com.atlassian.confluence.servlet.download
Class DefaultAttachmentSafeContentHeaderGuesser
java.lang.Object
com.atlassian.confluence.servlet.download.DefaultAttachmentSafeContentHeaderGuesser
- All Implemented Interfaces:
- SafeContentHeaderGuesser
public class DefaultAttachmentSafeContentHeaderGuesser
- extends java.lang.Object
- implements SafeContentHeaderGuesser
Method Summary |
java.util.Map<java.lang.String,java.lang.String> |
computeAttachmentHeaders(java.io.InputStream contents,
java.lang.String contentType,
java.lang.String name,
java.lang.String userAgent,
long contentLength,
boolean hasXsrfToken,
java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
Returns a map of headers with their values. |
java.util.Map<java.lang.String,java.lang.String> |
computeAttachmentHeaders(java.lang.String contentType,
java.lang.String name,
java.lang.String userAgent,
long contentLength,
boolean hasXsrfToken,
java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
Deprecated. |
void |
setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)
|
void |
setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DefaultAttachmentSafeContentHeaderGuesser
public DefaultAttachmentSafeContentHeaderGuesser()
computeAttachmentHeaders
public java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.io.InputStream contents,
java.lang.String contentType,
java.lang.String name,
java.lang.String userAgent,
long contentLength,
boolean hasXsrfToken,
java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
throws java.io.IOException
- Description copied from interface:
SafeContentHeaderGuesser
- Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.
The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that
it is difficult to perform xss using attachments.
- Specified by:
computeAttachmentHeaders
in interface SafeContentHeaderGuesser
- Parameters:
contents
- attachment contentscontentType
- the existing content-type that the attachment has.name
- the filename of the attachmentuserAgent
- the user agent of the client requesting the attachmentcontentLength
- the length of the attachmenthttpQueryParams
- a map of the http query parameters
- Returns:
- a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.
- Throws:
java.io.IOException
- if the attachments contents could not be read
computeAttachmentHeaders
@Deprecated
public java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.lang.String contentType,
java.lang.String name,
java.lang.String userAgent,
long contentLength,
boolean hasXsrfToken,
java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
- Deprecated.
- Description copied from interface:
SafeContentHeaderGuesser
- Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'.
The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that
it is difficult to perform xss using attachments.
- Specified by:
computeAttachmentHeaders
in interface SafeContentHeaderGuesser
- Parameters:
contentType
- the existing content-type that the attachment has.name
- the filename of the attachmentuserAgent
- the user agent of the client requesting the attachmentcontentLength
- the length of the attachmenthttpQueryParams
- a map of the http query parameters
- Returns:
- a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.
setMimeTypeTranslator
public void setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)
setContentTypeAndDispositionHeaderBlacklist
public void setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)
Copyright © 2003-2014 Atlassian. All Rights Reserved.