public class

PolicyConfiguredXhtmlCleaner

extends Object
implements XhtmlCleaner
java.lang.Object
   ↳ com.atlassian.confluence.content.render.xhtml.PolicyConfiguredXhtmlCleaner

Class Overview

A thread safe XhtmlCleaner which is configured via a policy file classpath resource.

Summary

Public Constructors
PolicyConfiguredXhtmlCleaner(String policyResource)
Constructor that will lazily load the Transformer as it is required.
Public Methods
XhtmlCleaner.Result clean(ContentEntityObject uncleanCeo)
Clean the supplied body content markup and make it safe from security concerns.
String cleanQuietly(ContentEntityObject uncleanCeo)
Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed
String cleanQuietly(String unclean, ConversionContext context)
Clean the specified String.
String cleanStyleAttribute(String uncleanStyle)
Convert the supplied value of an HTML style attribute into a safe form if necessary.
boolean isCleanUrlAttribute(String urlValue)
Test that the supplied value of a URL type attribute (such as href) is safe for output.
[Expand]
Inherited Methods
From class java.lang.Object
From interface com.atlassian.confluence.content.render.xhtml.XhtmlCleaner

Public Constructors

public PolicyConfiguredXhtmlCleaner (String policyResource)

Constructor that will lazily load the Transformer as it is required.

Parameters
policyResource the resource file holding the security policy.

Public Methods

public XhtmlCleaner.Result clean (ContentEntityObject uncleanCeo)

Clean the supplied body content markup and make it safe from security concerns.

Parameters
uncleanCeo a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.
Returns
  • a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.

public String cleanQuietly (ContentEntityObject uncleanCeo)

Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed

Parameters
uncleanCeo a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.
Returns
  • a cleaned up version of the supplied body content

public String cleanQuietly (String unclean, ConversionContext context)

Clean the specified String.

Parameters
unclean the String to be cleaned
context The ConversionContext that applies to the provided content.
Returns
  • a cleaned version of the supplied String

public String cleanStyleAttribute (String uncleanStyle)

Convert the supplied value of an HTML style attribute into a safe form if necessary. If the result of the safety checking results in no properties remaining then it is possible that an empty String will be returned.

Parameters
uncleanStyle the style attribute value to be cleaned
Returns
  • a cleaned version of the supplied style attribute value..

public boolean isCleanUrlAttribute (String urlValue)

Test that the supplied value of a URL type attribute (such as href) is safe for output.

Returns
  • true if this attribute value can be output, otherwise false.