Package org.apache.ofbiz.base.html
Class CustomSafePolicy
java.lang.Object
org.apache.ofbiz.base.html.CustomSafePolicy
- All Implemented Interfaces:
SanitizerCustomPolicy
Based on the
AntiSamy Slashdot example.
Slashdot (http://www.slashdot.org/) is a techie news site that allows users
to respond anonymously to news posts with very limited HTML markup. Now
Slashdot is not only one of the coolest sites around, it's also one that's
been subject to many different successful attacks. Even more unfortunate is
the fact that most of the attacks led users to the infamous goatse.cx picture
(please don't go look it up). The rules for Slashdot are fairly strict: users
can only submit the following HTML tags and no CSS:
<b>
, <u>
,
<i>
, <a>
, <blockquote>
.
Accordingly, we've built a policy file that allows fairly similar
functionality. All text-formatting tags that operate directly on the font,
color or emphasis have been allowed.-
Field Summary
Modifier and TypeFieldDescriptionstatic final org.owasp.html.PolicyFactory
A policy that can be used to produce policies that sanitize to HTML sinks viaPolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver)
. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionorg.owasp.html.PolicyFactory
Used for getting the policy from the custom class which implements this interface
-
Field Details
-
POLICY_DEFINITION
public static final org.owasp.html.PolicyFactory POLICY_DEFINITIONA policy that can be used to produce policies that sanitize to HTML sinks viaPolicyFactory.apply(org.owasp.html.HtmlStreamEventReceiver)
.
-
-
Constructor Details
-
CustomSafePolicy
public CustomSafePolicy()
-
-
Method Details
-
getSanitizerPolicy
public org.owasp.html.PolicyFactory getSanitizerPolicy()Description copied from interface:SanitizerCustomPolicy
Used for getting the policy from the custom class which implements this interface- Specified by:
getSanitizerPolicy
in interfaceSanitizerCustomPolicy
- Returns:
- the policy specified in the class will be returned
-