Package com.atlassian.confluence.content.render.xhtml

Class PolicyConfiguredCleaner

java.lang.Object

com.atlassian.confluence.content.render.xhtml.PolicyConfiguredCleaner

All Implemented Interfaces:

RenderedContentCleaner, StorageFormatCleaner, XhtmlCleaner

public class PolicyConfiguredCleaner
extends Object
implements StorageFormatCleaner, RenderedContentCleaner, XhtmlCleaner

A thread safe xhtml/html/xml Cleaner which is configured via a policy file classpath resource.

Nested Class Summary

Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner

StorageFormatCleaner.AppliedRuleDescription, StorageFormatCleaner.Result

Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.XhtmlCleaner

XhtmlCleaner.AppliedRuleDescription, XhtmlCleaner.Result

Constructor Summary

Constructors

Constructor	Description
PolicyConfiguredCleaner(String policyResource)	Deprecated, for removal: This API element is subject to removal in a future version. since 8.6 use createRenderedContentCleaner() or createStorageFormatCleaner()

Method Summary

Modifier and Type	Method	Description
XhtmlCleaner.Result	clean(ContentEntityObject uncleanCeo)	Clean the supplied body content markup and make it safe from security concerns.
StorageFormatCleaner.Result	cleanEntity(ContentEntityObject uncleanCeo)	Clean the supplied body content markup and make it safe from security concerns.
String	cleanQuietly(ContentEntityObject uncleanCeo)	Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed
String	cleanQuietly(String unclean)	Clean the specified String.
String	cleanQuietly(String unclean, ConversionContext context)	Clean the specified String.
String	cleanStyleAttribute(String uncleanStyle)	Convert the supplied value of an HTML style attribute into a safe form if necessary.
static RenderedContentCleaner	createRenderedContentCleaner()
static PolicyConfiguredCleaner	createStorageFormatCleaner()
boolean	isCleanUrlAttribute(String urlValue)	Test that the supplied value of a URL type attribute (such as href) is safe for output.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PolicyConfiguredCleaner

@Deprecated(forRemoval=true)
public PolicyConfiguredCleaner(String policyResource)

Deprecated, for removal: This API element is subject to removal in a future version.

since 8.6 use createRenderedContentCleaner() or createStorageFormatCleaner()

Constructor that will lazily load the Transformer as it is required.

Parameters:

policyResource - the resource file holding the security policy.

Method Detail

createRenderedContentCleaner

public static RenderedContentCleaner createRenderedContentCleaner()
                                                           throws org.owasp.validator.html.PolicyException,
                                                                  IOException

Throws:

org.owasp.validator.html.PolicyException

IOException

Since:

8.6

createStorageFormatCleaner

public static PolicyConfiguredCleaner createStorageFormatCleaner()
                                                          throws org.owasp.validator.html.PolicyException,
                                                                 IOException

Throws:

org.owasp.validator.html.PolicyException

IOException

Since:

8.6

clean

public XhtmlCleaner.Result clean(ContentEntityObject uncleanCeo)

Description copied from interface: XhtmlCleaner

Clean the supplied body content markup and make it safe from security concerns.

Specified by:

clean in interface XhtmlCleaner

Parameters:

uncleanCeo - a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.

Returns:

a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.

cleanEntity

public StorageFormatCleaner.Result cleanEntity(ContentEntityObject uncleanCeo)

Description copied from interface: StorageFormatCleaner

Clean the supplied body content markup and make it safe from security concerns.

Specified by:

cleanEntity in interface StorageFormatCleaner

Parameters:

uncleanCeo - a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.

Returns:

a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.

cleanQuietly

public String cleanQuietly(ContentEntityObject uncleanCeo)

Description copied from interface: StorageFormatCleaner

Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed

Specified by:

cleanQuietly in interface StorageFormatCleaner

Specified by:

cleanQuietly in interface XhtmlCleaner

Parameters:

uncleanCeo - a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.

Returns:

a cleaned up version of the supplied body content

cleanQuietly

public String cleanQuietly(String unclean,
                           ConversionContext context)

Description copied from interface: StorageFormatCleaner

Clean the specified String.

Specified by:

cleanQuietly in interface StorageFormatCleaner

Specified by:

cleanQuietly in interface XhtmlCleaner

Parameters:

unclean - the String to be cleaned

context - The ConversionContext that applies to the provided content.

Returns:

a cleaned version of the supplied String

cleanQuietly

public String cleanQuietly(String unclean)

Description copied from interface: StorageFormatCleaner

Clean the specified String.

Specified by:

cleanQuietly in interface RenderedContentCleaner

Specified by:

cleanQuietly in interface StorageFormatCleaner

Specified by:

cleanQuietly in interface XhtmlCleaner

Parameters:

unclean - the String to be cleaned

Returns:

a cleaned version of the supplied String

cleanStyleAttribute

public String cleanStyleAttribute(String uncleanStyle)

Description copied from interface: StorageFormatCleaner

Convert the supplied value of an HTML style attribute into a safe form if necessary. If the result of the safety checking results in no properties remaining then it is possible that an empty String will be returned.

Specified by:

cleanStyleAttribute in interface RenderedContentCleaner

Specified by:

cleanStyleAttribute in interface StorageFormatCleaner

Specified by:

cleanStyleAttribute in interface XhtmlCleaner

Parameters:

uncleanStyle - the style attribute value to be cleaned

Returns:

a cleaned version of the supplied style attribute value..

isCleanUrlAttribute

public boolean isCleanUrlAttribute(String urlValue)

Description copied from interface: StorageFormatCleaner

Test that the supplied value of a URL type attribute (such as href) is safe for output.

Specified by:

isCleanUrlAttribute in interface RenderedContentCleaner

Specified by:

isCleanUrlAttribute in interface StorageFormatCleaner

Specified by:

isCleanUrlAttribute in interface XhtmlCleaner

Returns:

true if this attribute value can be output, otherwise false.