Class PolicyConfiguredCleaner
java.lang.Object
com.atlassian.confluence.content.render.xhtml.PolicyConfiguredCleaner
- All Implemented Interfaces:
RenderedContentCleaner
,StorageFormatCleaner
,XhtmlCleaner
public class PolicyConfiguredCleaner
extends Object
implements StorageFormatCleaner, RenderedContentCleaner, XhtmlCleaner
A thread safe xhtml/html/xml Cleaner which is configured via a policy file classpath resource.
-
Nested Class Summary
Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner
StorageFormatCleaner.AppliedRuleDescription, StorageFormatCleaner.Result
Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
XhtmlCleaner.AppliedRuleDescription, XhtmlCleaner.Result
-
Constructor Summary
ConstructorDescriptionPolicyConfiguredCleaner
(String policyResource) Deprecated, for removal: This API element is subject to removal in a future version. -
Method Summary
Modifier and TypeMethodDescriptionclean
(ContentEntityObject uncleanCeo) Clean the supplied body content markup and make it safe from security concerns.cleanEntity
(ContentEntityObject uncleanCeo) Clean the supplied body content markup and make it safe from security concerns.cleanQuietly
(ContentEntityObject uncleanCeo) Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performedcleanQuietly
(String unclean) Clean the specified String.cleanQuietly
(String unclean, ConversionContext context) Clean the specified String.cleanStyleAttribute
(String uncleanStyle) Convert the supplied value of an HTML style attribute into a safe form if necessary.static RenderedContentCleaner
static PolicyConfiguredCleaner
boolean
isCleanUrlAttribute
(String urlValue) Test that the supplied value of a URL type attribute (such as href) is safe for output.
-
Constructor Details
-
PolicyConfiguredCleaner
Deprecated, for removal: This API element is subject to removal in a future version.since 8.6 usecreateRenderedContentCleaner()
orcreateStorageFormatCleaner()
Constructor that will lazily load the Transformer as it is required.- Parameters:
policyResource
- the resource file holding the security policy.
-
-
Method Details
-
createRenderedContentCleaner
public static RenderedContentCleaner createRenderedContentCleaner() throws org.owasp.validator.html.PolicyException, IOException- Throws:
org.owasp.validator.html.PolicyException
IOException
- Since:
- 8.6
-
createStorageFormatCleaner
public static PolicyConfiguredCleaner createStorageFormatCleaner() throws org.owasp.validator.html.PolicyException, IOException- Throws:
org.owasp.validator.html.PolicyException
IOException
- Since:
- 8.6
-
clean
Description copied from interface:XhtmlCleaner
Clean the supplied body content markup and make it safe from security concerns.- Specified by:
clean
in interfaceXhtmlCleaner
- Parameters:
uncleanCeo
- a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.- Returns:
- a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.
-
cleanEntity
Description copied from interface:StorageFormatCleaner
Clean the supplied body content markup and make it safe from security concerns.- Specified by:
cleanEntity
in interfaceStorageFormatCleaner
- Parameters:
uncleanCeo
- a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.- Returns:
- a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.
-
cleanQuietly
Description copied from interface:StorageFormatCleaner
Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed- Specified by:
cleanQuietly
in interfaceStorageFormatCleaner
- Specified by:
cleanQuietly
in interfaceXhtmlCleaner
- Parameters:
uncleanCeo
- a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.- Returns:
- a cleaned up version of the supplied body content
-
cleanQuietly
Description copied from interface:StorageFormatCleaner
Clean the specified String.- Specified by:
cleanQuietly
in interfaceStorageFormatCleaner
- Specified by:
cleanQuietly
in interfaceXhtmlCleaner
- Parameters:
unclean
- the String to be cleanedcontext
- The ConversionContext that applies to the provided content.- Returns:
- a cleaned version of the supplied String
-
cleanQuietly
Description copied from interface:StorageFormatCleaner
Clean the specified String.- Specified by:
cleanQuietly
in interfaceRenderedContentCleaner
- Specified by:
cleanQuietly
in interfaceStorageFormatCleaner
- Specified by:
cleanQuietly
in interfaceXhtmlCleaner
- Parameters:
unclean
- the String to be cleaned- Returns:
- a cleaned version of the supplied String
-
cleanStyleAttribute
Description copied from interface:StorageFormatCleaner
Convert the supplied value of an HTML style attribute into a safe form if necessary. If the result of the safety checking results in no properties remaining then it is possible that an empty String will be returned.- Specified by:
cleanStyleAttribute
in interfaceRenderedContentCleaner
- Specified by:
cleanStyleAttribute
in interfaceStorageFormatCleaner
- Specified by:
cleanStyleAttribute
in interfaceXhtmlCleaner
- Parameters:
uncleanStyle
- the style attribute value to be cleaned- Returns:
- a cleaned version of the supplied style attribute value..
-
isCleanUrlAttribute
Description copied from interface:StorageFormatCleaner
Test that the supplied value of a URL type attribute (such as href) is safe for output.- Specified by:
isCleanUrlAttribute
in interfaceRenderedContentCleaner
- Specified by:
isCleanUrlAttribute
in interfaceStorageFormatCleaner
- Specified by:
isCleanUrlAttribute
in interfaceXhtmlCleaner
- Returns:
- true if this attribute value can be output, otherwise false.
-
createRenderedContentCleaner()
orcreateStorageFormatCleaner()