|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.jboss.seam.text.SeamTextParser.DefaultSanitizer
public static class SeamTextParser.DefaultSanitizer
Implementation of the rules in http://wiki.whatwg.org/wiki/Sanitization_rules Changes and additions: 1. Expanded all -* wildcard values to their full CSS property name (e.g. border-*). 2. Added dash as allowed characater to REGEX_VALID_CSS_STRING1. 3. Improved REGEX_VALID_CSS_VALUE with range {n,m} checks for color values and negative units. 4. Added more options (mostly of vertical-align property, e.g. "middle", "text-top") as allowed CSS values. 5. Added "max-height", "max-width", "min-height", "min-width" to CSS properties. 6. Removed 'data' URI scheme. 7. Not implemented filtering of CSS url() - it's an invalid value always.
Field Summary | |
---|---|
protected Set<String> |
acceptableAttributes
|
protected Set<String> |
acceptableElements
|
protected Set<String> |
attributesWhoseValueIsAURI
|
protected Set<String> |
mathmlAttributes
|
protected Set<String> |
mathmlElements
|
Pattern |
REGEX_INVALID_CSS_URL
|
Pattern |
REGEX_VALID_CSS_STRING1
|
Pattern |
REGEX_VALID_CSS_STRING2
|
Pattern |
REGEX_VALID_CSS_VALUE
|
protected Set<String> |
styleProperties
|
protected Set<String> |
stylePropertiesValues
|
protected Set<String> |
svgAttributes
|
protected Set<String> |
svgElements
|
protected Set<String> |
svgStyleProperties
|
protected Set<String> |
uriSchemes
|
Constructor Summary | |
---|---|
SeamTextParser.DefaultSanitizer()
|
Method Summary | |
---|---|
antlr.SemanticException |
createSemanticException(String message,
antlr.Token element)
|
String |
getInvalidAttributeMessage(String elementName,
String attributeName)
|
String |
getInvalidAttributeValueMessage(String elementName,
String attributeName,
String value)
|
String |
getInvalidElementMessage(String elementName)
|
String |
getInvalidURIMessage(String uri)
|
void |
validateHtmlAttribute(antlr.Token element,
antlr.Token attribute)
Called by the SeamTextParser when a plain HTML attribute is parsed. |
void |
validateHtmlAttributeValue(antlr.Token element,
antlr.Token attribute,
String attributeValue)
Called by the SeamTextParser when a plain HTML attribute value is parsed. |
void |
validateHtmlElement(antlr.Token element)
Called by the SeamTextParser when a plain HTML element is parsed. |
void |
validateLinkTagURI(antlr.Token element,
String uri)
Called by the SeamTextParser when a link tag is parsed, i.e. |
protected boolean |
validateURI(String uri)
Validate a URI string. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public final Pattern REGEX_VALID_CSS_STRING1
public final Pattern REGEX_VALID_CSS_STRING2
public final Pattern REGEX_VALID_CSS_VALUE
public final Pattern REGEX_INVALID_CSS_URL
protected Set<String> acceptableElements
protected Set<String> mathmlElements
protected Set<String> svgElements
protected Set<String> acceptableAttributes
protected Set<String> mathmlAttributes
protected Set<String> svgAttributes
protected Set<String> styleProperties
protected Set<String> stylePropertiesValues
protected Set<String> svgStyleProperties
protected Set<String> attributesWhoseValueIsAURI
protected Set<String> uriSchemes
Constructor Detail |
---|
public SeamTextParser.DefaultSanitizer()
Method Detail |
---|
public void validateLinkTagURI(antlr.Token element, String uri) throws antlr.SemanticException
SeamTextParser.Sanitizer
validateLinkTagURI
in interface SeamTextParser.Sanitizer
element
- the token of the parse tree, here the ">" symbol which comes after the "="uri
- the user-entered link text
antlr.SemanticException
- thrown if the URI is not syntactically or semantically validpublic void validateHtmlElement(antlr.Token element) throws antlr.SemanticException
SeamTextParser.Sanitizer
validateHtmlElement
in interface SeamTextParser.Sanitizer
element
- the token of the parse tree, call getText() to access the HTML tag name
antlr.SemanticException
- thrown when the HTML tag is not validpublic void validateHtmlAttribute(antlr.Token element, antlr.Token attribute) throws antlr.SemanticException
SeamTextParser.Sanitizer
validateHtmlAttribute
in interface SeamTextParser.Sanitizer
element
- the token of the parse tree that represents the HTML tagattribute
- the token of the parse tree that represents the HTML attribute
antlr.SemanticException
- thrown if the attribute is not valid for the given HTML tagpublic void validateHtmlAttributeValue(antlr.Token element, antlr.Token attribute, String attributeValue) throws antlr.SemanticException
SeamTextParser.Sanitizer
validateHtmlAttributeValue
in interface SeamTextParser.Sanitizer
element
- the token of the parse tree that represents the HTML tagattribute
- the token of the parse tree that represents the HTML attributeattributeValue
- the plain string value of the HTML attribute
antlr.SemanticException
- thrown if the attribute value is not valid for the given HTML attribute and elementprotected boolean validateURI(String uri)
The default implementation accepts any URI string that starts with a slash, this is considered a relative URL. Any absolute URI is parsed by the JDK with the java.net.URI constructor. Finally, the scheme of the parsed absolute URI is checked with a list of valid schemes.
uri
- the URI string
public String getInvalidURIMessage(String uri)
getInvalidURIMessage
in interface SeamTextParser.Sanitizer
public String getInvalidElementMessage(String elementName)
getInvalidElementMessage
in interface SeamTextParser.Sanitizer
public String getInvalidAttributeMessage(String elementName, String attributeName)
getInvalidAttributeMessage
in interface SeamTextParser.Sanitizer
public String getInvalidAttributeValueMessage(String elementName, String attributeName, String value)
getInvalidAttributeValueMessage
in interface SeamTextParser.Sanitizer
public antlr.SemanticException createSemanticException(String message, antlr.Token element)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |