Class PolicyConfiguredCleaner
java.lang.Object
com.atlassian.confluence.content.render.xhtml.PolicyConfiguredCleaner
- All Implemented Interfaces:
RenderedContentCleaner,StorageFormatCleaner,XhtmlCleaner
public class PolicyConfiguredCleaner
extends Object
implements StorageFormatCleaner, RenderedContentCleaner, XhtmlCleaner
A thread safe xhtml/html/xml Cleaner which is configured via a policy file classpath resource.
-
Nested Class Summary
Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner
StorageFormatCleaner.AppliedRuleDescription, StorageFormatCleaner.ResultNested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
XhtmlCleaner.AppliedRuleDescription, XhtmlCleaner.Result -
Constructor Summary
ConstructorsConstructorDescriptionPolicyConfiguredCleaner(String policyResource) Deprecated, for removal: This API element is subject to removal in a future version. -
Method Summary
Modifier and TypeMethodDescriptionclean(ContentEntityObject uncleanCeo) Clean the supplied body content markup and make it safe from security concerns.cleanEntity(ContentEntityObject uncleanCeo) Clean the supplied body content markup and make it safe from security concerns.cleanQuietly(ContentEntityObject uncleanCeo) Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performedcleanQuietly(String unclean) Clean the specified String.cleanQuietly(String unclean, ConversionContext context) Clean the specified String.cleanStyleAttribute(String uncleanStyle) Convert the supplied value of an HTML style attribute into a safe form if necessary.static RenderedContentCleanerstatic PolicyConfiguredCleanerbooleanisCleanUrlAttribute(String urlValue) Test that the supplied value of a URL type attribute (such as href) is safe for output.
-
Constructor Details
-
PolicyConfiguredCleaner
Deprecated, for removal: This API element is subject to removal in a future version.since 8.6 usecreateRenderedContentCleaner()orcreateStorageFormatCleaner()Constructor that will lazily load the Transformer as it is required.- Parameters:
policyResource- the resource file holding the security policy.
-
-
Method Details
-
createRenderedContentCleaner
public static RenderedContentCleaner createRenderedContentCleaner() throws org.owasp.validator.html.PolicyException, IOException- Throws:
org.owasp.validator.html.PolicyExceptionIOException- Since:
- 8.6
-
createStorageFormatCleaner
public static PolicyConfiguredCleaner createStorageFormatCleaner() throws org.owasp.validator.html.PolicyException, IOException- Throws:
org.owasp.validator.html.PolicyExceptionIOException- Since:
- 8.6
-
clean
Description copied from interface:XhtmlCleanerClean the supplied body content markup and make it safe from security concerns.- Specified by:
cleanin interfaceXhtmlCleaner- Parameters:
uncleanCeo- a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.- Returns:
- a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.
-
cleanEntity
Description copied from interface:StorageFormatCleanerClean the supplied body content markup and make it safe from security concerns.- Specified by:
cleanEntityin interfaceStorageFormatCleaner- Parameters:
uncleanCeo- a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.- Returns:
- a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.
-
cleanQuietly
Description copied from interface:StorageFormatCleanerClean the specified body content markup and make it safe from security concerns with out reporting any clean up performed- Specified by:
cleanQuietlyin interfaceStorageFormatCleaner- Specified by:
cleanQuietlyin interfaceXhtmlCleaner- Parameters:
uncleanCeo- a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.- Returns:
- a cleaned up version of the supplied body content
-
cleanQuietly
Description copied from interface:StorageFormatCleanerClean the specified String.- Specified by:
cleanQuietlyin interfaceStorageFormatCleaner- Specified by:
cleanQuietlyin interfaceXhtmlCleaner- Parameters:
unclean- the String to be cleanedcontext- The ConversionContext that applies to the provided content.- Returns:
- a cleaned version of the supplied String
-
cleanQuietly
Description copied from interface:StorageFormatCleanerClean the specified String.- Specified by:
cleanQuietlyin interfaceRenderedContentCleaner- Specified by:
cleanQuietlyin interfaceStorageFormatCleaner- Specified by:
cleanQuietlyin interfaceXhtmlCleaner- Parameters:
unclean- the String to be cleaned- Returns:
- a cleaned version of the supplied String
-
cleanStyleAttribute
Description copied from interface:StorageFormatCleanerConvert the supplied value of an HTML style attribute into a safe form if necessary. If the result of the safety checking results in no properties remaining then it is possible that an empty String will be returned.- Specified by:
cleanStyleAttributein interfaceRenderedContentCleaner- Specified by:
cleanStyleAttributein interfaceStorageFormatCleaner- Specified by:
cleanStyleAttributein interfaceXhtmlCleaner- Parameters:
uncleanStyle- the style attribute value to be cleaned- Returns:
- a cleaned version of the supplied style attribute value..
-
isCleanUrlAttribute
Description copied from interface:StorageFormatCleanerTest that the supplied value of a URL type attribute (such as href) is safe for output.- Specified by:
isCleanUrlAttributein interfaceRenderedContentCleaner- Specified by:
isCleanUrlAttributein interfaceStorageFormatCleaner- Specified by:
isCleanUrlAttributein interfaceXhtmlCleaner- Returns:
- true if this attribute value can be output, otherwise false.
-
createRenderedContentCleaner()orcreateStorageFormatCleaner()