com.atlassian.confluence.servlet.download
Class DefaultAttachmentSafeContentHeaderGuesser
java.lang.Object
com.atlassian.confluence.servlet.download.DefaultAttachmentSafeContentHeaderGuesser
- All Implemented Interfaces:
- SafeContentHeaderGuesser
public class DefaultAttachmentSafeContentHeaderGuesser
- extends java.lang.Object
- implements SafeContentHeaderGuesser
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DefaultAttachmentSafeContentHeaderGuesser
public DefaultAttachmentSafeContentHeaderGuesser()
computeAttachmentHeaders
public java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.lang.String contentType,
java.lang.String name,
java.lang.String userAgent,
long contentLength,
boolean hasXsrfToken,
java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
- Description copied from interface:
SafeContentHeaderGuesser
- Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.
The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that
it is difficult to perform xss using attachments.
- Specified by:
computeAttachmentHeaders
in interface SafeContentHeaderGuesser
- Parameters:
contentType
- the existing content-type that the attachment has.name
- the filename of the attachmentuserAgent
- the user agent of the client requesting the attachmentcontentLength
- the length of the attachmenthttpQueryParams
- a map of the http query parameters
- Returns:
- a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.
setMimeTypeTranslator
public void setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)
setContentTypeAndDispositionHeaderBlacklist
public void setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)
Copyright © 2003-2014 Atlassian. All Rights Reserved.