Package org.owasp.validator.html

Class Policy

  • Direct Known Subclasses:
    InternalPolicy
    public class Policy
extends java.lang.Object
    Policy.java

    This file holds the model for our policy engine.

    Author:
    Arshan Dabirsiaghi

    • Field Detail

      • ANYTHING_REGEXP

        public static final java.util.regex.Pattern ANYTHING_REGEXP

      • DEFAULT_POLICY_URI

        protected static final java.lang.String DEFAULT_POLICY_URI
        See Also:
        Constant Field Values

      • DEFAULT_MAX_STYLESHEET_IMPORTS

        public static final int DEFAULT_MAX_STYLESHEET_IMPORTS
        See Also:
        Constant Field Values

      • OMIT_XML_DECLARATION

        public static final java.lang.String OMIT_XML_DECLARATION
        See Also:
        Constant Field Values

      • OMIT_DOCTYPE_DECLARATION

        public static final java.lang.String OMIT_DOCTYPE_DECLARATION
        See Also:
        Constant Field Values

      • EMBED_STYLESHEETS

        public static final java.lang.String EMBED_STYLESHEETS
        See Also:
        Constant Field Values

      • CONNECTION_TIMEOUT

        public static final java.lang.String CONNECTION_TIMEOUT
        See Also:
        Constant Field Values

      • ANCHORS_NOFOLLOW

        public static final java.lang.String ANCHORS_NOFOLLOW
        See Also:
        Constant Field Values

      • VALIDATE_PARAM_AS_EMBED

        public static final java.lang.String VALIDATE_PARAM_AS_EMBED
        See Also:
        Constant Field Values

      • PRESERVE_COMMENTS

        public static final java.lang.String PRESERVE_COMMENTS
        See Also:
        Constant Field Values

      • ENTITY_ENCODE_INTL_CHARS

        public static final java.lang.String ENTITY_ENCODE_INTL_CHARS
        See Also:
        Constant Field Values

      • tagRules

        protected final java.util.Map<java.lang.String,​Tag> tagRules

      • directives

        protected final java.util.Map<java.lang.String,​java.lang.String> directives

    • Method Detail

      • getTagByLowercaseName

        public Tag getTagByLowercaseName​(java.lang.String tagName)
        The path to the base policy file, used to resolve relative paths when reading included files

      • getPropertyByName

        public Property getPropertyByName​(java.lang.String propertyName)
        Retrieves a CSS Property from the Policy.
        Parameters:
        propertyName - The name of the CSS Property to look up.
        Returns:
        The CSS Property associated with the name specified, or null if none is found.

      • getInstance

        public static Policy getInstance()
                          throws PolicyException
        This retrieves a Policy based on a default location ("resources/antisamy.xml")
        Returns:
        A populated Policy object based on the XML policy file located in the default location.
        Throws:
        PolicyException - If the file is not found or there is a problem parsing the file.

      • getInstance

        public static Policy getInstance​(java.lang.String filename)
                          throws PolicyException
        This retrieves a Policy based on the file name passed in
        Parameters:
        filename - The path to the XML policy file.
        Returns:
        A populated Policy object based on the XML policy file located in the location passed in.
        Throws:
        PolicyException - If the file is not found or there is a problem parsing the file.

      • getInstance

        public static Policy getInstance​(java.io.InputStream inputStream)
                          throws PolicyException
        This retrieves a Policy based on the InputStream object passed in
        Parameters:
        inputStream - An InputStream which contains thhe XML policy information.
        Returns:
        A populated Policy object based on the XML policy file pointed to by the inputStream parameter.
        Throws:
        PolicyException - If there is a problem parsing the input stream.

      • getInstance

        public static Policy getInstance​(java.io.File file)
                          throws PolicyException
        This retrieves a Policy based on the File object passed in
        Parameters:
        file - A File object which contains the XML policy information.
        Returns:
        A populated Policy object based on the XML policy file pointed to by the File parameter.
        Throws:
        PolicyException - If the file is not found or there is a problem parsing the file.

      • getInstance

        public static Policy getInstance​(java.net.URL url)
                          throws PolicyException
        This retrieves a Policy based on the URL object passed in.

        NOTE: This is the only factory method that will work with tags in AntiSamy policy files.

        Parameters:
        url - A URL object which contains the XML policy information.
        Returns:
        A populated Policy object based on the XML policy file pointed to by the File parameter.
        Throws:
        PolicyException - If the file is not found or there is a problem parsing the file.

      • getTopLevelElement

        protected static org.w3c.dom.Element getTopLevelElement​(java.net.URL baseUrl)
                                                 throws PolicyException
        Throws:
        PolicyException

      • getTopLevelElement

        protected static org.w3c.dom.Element getTopLevelElement​(org.xml.sax.InputSource source)
                                                 throws PolicyException
        Throws:
        PolicyException

      • cloneWithDirective

        public Policy cloneWithDirective​(java.lang.String name,
                                 java.lang.String value)
        Creates a copy of this policy with an added/changed directive.
        Parameters:
        name - The directive to add/modify
        value - The value
        Returns:
        A clone of the policy with the updated directive

      • getGlobalAttributeByName

        public Attribute getGlobalAttributeByName​(java.lang.String name)
        A simple method for returning on of the entries by name.
        Parameters:
        name - The name of the global-attribute we want to look up.
        Returns:
        An Attribute associated with the global-attribute lookup name specified.

      • getAllowedEmptyTags

        public TagMatcher getAllowedEmptyTags()
        Return all the allowed empty tags configured in the Policy.
        Returns:
        A String array of all the he allowed empty tags configured in the Policy.

      • getRequiresClosingTags

        public TagMatcher getRequiresClosingTags()
        Return all the tags that are required to be closed with an end tag, even if they have no child content.
        Returns:
        A String array of all the tags that are required to be closed with an end tag, even if they have no child content.

      • getDirective

        public java.lang.String getDirective​(java.lang.String name)
        Return a directive value based on a lookup name.
        Returns:
        A String object containing the directive associated with the lookup name, or null if none is found.

      • resolveEntity

        public static org.xml.sax.InputSource resolveEntity​(java.lang.String systemId,
                                                    java.net.URL baseUrl)
                                             throws java.io.IOException,
                                                    org.xml.sax.SAXException
        Resolves public & system ids to files stored within the JAR.
        Throws:
        java.io.IOException
        org.xml.sax.SAXException

      • getCommonRegularExpressions

        public AntiSamyPattern getCommonRegularExpressions​(java.lang.String name)