• Home
• com.adobe.aem
• uber-jar
• 6.4.4
• source code
• ProtectBody.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.day.cq.xss.taglib.ProtectBody Maven / Gradle / Ivy

/*************************************************************************
 *
 * ADOBE CONFIDENTIAL
 * __________________
 *
 *  Copyright 2011 Adobe Systems Incorporated
 *  All Rights Reserved.
 *
 * NOTICE:  All information contained herein is, and remains
 * the property of Adobe Systems Incorporated and its suppliers,
 * if any.  The intellectual and technical concepts contained
 * herein are proprietary to Adobe Systems Incorporated and its
 * suppliers and are protected by trade secret or copyright law.
 * Dissemination of this information or reproduction of this material
 * is strictly forbidden unless prior written permission is obtained
 * from Adobe Systems Incorporated.
 **************************************************************************/
package com.day.cq.xss.taglib;

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.BodyContent;
import javax.servlet.jsp.tagext.BodyTagSupport;

import com.day.cq.xss.ProtectionContext;
import com.day.cq.xss.XSSProtectionService;

/**
 * This class implements a tag that can be used to prevent its body content from containing
 * any XSS stuff.
 * 

 * The policy to be used may be specified using the policy attribute.
 * @deprecated
 */
@Deprecated
public class ProtectBody extends BodyTagSupport {

    /**
     * Path to policy file to use; null, if the default policy has to be used
     */
    private String policy;

    /**
     * The protection context to use
     */
    private String context;

    /**
     * Get the path to the policy to be used.
     *
     * @return Path to policy file to use; null, if the default policy has to
     *         be used
     */
    public String getPolicy() {
        return policy;
    }

    /**
     * Set the path to the policy to be used.
     *
     * @param policy Path to policy file to use; null, if the default policy
     *               has to be used
     */
    public void setPolicy(String policy) {
        this.policy = policy;
    }

    /**
     * Get the protection context.
     *
     * @return Attribute name
     */
    public String getContext() {
        return this.context;
    }

    /**
     * Set the protection context.
     *
     * @param context The protection context
     */
    public void setContext(String context) {
        this.context = context;
    }

    protected ProtectionContext getProtectionContext() throws JspException {
        String contextName = (this.context != null ? this.context
                : ProtectionContext.HTML_HTML_CONTENT.getName());
        if (contextName == null) {
            contextName = ProtectionContext.HTML_HTML_CONTENT.getName();
        }
        ProtectionContext pc = ProtectionContext.fromName(contextName);
        if (pc == null) {
            throw new JspException("Invalid protection context: " + contextName);
        }
        return pc;
    }

    /**
     * Executes the XSS removal.
     */
    @Override
    public int doAfterBody() throws JspException {
        try {
            XSSProtectionService service = Utils.getService(this.pageContext);
            if (service != null) {
                BodyContent bc = this.getBodyContent();
                String src = bc.getString();
                bc.clearBody();
                bc.getEnclosingWriter().println(service.protectForContext(
                        getProtectionContext(), src, getPolicy()));
            }
        } catch (Exception e) {
            throw new JspException(e);
        }
        return SKIP_BODY;
    }

}