本文整理汇总了Java中org.owasp.html.Sanitizers类的典型用法代码示例。如果您正苦于以下问题:Java Sanitizers类的具体用法?Java Sanitizers怎么用?Java Sanitizers使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Sanitizers类属于org.owasp.html包,在下文中一共展示了Sanitizers类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doPost
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
testBatteryService = appContext.getBean(ITestBatteryService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String pk = policy.sanitize(request.getParameter("id"));
String name = policy.sanitize(request.getParameter("columnName"));
String value = policy.sanitize(request.getParameter("value"));
response.setContentType("text/html");
try {
TestBattery testBattery = testBatteryService.findTestBatteryByKey(Integer.parseInt(pk));
if (name != null && "Description".equals(name.trim())) {
testBattery.setDescription(value);
} else if (name != null && "TestBattery".equals(name.trim())) {
testBattery.setTestbattery(value);
} else {
throw new CerberusException(new MessageGeneral(MessageGeneralEnum.NOT_IMPLEMEMTED));
}
testBatteryService.updateTestBattery(testBattery);
response.getWriter().print(value);
} catch (CerberusException ex) {
response.getWriter().print(ex.getMessageError().getDescription());
}
}
示例2: renderContentAsText
import org.owasp.html.Sanitizers; //导入依赖的package包/类
public static String renderContentAsText(LocalDispatcher dispatcher, Delegator delegator, String contentId, Map<String, Object> templateContext,
Locale locale, String mimeTypeId, boolean cache) throws GeneralException, IOException {
Writer writer = new StringWriter();
renderContentAsText(dispatcher, delegator, contentId, writer, templateContext, locale, mimeTypeId, null, null, cache);
String rendered = writer.toString();
// According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
// Normally head should be protected by X-XSS-Protection Response Header by default
if (EntityUtilProperties.propertyValueEqualsIgnoreCase("content.properties", "content.sanitize", "true", delegator)
&& (rendered.contains("<script>")
|| rendered.contains("<!--")
|| rendered.contains("<div")
|| rendered.contains("<style>")
|| rendered.contains("<span")
|| rendered.contains("<input")
|| rendered.contains("<input")
|| rendered.contains("<iframe")
|| rendered.contains("<a"))) {
PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.LINKS).and(Sanitizers.STYLES);
rendered = sanitizer.sanitize(rendered);
}
return rendered;
}
示例3: sanitizer
import org.owasp.html.Sanitizers; //导入依赖的package包/类
public static PolicyFactory sanitizer() {
if (sanitizer == null) {
sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.STYLES);
PolicyFactory html = new HtmlPolicyBuilder()
.allowElements("table", "tr", "td", "thead", "tbody", "th", "font", "button", "input", "select", "option", "video", "audio")
.allowAttributes("class").globally()
.allowAttributes("color").globally()
.allowAttributes("bgcolor").globally()
.allowAttributes("align").globally()
.allowAttributes("target").globally()
.allowAttributes("value").globally()
.allowAttributes("name").globally()
.allowAttributes("controls").globally()
.allowAttributes("src").globally()
.allowAttributes("autoplay").globally()
.allowAttributes("muted").globally()
.allowAttributes("loop").globally()
.allowAttributes("poster").globally()
.allowUrlProtocols("http", "https", "mailto", "chat").allowElements("a")
.allowAttributes("href").onElements("a").requireRelNofollowOnLinks()
.toFactory();
sanitizer = sanitizer.and(html);
}
return sanitizer;
}
示例4: doPost
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseStepActionExecutionService testCaseExecutionDetailService = appContext.getBean(ITestCaseStepActionExecutionService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
String testcase = policy.sanitize(httpServletRequest.getParameter("testcase"));
String country = policy.sanitize(httpServletRequest.getParameter("country"));
JSONArray data = testCaseExecutionDetailService.lastActionExecutionDuration(test, testcase, country);
try {
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(data.toString());
} catch (Exception e) {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(e.getMessage());
}
}
示例5: doGet
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IDocumentationService docService = appContext.getBean(IDocumentationService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String result = "";
String docTable = policy.sanitize(httpServletRequest.getParameter("docTable"));
String docField = policy.sanitize(httpServletRequest.getParameter("docField"));
String docLabel = policy.sanitize(httpServletRequest.getParameter("docLabel"));
String lang = ParameterParserUtil.parseStringParamAndSanitize(httpServletRequest.getParameter("lang"), "en");
result = docService.findLabelHTML(docTable, docField, docLabel, lang);
try {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(result);
} catch (Exception exception) {
LOG.warn(exception.toString());
}
}
示例6: doGet
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse response) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IDocumentationService docService = appContext.getBean(IDocumentationService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
JSONObject jsonResponse = new JSONObject();
List<Documentation> result = new ArrayList<Documentation>();
JSONObject format = new JSONObject();
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
String lang = ParameterParserUtil.parseStringParamAndSanitize(httpServletRequest.getParameter("lang"), "en");
result = docService.findAllWithEmptyDocLabel(lang);
