public class DefaultAttachmentSafeContentHeaderGuesser extends Object implements SafeContentHeaderGuesser
Constructor and Description |
---|
DefaultAttachmentSafeContentHeaderGuesser() |
Modifier and Type | Method and Description |
---|---|
Map<String,String> |
computeAttachmentHeaders(String contentType,
InputStream contents,
String name,
String userAgent,
long contentLength,
boolean hasXsrfToken,
Map<String,String[]> httpQueryParams)
Returns a map of headers with their values.
|
void |
setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist) |
void |
setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator) |
public DefaultAttachmentSafeContentHeaderGuesser()
public Map<String,String> computeAttachmentHeaders(String contentType, InputStream contents, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String[]> httpQueryParams) throws IOException
SafeContentHeaderGuesser
The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.
computeAttachmentHeaders
in interface SafeContentHeaderGuesser
contentType
- the existing content-type that the attachment has.contents
- attachment contentsname
- the filename of the attachmentuserAgent
- the user agent of the client requesting the attachmentcontentLength
- the length of the attachmenthttpQueryParams
- a map of the http query parametersIOException
- if the attachments contents could not be readpublic void setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)
public void setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)
Copyright © 2003–2020 Atlassian. All rights reserved.