org.apache.sling.xss.ProtectionContext Maven / Gradle / Ivy
Show all versions of aem-sdk-api Show documentation
/*******************************************************************************
* Licensed to the Apache Software Foundation (ASF) under one or
* more contributor license agreements. See the NOTICE file
* distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the
* Apache License, Version 2.0 (the "License"); you may not use
* this file except in compliance with the License. You may obtain
* a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0 Unless required by
* applicable law or agreed to in writing, software distributed
* under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions
* and limitations under the License.
******************************************************************************/
package org.apache.sling.xss;
/**
* This enumeration defines the context for executing XSS protection.
*
* The specified rules refer to
* http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
*/
public enum ProtectionContext {
/**
* Escape HTML for use inside element content (rules #6 and - to some degree - #1),
* using a policy to remove potentially malicous HTML
*/
HTML_HTML_CONTENT("htmlToHtmlContent"),
/**
* Escape plain text for use inside HTML content (rule #1)
*/
PLAIN_HTML_CONTENT("plainToHtmlContent");
/**
* The name of the protection context
*/
private final String name;
private ProtectionContext(String name) {
this.name = name;
}
/**
* Gets the name of the protection context.
*
* @return The name of the protection context
*/
public String getName() {
return this.name;
}
/**
* Gets a protection context from the specified name.
*
* @param name The name to get the protection context from
* @return The protection context; null
if an invalid protection context
* has been specified
*/
public static ProtectionContext fromName(String name) {
ProtectionContext[] values = values();
for (ProtectionContext contextToCheck : values) {
if (contextToCheck.getName().equals(name)) {
return contextToCheck;
}
}
return null;
}
}