HostileExtensionDetector (Atlassian Http 2.0.2 API)

java.lang.Object
- com.atlassian.http.mime.HostileExtensionDetector

```
public class HostileExtensionDetector
extends Object
```
A tool for loading and encapsulating the local policy for which MIME Content Types and file extensions may contain active executable client-side content and which therefore should be treated carefully to avoid XSS attacks via uploading these files as attachments.
Browsers use Content-Type headers and file extensions to decide whether to attempt to execute a file in a client context. Examples include javascript in html and ActionScript in .swf (Flash) binaries. Since these runtimes have access to the client-side state of the browser, they represent a potential means to steal session cookie contents and other XSS attacks.

Constructor Summary

Constructors
Constructor and Description

HostileExtensionDetector()
Loads the configuration of what are executable file extensions and content types from the given properties

Constructors
Constructor and Description
`HostileExtensionDetector()` Loads the configuration of what are executable file extensions and content types from the given properties

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`isExecutableContent(String fileName, String contentType)` Determines if the file is executable given its file name and content type.
`boolean`	`isExecutableContentType(String contentType)` Determines if the given String contains a substring of a MIME Content Type denoting client-executable active content such that if the browser opens the file, its execution could have access to the browser DOM etc.
`boolean`	`isExecutableFileExtension(String name)` Determines if the given String has an extension denoting a client-executable active content type such that if the browser opens the file, its execution could have access to the browser DOM etc.
`boolean`	`isTextContent(String fileName, String contentType)`
`boolean`	`isTextContentType(String contentType)`
`boolean`	`isTextExtension(String fileName)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - HostileExtensionDetector
```
public HostileExtensionDetector()
```
    Loads the configuration of what are executable file extensions and content types from the given properties
- Method Detail
  - isExecutableFileExtension
```
public boolean isExecutableFileExtension(String name)
```
    Determines if the given String has an extension denoting a client-executable active content type such that if the browser opens the file, its execution could have access to the browser DOM etc. Examples include .html, .svg and .swf. Note the check is case insensitive.
    
    Parameters:
    
    name - the file name.
    
    Returns:
    
    true only if the name has one of the configured extensions.
  - isExecutableContentType
```
public boolean isExecutableContentType(String contentType)
```
    Determines if the given String contains a substring of a MIME Content Type denoting client-executable active content such that if the browser opens the file, its execution could have access to the browser DOM etc. E.g. text/html Note the check is case insensitive.
    
    Parameters:
    
    contentType - the MIME Content Type string.
    
    Returns:
    
    true only if the given contentType contains a substring of one of the configured executable Content Types or the contentType is empty or is an invalid contentType.
  - isTextExtension
```
public boolean isTextExtension(String fileName)
```
    Parameters:
    
    fileName - can be null or empty.
    
    Returns:
    
    true if the extension of the given filename is of type text. False other wise. defaults to false if filename is null or empty.
  - isTextContentType
```
public boolean isTextContentType(String contentType)
```
    Parameters:
    
    contentType - the content type
    
    Returns:
    
    true if the content type given is of a text type. False otherwise
  - isExecutableContent
```
public boolean isExecutableContent(String fileName,
                                   String contentType)
```
    Determines if the file is executable given its file name and content type. Special consideration is given to when the file has no extension and no content type - it is considered executable only if the KEY_EXECUTABLE_IF_NO_EXT_NO_MIME property was set to true (true by default)
    
    Parameters:
    
    fileName - the name of the file
    
    contentType - the content type
    
    Returns:
    
    true if the file is executable given its name and content type
  - isTextContent
```
public boolean isTextContent(String fileName,
                             String contentType)
```
    Parameters:
    
    fileName - the name of the file
    
    contentType - the content type
    
    Returns:
    
    true if the file is text given its name and content type

Class HostileExtensionDetector

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

HostileExtensionDetector

Method Detail

isExecutableFileExtension

isExecutableContentType

isTextExtension

isTextContentType

isExecutableContent

isTextContent