com.jalios.jcms
Class WysiwygManager

java.lang.Object
  com.jalios.jcms.WysiwygManager

All Implemented Interfaces:

JPropertiesListener

public final class WysiwygManager
extends Object
implements JPropertiesListener

HTML manipulation methods for use inside JCMS.

Since:

JCMS-3751

See Also:

HtmlUtil, WysiwygMediasRewriter, WysiwygRenderer, WysiwygPolicyFilter

Field Summary

static String	CLEANHTML_CTXT_DATA HTML cleanup context map key to use to store the Data instance for which HTML cleanup is being performed.
static String	CLEANHTML_CTXT_FIELDNAME HTML cleanup context map key to use to store the name of the Data field for which HTML cleanup is being performed.

Fields inherited from interface com.jalios.util.JPropertiesListener

REVISION

Method Summary

static String[]	cleanHtml(String[] unsafeStrArray, Map<String,Object> contextMap) Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.
static String	cleanHtml(String unsafeStr, Map<String,Object> contextMap) Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.
static Map<String,Object>	getCleanHtmlContextMap(Data data, String fieldName) Retrieve a context map for use in cleanHtml method.
static WysiwygManager	getInstance() Retrieve the WysiwygManager singleton.
org.jsoup.safety.Whitelist	getWhitelist() Retrive the JSoup Whitelist used for HTML sanitization.
static org.jsoup.safety.Whitelist	loadWhitelist(JProperties properties) Initialize a JSoup Whitelist from configuration available in the specifie JProperties.
void	propertiesChange(JProperties properties) Invoked after properties have been modified in JCMS and save on disk.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLEANHTML_CTXT_DATA

public static final String CLEANHTML_CTXT_DATA

HTML cleanup context map key to use to store the Data instance for which HTML cleanup is being performed.

See Also:

Constant Field Values

CLEANHTML_CTXT_FIELDNAME

public static final String CLEANHTML_CTXT_FIELDNAME

HTML cleanup context map key to use to store the name of the Data field for which HTML cleanup is being performed.

See Also:

Constant Field Values

Method Detail

getInstance

public static final WysiwygManager getInstance()

Retrieve the WysiwygManager singleton.

Returns:

the WysiwygManager singleton.

propertiesChange

public void propertiesChange(JProperties properties)

Description copied from interface: JPropertiesListener

Invoked after properties have been modified in JCMS and save on disk.

You cannot alter the value received in parameters.

Specified by:

propertiesChange in interface JPropertiesListener

Parameters:

properties - the properties which have been modified (may not contain all JCMS properties)

getWhitelist

public org.jsoup.safety.Whitelist getWhitelist()

Retrive the JSoup Whitelist used for HTML sanitization.

Returns:

a JSoup Whitelist object, never return null.

loadWhitelist

public static org.jsoup.safety.Whitelist loadWhitelist(JProperties properties)

Initialize a JSoup Whitelist from configuration available in the specifie JProperties. Several configuration can be simultaneously declared through properties wysiwyg.sanitize-html.whitelist.*..

 # Declare a configuration of whitelist
 # Is this whitelist enabled (if so, it will be added to other enabled whitelist configuration)
 wysiwyg.sanitize-html.whitelist.somewhitelist.enabled: false
 # HTML tags and attributes allowed by this whitelist
 wysiwyg.sanitize-html.whitelist.somewhitelist.tags:\
    a[href|title],\
    blockquote[cite],\
    strong
 # Protocols authorized for use for the specified tag & attribute
 wysiwyg.sanitize-html.whitelist.somewhitelist.protocols.a: href[ftp|http|https|mailto]
 wysiwyg.sanitize-html.whitelist.somewhitelist.protocols.blockquote: cite[http|https]
 

Only the configurations that have been enabled will be used to create the Whitelist object.

Parameters:

properties - the JProperties from which configuration will be read to create the Whitelist

Returns:

a Whitelist object (never return null)

cleanHtml

public static String cleanHtml(String unsafeStr,
                               Map<String,Object> contextMap)

Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.

Cleaning will occurs only if HTML sanitization is enabled with property wysiwyg.sanitize-html: true.

Parameters:

unsafeStr - input untrusted HTML (body fragment)

contextMap - a contextual map used to provide additionnal information regarding sanization context

Returns:

safe HTML (body fragment), original unsafeStr is returned if sanitization is disabled.

cleanHtml

public static String[] cleanHtml(String[] unsafeStrArray,
                                 Map<String,Object> contextMap)

Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.

Cleaning will occurs only if HTML sanitization is enabled with property wysiwyg.sanitize-html: true.

Parameters:

unsafeStrArray - array of untrusted input HTML (body fragment)

contextMap - a contextual map used to provide additionnal information regarding sanization context

Returns:

array of safe HTML (body fragment), original array is returned if sanitization is disabled.

getCleanHtmlContextMap

public static Map<String,Object> getCleanHtmlContextMap(Data data,
                                                        String fieldName)

Retrieve a context map for use in cleanHtml method.

Parameters:

data - the Data for which the HTML cleanup is being performed

fieldName - the name of the Data field for which the HTML cleanup is being performed

Returns:

a new Map, never return null.