本文整理汇总了Java中org.owasp.validator.html.AntiSamy类的典型用法代码示例。如果您正苦于以下问题:Java AntiSamy类的具体用法?Java AntiSamy怎么用?Java AntiSamy使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
AntiSamy类属于org.owasp.validator.html包,在下文中一共展示了AntiSamy类的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: XSSSanitize
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
public static String XSSSanitize(String html, String policyString)
throws Exception {
if (html == null)
return "";
if (policyString == null)
throw new Exception("Unable to perform XSS sanitization: policyString is null");
String filename = Core.getConfiguration().getResourcesPath() + File.separator
+ "communitycommons" + File.separator + "antisamy"
+ File.separator + "antisamy-" + policyString + "-1.4.4.xml";
AntiSamy as = new AntiSamy(); // Create AntiSamy object
Policy p = Policy.getInstance(filename);
try {
CleanResults cr = as.scan(html, p, AntiSamy.SAX);
return cr.getCleanHTML();
} catch (Exception e) {
throw new Exception("Unable to perform XSS sanitization: "
+ e.getMessage(), e);
}
}
示例2: filterString
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
/**
* @param potentiallyDirtyParameter string to be cleaned
* @return a clean version of the same string
*/
private String filterString(String potentiallyDirtyParameter) {
if (potentiallyDirtyParameter == null) {
return null;
}
try {
CleanResults cr = antiSamy.scan(potentiallyDirtyParameter, AntiSamy.DOM);
if (cr.getNumberOfErrors() > 0) {
log.warn("antisamy encountered problem with input: " + cr.getErrorMessages());
}
String str = StringEscapeUtils.unescapeHtml(cr.getCleanHTML());
str = str.replaceAll((antiSamy.scan(" ",AntiSamy.DOM)).getCleanHTML(),"");
return str;
} catch (Exception e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
示例3: XSSSanitize
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
public static String XSSSanitize(String html, String policyString)
throws Exception {
if (html == null)
return "";
if (policyString == null)
throw new Exception("Unable to perform XSS sanitization: policyString is null");
String filename = Core.getConfiguration().getResourcesPath() + File.separator
+ "communitycommons" + File.separator + "antisamy"
+ File.separator + "antisamy-" + policyString + "-1.4.4.xml";
AntiSamy as = new AntiSamy(); // Create AntiSamy object
Policy p = Policy.getInstance(filename);
try {
CleanResults cr = as.scan(html, p, AntiSamy.SAX);
return cr.getCleanHTML();
} catch (Exception e) {
throw new Exception("Unable to perform XSS sanitization: "
+ e.getMessage(), e);
}
}
示例4: AntiSamyFilter
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
public AntiSamyFilter() {
try {
InputStream is = this.getClass().getResourceAsStream("/antisamy/antisamy-ebay.xml");
Policy policy = Policy.getInstance(is);
antiSamy = new AntiSamy(policy);
} catch (PolicyException e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
示例5: CleanServletRequest
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
private CleanServletRequest(HttpServletRequest request, AntiSamy antiSamy) {
super(request);
this.antiSamy = antiSamy;
}
示例6: createPost
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
/**
* creates a new survey definition
* @param proceed
* @param surveyDefinition
* @param bindingResult
* @param uiModel
* @param httpServletRequest
* @param principal
* @return
*/
@Secured({"ROLE_ADMIN","ROLE_SURVEY_ADMIN"})
@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String createPost (@RequestParam(value = "_proceed", required = false) String proceed,
@Valid SurveyDefinition surveyDefinition,
BindingResult bindingResult,
Principal principal,
Model uiModel,
HttpServletRequest httpServletRequest){
try {
String login = principal.getName();
User user = userService.user_findByLogin(login);
//Check if the user is authorized
if(!securityService.userBelongsToDepartment(surveyDefinition.getDepartment().getId(), user) &&
!securityService.userIsAuthorizedToManageSurvey(surveyDefinition.getId(), user) ) {
log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr());
return "accessDenied";
}
if(proceed != null){
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/create";
}
if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(surveyDefinition)) {
bindingResult.rejectValue("name", "field_unique");
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/create";
}
//if(surveyDefinition.getSendAutoReminders() == true){
//bindingResult.rejectValue("autoRemindersWeeklyOccurrence", "field_unique");
// }
Policy emailTemplatePolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy emailAs = new AntiSamy();
CleanResults crEmail = emailAs.scan(surveyDefinition.getEmailInvitationTemplate(), emailTemplatePolicy);
surveyDefinition.setEmailInvitationTemplate(crEmail.getCleanHTML());
Policy completedSurveyPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy completedSurveyAs = new AntiSamy();
CleanResults crCompletedSurvey = completedSurveyAs.scan(surveyDefinition.getCompletedSurveyTemplate(), completedSurveyPolicy);
surveyDefinition.setCompletedSurveyTemplate(crCompletedSurvey.getCleanHTML());
uiModel.asMap().clear();
surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition);
return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest );
}
else{
return "redirect:/settings/surveyDefinitions";
}
}
catch (Exception e) {
log.error(e.getMessage(),e);
throw (new RuntimeException(e));
}
}
示例7: update
import org.owasp.validator.html.AntiSamy; //导入依赖的package包/类
/**
* Updates a survey definition
* @param proceed
* @param surveyDefinition
* @param bindingResult
* @param uiModel
* @param httpServletRequest
* @param principal
* @return
*/
@Secured({"ROLE_ADMIN","ROLE_SURVEY_ADMIN"})
@RequestMapping(method = RequestMethod.PUT, produces = "text/html")
public String update(@RequestParam(value = "_proceed", required = false) String proceed,
@Valid SurveyDefinition surveyDefinition,
BindingResult bindingResult,
Principal principal,
Model uiModel,
HttpServletRequest httpServletRequest) {
try{
String login = principal.getName();
User user = userService.user_findByLogin(login);
//Check if the user is authorized
if(!securityService.userIsAuthorizedToManageSurvey(surveyDefinition.getId(), user) &&
!securityService.userBelongsToDepartment(surveyDefinition.getDepartment().getId(), user) ) {
log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr());
return "accessDenied";
}
if(proceed != null){
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/update";
}
if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(surveyDefinition)) {
bindingResult.rejectValue("name", "field_unique");
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/update";
}
System.out.println("!!!!!!!!! MD: " + surveyDefinition.getAllowMultipleSubmissions() + " #################### PUB: " + surveyDefinition.getIsPublic());
Policy emailTemplatePolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy emailAs = new AntiSamy();
CleanResults crEmail = emailAs.scan(surveyDefinition.getEmailInvitationTemplate(), emailTemplatePolicy);
surveyDefinition.setEmailInvitationTemplate(crEmail.getCleanHTML());
Policy completedSurveyPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy completedSurveyAs = new AntiSamy();
CleanResults crCompletedSurvey = completedSurveyAs.scan(surveyDefinition.getCompletedSurveyTemplate(), completedSurveyPolicy);
surveyDefinition.setCompletedSurveyTemplate(crCompletedSurvey.getCleanHTML());
uiModel.asMap().clear();
surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition);
System.out.println("!!!!!!!!! MD: " + surveyDefinition.getAllowMultipleSubmissions() + " #################### PUB: " + surveyDefinition.getIsPublic());
return "settings/surveyDefinitions/saved";
}else{
return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest);
}
} catch (Exception e) {
log.error(e.getMessage(),e);
throw (new RuntimeException(e));
}
}