryEnvParamService.class);
JSONArray array = new JSONArray();
for (JSONObject ce : ceService.findActiveEnvironmentBySystemCountryApplication(system, country, application)) {
array.put(ce);
}
response.setContentType("application/json");
response.getWriter().print(array);
}
示例15: testSafeHtml
import org.owasp.html.PolicyFactory; //导入依赖的package包/类
@Test
public static final void testSafeHtml() {
PolicyFactory f = new HtmlPolicyBuilder()
.allowElements("b")
.toFactory();
SafeHtmlMint m = SafeHtmlMint.fromPolicyFactory(f);
assertEquals("", m.sanitize("").getSafeHtmlString());
assertEquals(
"<b>foo</b>",
m.sanitize("<b onmouseover=alert(1337)>foo</b>").getSafeHtmlString());
assertEquals("I <3 HTML", m.sanitize("I <3 HTML").getSafeHtmlString());
}