format = docService.formatGroupByDocTable(result);
try {
jsonResponse.put("labelTable", format);
} catch (JSONException ex) {
LOG.warn(ex);
}
response.getWriter().print(jsonResponse.toString());
}
示例7: doPost
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
testBatteryService = appContext.getBean(ITestBatteryService.class);
factoryTestBattery = appContext.getBean(IFactoryTestBattery.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testbattery = policy.sanitize(request.getParameter("TestBattery"));
String description = policy.sanitize(request.getParameter("Description"));
response.setContentType("text/html");
testBatteryService.createTestBattery(factoryTestBattery.create(null, testbattery, description));
String newTestBatteryId = String.valueOf(testBatteryService.findTestBatteryByTestBatteryName(testbattery).getTestbatteryID());
response.getWriter().append(newTestBatteryId).close();
} catch (CerberusException ex) {
LOG.warn(ex);
response.getWriter().append("-1").close();
}
}
示例8: processRequest
import org.owasp.html.Sanitizers; //导入依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String system = policy.sanitize(request.getParameter("system"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (String test : testService.findTestWithTestCaseActiveAutomatedBySystem(system)) {
array.put(test);
}
try {
jsonObject.put("testsList", array);
response.setContentType("application/json");
response.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例9: doGet
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testName = policy.sanitize(httpServletRequest.getParameter("test"));
String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseCountryService testCaseCountryService = appContext.getBean(ITestCaseCountryService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (String country : testCaseCountryService.findListOfCountryByTestTestCase(testName, testCaseName)) {
array.put(country);
}
try {
jsonObject.put("countriesList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例10: doGet
import org.owasp.html.Sanitizers; //导入依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (TestCase testcase : testService.findTestCaseByTest(test)) {
array.put(testcase.getTestCase());
}
try {
jsonObject.put("testcasesList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例11: processRequest
import org.owasp.html.Sanitizers; //导入依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
* @throws org.json.JSONException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, CerberusException, JSONException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String application = policy.sanitize(request.getParameter("application"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ICountryEnvParamService ceService = appContext.getBean(ICountryEnvParamService.class);
JSONArray array = new JSONArray();
for (JSONObject ce : ceService.findActiveEnvironmentBySystemCountryApplication(system, country, application)) {
array.put(ce);
}
response.setContentType("application/json");
response.getWriter().print(array);
}
示例12: main
import org.owasp.html.Sanitizers; //导入依赖的package包/类
public static void main(String[] argv) {
SafeHtmlMint mint = SafeHtmlMint.fromPolicyFactory(
Sanitizers.FORMATTING.and(Sanitizers.BLOCKS));
for (String arg : argv) {
SafeHtml html = mint.sanitize(arg);
System.out.println(html.getSafeHtmlString());
}
}
示例13: createPolicy
import org.owasp.html.Sanitizers; //导入依赖的package包/类
HtmlSanitizer.Policy createPolicy(ImageAwareHtmlRenderer htmlRenderer) {
return Sanitizers.FORMATTING
.and(LINKS)
.and(IFRAME)
.and(Sanitizers.IMAGES)
.apply(htmlRenderer);
}
示例14: sanitize
import org.owasp.html.Sanitizers; //导入依赖的package包/类
public String sanitize(String text) {
// Telegram does not support <br> but does support new lines.
text = text.replace("<br/>", "\n");
text = text.replace("<br>", "\n");
text = text.replace("</br>", "");
text = text.replace("<p/>", "\n");
text = text.replace("<p>", "\n");
text = text.replace("</p>", "");
text = text.replace("<li>", "\n");
text = text.replace("</li>", "");
text = text.replace("<ul>", "");
text = text.replace("</ul>", "\n");
text = text.replace("<ol>", "");
text = text.replace("</ol>", "\n");
if (sanitizer == null) {
sanitizer = new HtmlPolicyBuilder().allowElements(
"b", "i", "strong", "code", "em", "pre").toFactory().and(Sanitizers.LINKS);
}
String result = sanitizer.sanitize(text);
if (result.contains("&")) {
// The sanitizer is too aggressive and escaping some chars.
//result = result.replace(""", "\"");
result = result.replace("`", "`");
//result = result.replace("'", "'");
result = result.replace("@", "@");
result = result.replace("=", "=");
result = result.replace("+", "+");
result = result.replace("&", "&");
}
return result;
}
示例15: processRequest
import org.owasp.html.Sanitizers; //导入依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, CerberusException, JSONException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String idName = policy.sanitize(request.getParameter("idName"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
IInvariantService invariantService = appContext.getBean(InvariantService.class);
JSONArray array = new JSONArray();
AnswerList answer = invariantService.readByIdname(idName); //TODO: handle if the response does not turn ok
for (Invariant myInvariant : (List<Invariant>) answer.getDataList()) {
JSONObject jsonObject = new JSONObject();
jsonObject.put("value", myInvariant.getValue());
jsonObject.put("description", myInvariant.getDescription());
array.put(jsonObject);
}
response.getWriter().print(array.toString());
}