CmsParameterEscaper (OpenCms Core API, version 8.5.0)

Overview

Package

Class

Tree

Deprecated

Index

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opencms.util
Class CmsParameterEscaper

java.lang.Object
  org.opencms.util.CmsParameterEscaper

public class CmsParameterEscaper
extends java.lang.Object
extends java.lang.Object

This class is responsible for automatically escaping parameters in Flex requests. It keeps track of which parameters to escape (or not escape), and which parameters need to be processed by AntiSamy.

Field Summary
`static java.lang.String`	`DEFAULT_POLICY` The file name of the default policy.
`protected static org.owasp.validator.html.Policy`	`defaultPolicy` The default policy, which is used when no policy path is given.

Constructor Summary
`CmsParameterEscaper()`

Method Summary
`org.owasp.validator.html.AntiSamy`	`createAntiSamy(CmsObject cms, java.lang.String policyPath)` Creates a new AntiSamy instance for a given policy path.
`void`	`enableAntiSamy(CmsObject cms, java.lang.String policyPath, java.util.Set<java.lang.String> params)` Enables the AntiSamy HTML cleaning for some parameters.
`java.lang.String`	`escape(java.lang.String name, java.lang.String html)` Escapes a single parameter value.
`java.lang.String[]`	`escape(java.lang.String name, java.lang.String[] values)` Escapes an array of parameter values.
`java.lang.String`	`filterAntiSamy(java.lang.String html)` Filters HTML input using the internal AntiSamy instance.
`static org.owasp.validator.html.Policy`	`readPolicy(CmsObject cms, java.lang.String sitePath)` Helper method for reading an AntiSamy policy file from the VFS.
`void`	`setExceptions(java.util.Collection<java.lang.String> exceptions)` Sets the set of names of parameters which shouldn't be escaped.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

DEFAULT_POLICY

public static final java.lang.String DEFAULT_POLICY

The file name of the default policy.

See Also:: Constant Field Values

defaultPolicy

protected static org.owasp.validator.html.Policy defaultPolicy

The default policy, which is used when no policy path is given.

Constructor Detail

CmsParameterEscaper

public CmsParameterEscaper()

Method Detail

readPolicy

public static org.owasp.validator.html.Policy readPolicy(CmsObject cms,
                                                         java.lang.String sitePath)

Helper method for reading an AntiSamy policy file from the VFS.

Parameters:: cms - the current CMS context; sitePath - the site path of the policy file
Returns:: the policy object for the given path

createAntiSamy

public org.owasp.validator.html.AntiSamy createAntiSamy(CmsObject cms,
                                                        java.lang.String policyPath)

Creates a new AntiSamy instance for a given policy path.

Parameters:: cms - the current CMS context; policyPath - the policy site path
Returns:: the new AntiSamy instance

enableAntiSamy

public void enableAntiSamy(CmsObject cms,
                           java.lang.String policyPath,
                           java.util.Set<java.lang.String> params)

Enables the AntiSamy HTML cleaning for some parameters.

Parameters:: cms - the current CMS context; policyPath - the policy site path in the VFS; params - the parameters for which HTML cleaning should be enabled

escape

public java.lang.String escape(java.lang.String name,
                               java.lang.String html)

Escapes a single parameter value.

Parameters:: name - the name of the parameter; html - the value of the parameter
Returns:: the escaped parameter value

escape

public java.lang.String[] escape(java.lang.String name,
                                 java.lang.String[] values)

Escapes an array of parameter values.

Parameters:: name - the parameter name; values - the parameter values
Returns:: the escaped parameter values

filterAntiSamy

public java.lang.String filterAntiSamy(java.lang.String html)

Filters HTML input using the internal AntiSamy instance.

Parameters:: html - the HTML to filter
Returns:: the filtered HTML

setExceptions

public void setExceptions(java.util.Collection<java.lang.String> exceptions)

Sets the set of names of parameters which shouldn't be escaped.

Parameters:: exceptions - a set of parameter names

Overview

Package

Class

Tree

Deprecated

Index

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opencms.util Class CmsParameterEscaper

DEFAULT_POLICY

defaultPolicy

CmsParameterEscaper

readPolicy

createAntiSamy

enableAntiSamy

escape

escape

filterAntiSamy

setExceptions

org.opencms.util
Class CmsParameterEscaper