org.opencms.util

类 CmsParameterEscaper

java.lang.Object

org.opencms.util.CmsParameterEscaper

public class CmsParameterEscaper
extends java.lang.Object

This class is responsible for automatically escaping parameters in Flex requests. It keeps track of which parameters to escape (or not escape), and which parameters need to be processed by AntiSamy.

字段概要

字段

限定符和类型	字段和说明
static java.lang.String	DEFAULT_POLICY The file name of the default policy.
protected static org.owasp.validator.html.Policy	defaultPolicy The default policy, which is used when no policy path is given.

构造器概要

构造器

构造器和说明
CmsParameterEscaper()

方法概要

方法

限定符和类型	方法和说明
org.owasp.validator.html.AntiSamy	createAntiSamy(CmsObject cms, java.lang.String policyPath) Creates a new AntiSamy instance for a given policy path.
void	enableAntiSamy(CmsObject cms, java.lang.String policyPath, java.util.Set<java.lang.String> params) Enables the AntiSamy HTML cleaning for some parameters.
java.lang.String	escape(java.lang.String name, java.lang.String html) Escapes a single parameter value.
java.lang.String[]	escape(java.lang.String name, java.lang.String[] values) Escapes an array of parameter values.
java.lang.String	filterAntiSamy(java.lang.String html) Filters HTML input using the internal AntiSamy instance.
static org.owasp.validator.html.Policy	readPolicy(CmsObject cms, java.lang.String sitePath) Helper method for reading an AntiSamy policy file from the VFS.
void	setExceptions(java.util.Collection<java.lang.String> exceptions) Sets the set of names of parameters which shouldn't be escaped.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

DEFAULT_POLICY

public static final java.lang.String DEFAULT_POLICY

The file name of the default policy.

另请参阅:

常量字段值

defaultPolicy

protected static org.owasp.validator.html.Policy defaultPolicy

The default policy, which is used when no policy path is given.

构造器详细资料

CmsParameterEscaper

public CmsParameterEscaper()

方法详细资料

readPolicy

public static org.owasp.validator.html.Policy readPolicy(CmsObject cms,
                                         java.lang.String sitePath)

Helper method for reading an AntiSamy policy file from the VFS.

参数:

cms - the current CMS context

sitePath - the site path of the policy file

返回:

the policy object for the given path

createAntiSamy

public org.owasp.validator.html.AntiSamy createAntiSamy(CmsObject cms,
                                               java.lang.String policyPath)

Creates a new AntiSamy instance for a given policy path.

参数:

cms - the current CMS context

policyPath - the policy site path

返回:

the new AntiSamy instance

enableAntiSamy

public void enableAntiSamy(CmsObject cms,
                  java.lang.String policyPath,
                  java.util.Set<java.lang.String> params)

Enables the AntiSamy HTML cleaning for some parameters.

参数:

cms - the current CMS context

policyPath - the policy site path in the VFS

params - the parameters for which HTML cleaning should be enabled

escape

public java.lang.String escape(java.lang.String name,
                      java.lang.String html)

Escapes a single parameter value.

参数:

name - the name of the parameter

html - the value of the parameter

返回:

the escaped parameter value

escape

public java.lang.String[] escape(java.lang.String name,
                        java.lang.String[] values)

Escapes an array of parameter values.

参数:

name - the parameter name

values - the parameter values

返回:

the escaped parameter values

filterAntiSamy

public java.lang.String filterAntiSamy(java.lang.String html)

Filters HTML input using the internal AntiSamy instance.

参数:

html - the HTML to filter

返回:

the filtered HTML

setExceptions

public void setExceptions(java.util.Collection<java.lang.String> exceptions)

Sets the set of names of parameters which shouldn't be escaped.

参数:

exceptions - a set of parameter names