org.owasp.validator.html
Class Policy

java.lang.Object
  org.owasp.validator.html.Policy

public class Policy
extends java.lang.Object

Policy.java This file holds the model for our policy engine.

Author:

Arshan Dabirsiaghi

Field Summary

static java.lang.String	ACTION_FILTER
static java.lang.String	ACTION_TRUNCATE
static java.lang.String	ACTION_VALIDATE
static java.lang.String	ANCHORS_NOFOLLOW
static java.util.regex.Pattern	ANYTHING_REGEXP
static java.lang.String	CONNECTION_TIMEOUT
static int	DEFAULT_MAX_INPUT_SIZE
static int	DEFAULT_MAX_STYLESHEET_IMPORTS
static java.lang.String	EMBED_STYLESHEETS
static java.lang.String	ENCODE_TAGS
static java.lang.String	FORMAT_OUTPUT
static java.lang.String	MAX_INPUT_SIZE
static java.lang.String	OMIT_DOCTYPE_DECLARATION
static java.lang.String	OMIT_XML_DECLARATION
static java.lang.String	PRESERVE_COMMENTS
static java.lang.String	PRESERVE_SPACE
static java.lang.String	USE_XHTML
static java.lang.String	VALIDATE_PARAM_AS_EMBED

Method Summary

java.lang.String	getDirective(java.lang.String name) Return a directive value based on a lookup name.
Attribute	getGlobalAttributeByName(java.lang.String name) A simple method for returning on of the entries by name.
static Policy	getInstance() This retrieves a Policy based on a default location ("resources/antisamy.xml")
static Policy	getInstance(java.io.File file) This retrieves a Policy based on the File object passed in
static Policy	getInstance(java.io.InputStream inputStream) Deprecated. This method does not properly load included policy files. Use getInstance(URL) instead.
static Policy	getInstance(java.lang.String filename) This retrieves a Policy based on the file name passed in
static Policy	getInstance(java.net.URL url) This retrieves a Policy based on the URL object passed in.
int	getMaxInputSize() Returns the maximum input size.
Property	getPropertyByName(java.lang.String propertyName) Retrieves a CSS Property from the Policy.
AntiSamyPattern	getRegularExpression(java.lang.String name) A simple method for returning on of the entries by name.
Tag	getTagByName(java.lang.String tagName) Retrieves a Tag from the Policy.
java.lang.String[]	getTags() Return all the tags accepted by the Policy object.
boolean	isTagInListToEncode(java.lang.String s)
org.xml.sax.InputSource	resolveEntity(java.lang.String publicId, java.lang.String systemId) Resolves public & system ids to files stored within the JAR.
static void	setBaseURL(java.net.URL newValue) Set the base directory to use to resolve relative file paths when including other policy files.
void	setDirective(java.lang.String name, java.lang.String value) Set a directive for a value based on a name.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ANYTHING_REGEXP

public static final java.util.regex.Pattern ANYTHING_REGEXP

DEFAULT_MAX_INPUT_SIZE

public static final int DEFAULT_MAX_INPUT_SIZE

See Also:

Constant Field Values

DEFAULT_MAX_STYLESHEET_IMPORTS

public static final int DEFAULT_MAX_STYLESHEET_IMPORTS

See Also:

Constant Field Values

OMIT_XML_DECLARATION

public static final java.lang.String OMIT_XML_DECLARATION

See Also:

Constant Field Values

OMIT_DOCTYPE_DECLARATION

public static final java.lang.String OMIT_DOCTYPE_DECLARATION

See Also:

Constant Field Values

MAX_INPUT_SIZE

public static final java.lang.String MAX_INPUT_SIZE

See Also:

Constant Field Values

USE_XHTML

public static final java.lang.String USE_XHTML

See Also:

Constant Field Values

FORMAT_OUTPUT

public static final java.lang.String FORMAT_OUTPUT

See Also:

Constant Field Values

EMBED_STYLESHEETS

public static final java.lang.String EMBED_STYLESHEETS

See Also:

Constant Field Values

CONNECTION_TIMEOUT

public static final java.lang.String CONNECTION_TIMEOUT

See Also:

Constant Field Values

ANCHORS_NOFOLLOW

public static final java.lang.String ANCHORS_NOFOLLOW

See Also:

Constant Field Values

VALIDATE_PARAM_AS_EMBED

public static final java.lang.String VALIDATE_PARAM_AS_EMBED

See Also:

Constant Field Values

PRESERVE_SPACE

public static final java.lang.String PRESERVE_SPACE

See Also:

Constant Field Values

PRESERVE_COMMENTS

public static final java.lang.String PRESERVE_COMMENTS

See Also:

