com.atlassian.confluence.servlet.download

Interface SafeContentHeaderGuesser

All Known Implementing Classes:

DefaultAttachmentSafeContentHeaderGuesser

public interface SafeContentHeaderGuesser

Computes a safe content type given an existing content type and filename.

Since:

5.1.4

Method Summary

Modifier and Type	Method and Description
Map<String,String>	computeAttachmentHeaders(String contentType, InputStream contents, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String[]> httpQueryParams) Returns a map of headers with their values.

Method Detail

computeAttachmentHeaders

Map<String,String> computeAttachmentHeaders(String contentType,
                                            InputStream contents,
                                            String name,
                                            String userAgent,
                                            long contentLength,
                                            boolean hasXsrfToken,
                                            Map<String,String[]> httpQueryParams)
                                     throws IOException

Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.

The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Parameters:

contentType - the existing content-type that the attachment has.

contents - attachment contents

name - the filename of the attachment

userAgent - the user agent of the client requesting the attachment

contentLength - the length of the attachment

httpQueryParams - a map of the http query parameters

Returns:

a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.

Throws:

IOException - if the attachments contents could not be read