• Home
• com.adobe.aem
• uber-jar
• 6.4.4
• source code
• ProtectStringAsAttribute.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.day.cq.xss.taglib.ProtectStringAsAttribute Maven / Gradle / Ivy

/*************************************************************************
 *
 * ADOBE CONFIDENTIAL
 * __________________
 *
 *  Copyright 2011 Adobe Systems Incorporated
 *  All Rights Reserved.
 *
 * NOTICE:  All information contained herein is, and remains
 * the property of Adobe Systems Incorporated and its suppliers,
 * if any.  The intellectual and technical concepts contained
 * herein are proprietary to Adobe Systems Incorporated and its
 * suppliers and are protected by trade secret or copyright law.
 * Dissemination of this information or reproduction of this material
 * is strictly forbidden unless prior written permission is obtained
 * from Adobe Systems Incorporated.
 **************************************************************************/
package com.day.cq.xss.taglib;

import javax.servlet.ServletRequest;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.BodyContent;

import com.day.cq.xss.XSSProtectionService;

/**
 * This class implements a tag that can be used for protecting a String that is provided
 * as a request attribute.
 * @deprecated
 */
@Deprecated
public class ProtectStringAsAttribute extends ProtectBody {

    /**
     * Name of attribute where the result is saved to
     */
    private String name;

    /**
     * Get the name of the attribute where the result is saved to.
     *
     * @return Attribute name
     */
    public String getName() {
        return this.name;
    }

    /**
     * Set the name to the attribute where the result is saved to.
     *
     * @param name Attribute name
     */
    public void setName(String name) {
        this.name = name;
    }

    /**
     * Executes the XSS removal and sets the cleaned HTML to the request attribute as
     * specified.
     */
    @Override
    public int doAfterBody() throws JspException {
        try {
            XSSProtectionService service = Utils.getService(this.pageContext);
            if (service != null) {
                BodyContent bc = this.getBodyContent();
                String src = bc.getString();
                bc.clearBody();
                ServletRequest req = this.pageContext.getRequest();
                req.setAttribute(this.name, service.protectForContext(
                        this.getProtectionContext(), src, getPolicy()));
            }
        } catch (Exception e) {
            throw new JspException(e);
        }
        return SKIP_BODY;
    }

}