本文整理汇总了Java中org.owasp.validator.html.Policy类的典型用法代码示例。如果您正苦于以下问题:Java Policy类的具体用法?Java Policy怎么用?Java Policy使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
Policy类属于org.owasp.validator.html包,在下文中一共展示了Policy类的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: XSSSanitize
import org.owasp.validator.html.Policy; //导入依赖的package包/类
public static String XSSSanitize(String html, String policyString)
throws Exception {
if (html == null)
return "";
if (policyString == null)
throw new Exception("Unable to perform XSS sanitization: policyString is null");
String filename = Core.getConfiguration().getResourcesPath() + File.separator
+ "communitycommons" + File.separator + "antisamy"
+ File.separator + "antisamy-" + policyString + "-1.4.4.xml";
AntiSamy as = new AntiSamy(); // Create AntiSamy object
Policy p = Policy.getInstance(filename);
try {
CleanResults cr = as.scan(html, p, AntiSamy.SAX);
return cr.getCleanHTML();
} catch (Exception e) {
throw new Exception("Unable to perform XSS sanitization: "
+ e.getMessage(), e);
}
}
示例2: XSSSanitize
import org.owasp.validator.html.Policy; //导入依赖的package包/类
public static String XSSSanitize(String html, String policyString)
throws Exception {
if (html == null)
return "";
if (policyString == null)
throw new Exception("Unable to perform XSS sanitization: policyString is null");
String filename = Core.getConfiguration().getResourcesPath() + File.separator
+ "communitycommons" + File.separator + "antisamy"
+ File.separator + "antisamy-" + policyString + "-1.4.4.xml";
AntiSamy as = new AntiSamy(); // Create AntiSamy object
Policy p = Policy.getInstance(filename);
try {
CleanResults cr = as.scan(html, p, AntiSamy.SAX);
return cr.getCleanHTML();
} catch (Exception e) {
throw new Exception("Unable to perform XSS sanitization: "
+ e.getMessage(), e);
}
}
示例3: AntiSamyFilter
import org.owasp.validator.html.Policy; //导入依赖的package包/类
public AntiSamyFilter() {
try {
InputStream is = this.getClass().getResourceAsStream("/antisamy/antisamy-ebay.xml");
Policy policy = Policy.getInstance(is);
antiSamy = new AntiSamy(policy);
} catch (PolicyException e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
示例4: getAntiSamyPolicy
import org.owasp.validator.html.Policy; //导入依赖的package包/类
private static Policy getAntiSamyPolicy(String policyFileLocation) {
try {
URL url = new URL(null, policyFileLocation, new Handler());
return Policy.getInstance(url);
} catch (Exception e) {
throw new RuntimeException("Unable to create URL", e);
}
}
示例5: getPolicy
import org.owasp.validator.html.Policy; //导入依赖的package包/类
public static Policy getPolicy() throws PolicyException, ServiceException {
if (policy == null) {
ClassPathResource classPathResource = new ClassPathResource("/antisamy/spark-antisamy.xml");
if (classPathResource == null || !classPathResource.exists()) {
throw new ServiceException("spark-antisamy.xml is not exists!");
}
InputStream policyFile = XssClean.class.getResourceAsStream("/antisamy/spark-antisamy.xml");
if (policyFile == null) {
throw new ServiceException("spark-antisamy.xml is not exists!");
}
policy = Policy.getInstance(policyFile);
}
return policy;
}
示例6: afterPropertiesSet
import org.owasp.validator.html.Policy; //导入依赖的package包/类
public void afterPropertiesSet() throws Exception {
policy = Policy.getInstance(policyFile.getInputStream());
}
示例7: createPost
import org.owasp.validator.html.Policy; //导入依赖的package包/类
/**
* creates a new survey definition
* @param proceed
* @param surveyDefinition
* @param bindingResult
* @param uiModel
* @param httpServletRequest
* @param principal
* @return
*/
@Secured({"ROLE_ADMIN","ROLE_SURVEY_ADMIN"})
@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String createPost (@RequestParam(value = "_proceed", required = false) String proceed,
@Valid SurveyDefinition surveyDefinition,
BindingResult bindingResult,
Principal principal,
Model uiModel,
HttpServletRequest httpServletRequest){
try {
String login = principal.getName();
User user = userService.user_findByLogin(login);
//Check if the user is authorized
