public class ContentDispositionHeaderGuesser extends Object
| Constructor and Description |
|---|
ContentDispositionHeaderGuesser(DownloadPolicyProvider downloadPolicyProvider,
HostileExtensionDetector hostileExtensionDetector) |
| Modifier and Type | Method and Description |
|---|---|
String |
guessContentDispositionHeader(String fileName,
String mimeContentType,
String userAgent)
This will suggest a content disposition type (inline or attachment) for the given file, respecting the settings
given by the provided download policy.
|
String |
guessMIME(String mimeContentType,
boolean isBinaryFile)
Given a mimeContentType and whether the file is a binary file or not
returns text/plain for non-binary files
and the given mimeContentType is returned.
|
String |
guessMIME(String filename,
String mimeContentType,
String userAgent)
Deprecated.
since 0.0.8 use
guessMIME(String, boolean) instead
Given a filename, its MIME type, and a browser user agent, return a 'safe' mime type, depending on
the download policy configured, such that 'safe' browsers can display the executable text file without causing xss issues.
If the download policy is set to
If the download policy is set to |
public ContentDispositionHeaderGuesser(DownloadPolicyProvider downloadPolicyProvider, HostileExtensionDetector hostileExtensionDetector)
public String guessContentDispositionHeader(String fileName, String mimeContentType, String userAgent)
Special treatment is given to html/xml - they will always be displayed inline if the contentType is set to a text type, and if the browser is not IE.
fileName - the name of the filemimeContentType - the existing content typepublic String guessMIME(String filename, String mimeContentType, String userAgent)
guessMIME(String, boolean) instead
Given a filename, its MIME type, and a browser user agent, return a 'safe' mime type, depending on
the download policy configured, such that 'safe' browsers can display the executable text file without causing xss issues.
If the download policy is set to DownloadPolicy.Secure or DownloadPolicy.Insecure, then
the given mimeContentType will be returned.
If the download policy is set to DownloadPolicy.Smart, and the user agent is not Internet Explorer
, then for text files that can be displayed in plain text (e.g., text/html, as determined by
HostileExtensionDetector.isTextContentType(String) and HostileExtensionDetector.isTextExtension(String)),
a 'text/plain' mime type will be returned instead of the given mimeContentType.
filename - the file to displaymimeContentType - the mime type for the given fileuserAgent - the browser user agent.public String guessMIME(String mimeContentType, boolean isBinaryFile)
If the download policy is set to DownloadPolicy.Secure or DownloadPolicy.Insecure, then
the given mimeContentType will be returned.
It is recommended to use the 'X-Content-Type-Options' header with a value of 'nosniff' to avoid XSS issues in IE.
mimeContentType - the the mime type for the given fileisBinaryFile - if the file is a binary file or not (true iff binary)Copyright © 2018 Atlassian. All rights reserved.