com.atlassian.confluence.content.render.xhtml
Class PolicyConfiguredCleaner

java.lang.Object
  extended by com.atlassian.confluence.content.render.xhtml.PolicyConfiguredCleaner
All Implemented Interfaces:
RenderedContentCleaner, StorageFormatCleaner, XhtmlCleaner

public class PolicyConfiguredCleaner
extends Object
implements StorageFormatCleaner, RenderedContentCleaner, XhtmlCleaner

A thread safe xhtml/html/xml Cleaner which is configured via a policy file classpath resource.


Nested Class Summary
 
Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner
StorageFormatCleaner.AppliedRuleDescription, StorageFormatCleaner.Result
 
Nested classes/interfaces inherited from interface com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
XhtmlCleaner.AppliedRuleDescription, XhtmlCleaner.Result
 
Constructor Summary
PolicyConfiguredCleaner(String policyResource)
          Constructor that will lazily load the Transformer as it is required.
 
Method Summary
 XhtmlCleaner.Result clean(ContentEntityObject uncleanCeo)
          Clean the supplied body content markup and make it safe from security concerns.
 StorageFormatCleaner.Result cleanEntity(ContentEntityObject uncleanCeo)
          Clean the supplied body content markup and make it safe from security concerns.
 String cleanQuietly(ContentEntityObject uncleanCeo)
          Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed
 String cleanQuietly(String unclean)
          Clean the specified String.
 String cleanQuietly(String unclean, ConversionContext context)
          Clean the specified String.
 String cleanStyleAttribute(String uncleanStyle)
          Convert the supplied value of an HTML style attribute into a safe form if necessary.
 boolean isCleanUrlAttribute(String urlValue)
          Test that the supplied value of a URL type attribute (such as href) is safe for output.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PolicyConfiguredCleaner

public PolicyConfiguredCleaner(String policyResource)
Constructor that will lazily load the Transformer as it is required.

Parameters:
policyResource - the resource file holding the security policy.
Method Detail

clean

public XhtmlCleaner.Result clean(ContentEntityObject uncleanCeo)
Description copied from interface: XhtmlCleaner
Clean the supplied body content markup and make it safe from security concerns.

Specified by:
clean in interface XhtmlCleaner
Parameters:
uncleanCeo - a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.
Returns:
a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.

cleanEntity

public StorageFormatCleaner.Result cleanEntity(ContentEntityObject uncleanCeo)
Description copied from interface: StorageFormatCleaner
Clean the supplied body content markup and make it safe from security concerns.

Specified by:
cleanEntity in interface StorageFormatCleaner
Parameters:
uncleanCeo - a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.
Returns:
a result encapsulating the cleaned version of the supplied body content XHTML as well as a description of rules applied.

cleanQuietly

public String cleanQuietly(ContentEntityObject uncleanCeo)
Description copied from interface: StorageFormatCleaner
Clean the specified body content markup and make it safe from security concerns with out reporting any clean up performed

Specified by:
cleanQuietly in interface StorageFormatCleaner
Specified by:
cleanQuietly in interface XhtmlCleaner
Parameters:
uncleanCeo - a CEO containing the body content to be processed. The CEO is not modified, but the cleaned body content is returned.
Returns:
a cleaned up version of the supplied body content

cleanQuietly

public String cleanQuietly(String unclean,
                           ConversionContext context)
Description copied from interface: StorageFormatCleaner
Clean the specified String.

Specified by:
cleanQuietly in interface StorageFormatCleaner
Specified by:
cleanQuietly in interface XhtmlCleaner
Parameters:
unclean - the String to be cleaned
context - The ConversionContext that applies to the provided content.
Returns:
a cleaned version of the supplied String

cleanQuietly

public String cleanQuietly(String unclean)
Description copied from interface: StorageFormatCleaner
Clean the specified String.

Specified by:
cleanQuietly in interface RenderedContentCleaner
Specified by:
cleanQuietly in interface StorageFormatCleaner
Specified by:
cleanQuietly in interface XhtmlCleaner
Parameters:
unclean - the String to be cleaned
Returns:
a cleaned version of the supplied String

cleanStyleAttribute

public String cleanStyleAttribute(String uncleanStyle)
Description copied from interface: StorageFormatCleaner
Convert the supplied value of an HTML style attribute into a safe form if necessary. If the result of the safety checking results in no properties remaining then it is possible that an empty String will be returned.

Specified by:
cleanStyleAttribute in interface RenderedContentCleaner
Specified by:
cleanStyleAttribute in interface StorageFormatCleaner
Specified by:
cleanStyleAttribute in interface XhtmlCleaner
Parameters:
uncleanStyle - the style attribute value to be cleaned
Returns:
a cleaned version of the supplied style attribute value..

isCleanUrlAttribute

public boolean isCleanUrlAttribute(String urlValue)
Description copied from interface: StorageFormatCleaner
Test that the supplied value of a URL type attribute (such as href) is safe for output.

Specified by:
isCleanUrlAttribute in interface RenderedContentCleaner
Specified by:
isCleanUrlAttribute in interface StorageFormatCleaner
Specified by:
isCleanUrlAttribute in interface XhtmlCleaner
Returns:
true if this attribute value can be output, otherwise false.


Copyright © 2003–2015 Atlassian. All rights reserved.