if(!securityService.userBelongsToDepartment(surveyDefinition.getDepartment().getId(), user) &&
!securityService.userIsAuthorizedToManageSurvey(surveyDefinition.getId(), user) ) {
log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr());
return "accessDenied";
}
if(proceed != null){
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/create";
}
if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(surveyDefinition)) {
bindingResult.rejectValue("name", "field_unique");
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/create";
}
//if(surveyDefinition.getSendAutoReminders() == true){
//bindingResult.rejectValue("autoRemindersWeeklyOccurrence", "field_unique");
// }
Policy emailTemplatePolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy emailAs = new AntiSamy();
CleanResults crEmail = emailAs.scan(surveyDefinition.getEmailInvitationTemplate(), emailTemplatePolicy);
surveyDefinition.setEmailInvitationTemplate(crEmail.getCleanHTML());
Policy completedSurveyPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy completedSurveyAs = new AntiSamy();
CleanResults crCompletedSurvey = completedSurveyAs.scan(surveyDefinition.getCompletedSurveyTemplate(), completedSurveyPolicy);
surveyDefinition.setCompletedSurveyTemplate(crCompletedSurvey.getCleanHTML());
uiModel.asMap().clear();
surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition);
return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest );
}
else{
return "redirect:/settings/surveyDefinitions";
}
}
catch (Exception e) {
log.error(e.getMessage(),e);
throw (new RuntimeException(e));
}
}
示例8: update
import org.owasp.validator.html.Policy; //导入依赖的package包/类
/**
* Updates a survey definition
* @param proceed
* @param surveyDefinition
* @param bindingResult
* @param uiModel
* @param httpServletRequest
* @param principal
* @return
*/
@Secured({"ROLE_ADMIN","ROLE_SURVEY_ADMIN"})
@RequestMapping(method = RequestMethod.PUT, produces = "text/html")
public String update(@RequestParam(value = "_proceed", required = false) String proceed,
@Valid SurveyDefinition surveyDefinition,
BindingResult bindingResult,
Principal principal,
Model uiModel,
HttpServletRequest httpServletRequest) {
try{
String login = principal.getName();
User user = userService.user_findByLogin(login);
//Check if the user is authorized
if(!securityService.userIsAuthorizedToManageSurvey(surveyDefinition.getId(), user) &&
!securityService.userBelongsToDepartment(surveyDefinition.getDepartment().getId(), user) ) {
log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr());
return "accessDenied";
}
if(proceed != null){
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/update";
}
if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(surveyDefinition)) {
bindingResult.rejectValue("name", "field_unique");
populateEditForm(uiModel, surveyDefinition, user);
return "settings/surveyDefinitions/update";
}
System.out.println("!!!!!!!!! MD: " + surveyDefinition.getAllowMultipleSubmissions() + " #################### PUB: " + surveyDefinition.getIsPublic());
Policy emailTemplatePolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy emailAs = new AntiSamy();
CleanResults crEmail = emailAs.scan(surveyDefinition.getEmailInvitationTemplate(), emailTemplatePolicy);
surveyDefinition.setEmailInvitationTemplate(crEmail.getCleanHTML());
Policy completedSurveyPolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy completedSurveyAs = new AntiSamy();
CleanResults crCompletedSurvey = completedSurveyAs.scan(surveyDefinition.getCompletedSurveyTemplate(), completedSurveyPolicy);
surveyDefinition.setCompletedSurveyTemplate(crCompletedSurvey.getCleanHTML());
uiModel.asMap().clear();
surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition);
System.out.println("!!!!!!!!! MD: " + surveyDefinition.getAllowMultipleSubmissions() + " #################### PUB: " + surveyDefinition.getIsPublic());
return "settings/surveyDefinitions/saved";
}else{
return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest);
}
} catch (Exception e) {
log.error(e.getMessage(),e);
throw (new RuntimeException(e));
}
}