Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.confluence.servlet.download
Interface SafeContentHeaderGuesser

All Known Implementing Classes:
DefaultAttachmentSafeContentHeaderGuesser
public interface SafeContentHeaderGuesser

Computes a safe content type given an existing content type and filename.

Since:
v5.1.4

Method Summary
 java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.io.InputStream contents, java.lang.String contentType, java.lang.String name, java.lang.String userAgent, long contentLength, boolean hasXsrfToken, java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
          Returns a map of headers with their values.
 java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.lang.String contentType, java.lang.String name, java.lang.String userAgent, long contentLength, boolean hasXsrfToken, java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
          Deprecated. Since 5.5.5. Use computeAttachmentHeaders(java.io.InputStream, String, String, String, long, boolean, java.util.Map) instead.
 

Method Detail

computeAttachmentHeaders

java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.io.InputStream contents,
                                                                          java.lang.String contentType,
                                                                          java.lang.String name,
                                                                          java.lang.String userAgent,
                                                                          long contentLength,
                                                                          boolean hasXsrfToken,
                                                                          java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
                                                                          throws java.io.IOException
Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'. The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Parameters:
contents - attachment contents
contentType - the existing content-type that the attachment has.
name - the filename of the attachment
userAgent - the user agent of the client requesting the attachment
contentLength - the length of the attachment
httpQueryParams - a map of the http query parameters
Returns:
a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.
Throws:
java.io.IOException - if the attachments contents could not be read

computeAttachmentHeaders

@Deprecated
java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.lang.String contentType,
                                                                                     java.lang.String name,
                                                                                     java.lang.String userAgent,
                                                                                     long contentLength,
                                                                                     boolean hasXsrfToken,
                                                                                     java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
Deprecated. Since 5.5.5. Use computeAttachmentHeaders(java.io.InputStream, String, String, String, long, boolean, java.util.Map) instead.

Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'. The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Parameters:
contentType - the existing content-type that the attachment has.
name - the filename of the attachment
userAgent - the user agent of the client requesting the attachment
contentLength - the length of the attachment
httpQueryParams - a map of the http query parameters
Returns:
a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003-2014 Atlassian. All Rights Reserved.