Constant Field Values

ENCODE_TAGS

public static final java.lang.String ENCODE_TAGS

See Also:

Constant Field Values

ACTION_VALIDATE

public static final java.lang.String ACTION_VALIDATE

See Also:

Constant Field Values

ACTION_FILTER

public static final java.lang.String ACTION_FILTER

See Also:

Constant Field Values

ACTION_TRUNCATE

public static final java.lang.String ACTION_TRUNCATE

See Also:

Constant Field Values

Method Detail

isTagInListToEncode

public boolean isTagInListToEncode(java.lang.String s)

getTagByName

public Tag getTagByName(java.lang.String tagName)

Retrieves a Tag from the Policy.

Parameters:

tagName - The name of the Tag to look up.

Returns:

The Tag associated with the name specified, or null if none is found.

getPropertyByName

public Property getPropertyByName(java.lang.String propertyName)

Retrieves a CSS Property from the Policy.

Parameters:

propertyName - The name of the CSS Property to look up.

Returns:

The CSS Property associated with the name specified, or null if none is found.

getInstance

public static Policy getInstance()
                          throws PolicyException

This retrieves a Policy based on a default location ("resources/antisamy.xml")

Returns:

A populated Policy object based on the XML policy file located in the default location.

Throws:

PolicyException - If the file is not found or there is a problem parsing the file.

getInstance

public static Policy getInstance(java.lang.String filename)
                          throws PolicyException

This retrieves a Policy based on the file name passed in

Parameters:

filename - The path to the XML policy file.

Returns:

A populated Policy object based on the XML policy file located in the location passed in.

Throws:

PolicyException - If the file is not found or there is a problem parsing the file.

getInstance

public static Policy getInstance(java.io.File file)
                          throws PolicyException

This retrieves a Policy based on the File object passed in

Parameters:

file - A File object which contains the XML policy information.

Returns:

A populated Policy object based on the XML policy file pointed to by the File parameter.

Throws:

PolicyException - If the file is not found or there is a problem parsing the file.

getInstance

public static Policy getInstance(java.net.URL url)
                          throws PolicyException

This retrieves a Policy based on the URL object passed in. NOTE: This is the only factory method that will work with tags in AntiSamy policy files.

Parameters:

url - A URL object which contains the XML policy information.

Returns:

A populated Policy object based on the XML policy file pointed to by the File parameter.

Throws:

PolicyException - If the file is not found or there is a problem parsing the file.

getInstance

public static Policy getInstance(java.io.InputStream inputStream)
                          throws PolicyException

Deprecated. This method does not properly load included policy files. Use getInstance(URL) instead.

This retrieves a Policy based on the InputStream object passed in

Parameters:

inputStream - An InputStream which contains thhe XML policy information.

Returns:

A populated Policy object based on the XML policy file pointed to by the inputStream parameter.

Throws:

PolicyException - If there is a problem parsing the input stream.

getRegularExpression

public AntiSamyPattern getRegularExpression(java.lang.String name)

A simple method for returning on of the entries by name.

Parameters:

name - The name of the common regexp we want to look up.

Returns:

An AntiSamyPattern associated with the lookup name specified.

getGlobalAttributeByName

public Attribute getGlobalAttributeByName(java.lang.String name)

A simple method for returning on of the entries by name.

Parameters:

name - The name of the global-attribute we want to look up.

Returns:

An Attribute associated with the global-attribute lookup name specified.

getTags

public java.lang.String[] getTags()

Return all the tags accepted by the Policy object.

Returns:

A String array of all the tag names accepted by the current Policy.

getDirective

public java.lang.String getDirective(java.lang.String name)

Return a directive value based on a lookup name.

Returns:

A String object containing the directive associated with the lookup name, or null if none is found.

setDirective

public void setDirective(java.lang.String name,
                         java.lang.String value)

Set a directive for a value based on a name.

Parameters:

name - A directive to set a value for.

value - The new value for the directive.

getMaxInputSize

public int getMaxInputSize()

Returns the maximum input size. If this value is not specified by the policy, the DEFAULT_MAX_INPUT_SIZE is used.

Returns:

the maximium input size.

setBaseURL

public static void setBaseURL(java.net.URL newValue)

Set the base directory to use to resolve relative file paths when including other policy files.

Parameters:

newValue -

resolveEntity

public org.xml.sax.InputSource resolveEntity(java.lang.String publicId,
                                             java.lang.String systemId)
                                      throws java.io.IOException,
                                             org.xml.sax.SAXException

Resolves public & system ids to files stored within the JAR.

Throws:

java.io.IOException

org.xml.sax.SAXException