com.atlassian.confluence.servlet.download
Interface SafeContentHeaderGuesser

All Known Implementing Classes:
DefaultAttachmentSafeContentHeaderGuesser

public interface SafeContentHeaderGuesser

Computes a safe content type given an existing content type and filename.

Since:
v5.1.4

Method Summary
 Map<String,String> computeAttachmentHeaders(InputStream contents, String contentType, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String> httpQueryParams)
          Returns a map of headers with their values.
 Map<String,String> computeAttachmentHeaders(String contentType, String name, String userAgent, long contentLength, boolean hasXsrfToken, Map<String,String> httpQueryParams)
          Deprecated. Since 5.5.5. Use computeAttachmentHeaders(java.io.InputStream, String, String, String, long, boolean, java.util.Map) instead.
 

Method Detail

computeAttachmentHeaders

Map<String,String> computeAttachmentHeaders(InputStream contents,
                                            String contentType,
                                            String name,
                                            String userAgent,
                                            long contentLength,
                                            boolean hasXsrfToken,
                                            Map<String,String> httpQueryParams)
                                            throws IOException
Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'. The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Parameters:
contents - attachment contents
contentType - the existing content-type that the attachment has.
name - the filename of the attachment
userAgent - the user agent of the client requesting the attachment
contentLength - the length of the attachment
httpQueryParams - a map of the http query parameters
Returns:
a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.
Throws:
IOException - if the attachments contents could not be read

computeAttachmentHeaders

@Deprecated
Map<String,String> computeAttachmentHeaders(String contentType,
                                                       String name,
                                                       String userAgent,
                                                       long contentLength,
                                                       boolean hasXsrfToken,
                                                       Map<String,String> httpQueryParams)
Deprecated. Since 5.5.5. Use computeAttachmentHeaders(java.io.InputStream, String, String, String, long, boolean, java.util.Map) instead.

Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'. The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Parameters:
contentType - the existing content-type that the attachment has.
name - the filename of the attachment
userAgent - the user agent of the client requesting the attachment
contentLength - the length of the attachment
httpQueryParams - a map of the http query parameters
Returns:
a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.


Copyright © 2003–2015 Atlassian. All rights reserved.