com.jalios.jcms

Class WysiwygManager

java.lang.Object

com.jalios.jcms.WysiwygManager

All Implemented Interfaces:

JPropertiesListener

public final class WysiwygManager
extends java.lang.Object
implements JPropertiesListener

HTML manipulation methods for use inside JCMS.

Since:

JCMS-3751

See Also:

HtmlUtil, WysiwygMediasRewriter, WysiwygRenderer, WysiwygPolicyFilter

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CLEANHTML_CTXT_CLEANDOC HTML cleanup context map key used to store the current JSoup Document obtained after cleaning process.
static java.lang.String	CLEANHTML_CTXT_DATA HTML cleanup context map key to use to store the Data instance for which HTML cleanup is being performed.
static java.lang.String	CLEANHTML_CTXT_DIRTYDOC HTML cleanup context map key used to store the current JSoup Document obtained after parsing of user input.
static java.lang.String	CLEANHTML_CTXT_FIELDNAME HTML cleanup context map key to use to store the name of the Data field for which HTML cleanup is being performed.
static java.lang.String	CLEANHTML_CTXT_WHITELIST HTML cleanup context map key used to store the current JSoup Whitelist being used to clean the HTML.

Fields inherited from interface com.jalios.util.JPropertiesListener

REVISION

Method Summary

Methods

Modifier and Type	Method and Description
static java.lang.String[]	cleanHtml(java.lang.String[] unsafeStrArray, java.util.Map<java.lang.String,java.lang.Object> contextMap) Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.
static java.lang.String	cleanHtml(java.lang.String unsafeStr, java.util.Map<java.lang.String,java.lang.Object> contextMap) Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.
static java.util.Map<java.lang.String,java.lang.Object>	getCleanHtmlContextMap(Data data, java.lang.String fieldName) Retrieve a context map for use in cleanHtml method.
static WysiwygManager	getInstance() Retrieve the WysiwygManager singleton.
org.jsoup.safety.Whitelist	getWhitelist() Retrive the JSoup Whitelist used for HTML sanitization.
static org.jsoup.safety.Whitelist	loadWhitelist(JProperties properties) Initialize a JSoup Whitelist from configuration available in the specifie JProperties.
void	propertiesChange(JProperties properties) Invoked after properties have been modified in JCMS and save on disk.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLEANHTML_CTXT_DATA

public static final java.lang.String CLEANHTML_CTXT_DATA

HTML cleanup context map key to use to store the Data instance for which HTML cleanup is being performed.

See Also:

Constant Field Values

CLEANHTML_CTXT_FIELDNAME

public static final java.lang.String CLEANHTML_CTXT_FIELDNAME

HTML cleanup context map key to use to store the name of the Data field for which HTML cleanup is being performed.

See Also:

Constant Field Values

CLEANHTML_CTXT_WHITELIST

public static final java.lang.String CLEANHTML_CTXT_WHITELIST

HTML cleanup context map key used to store the current JSoup Whitelist being used to clean the HTML.

See Also:

Constant Field Values

CLEANHTML_CTXT_DIRTYDOC

public static final java.lang.String CLEANHTML_CTXT_DIRTYDOC

HTML cleanup context map key used to store the current JSoup Document obtained after parsing of user input.

See Also:

Constant Field Values

CLEANHTML_CTXT_CLEANDOC

public static final java.lang.String CLEANHTML_CTXT_CLEANDOC

HTML cleanup context map key used to store the current JSoup Document obtained after cleaning process.

See Also:

Constant Field Values

Method Detail

getInstance

public static final WysiwygManager getInstance()

Retrieve the WysiwygManager singleton.

Returns:

the WysiwygManager singleton.

propertiesChange

public void propertiesChange(JProperties properties)

Description copied from interface: JPropertiesListener

Invoked after properties have been modified in JCMS and save on disk.

You cannot alter the value received in parameters.

Specified by:

propertiesChange in interface JPropertiesListener

Parameters:

properties - the properties which have been modified (may not contain all JCMS properties)

getWhitelist

public org.jsoup.safety.Whitelist getWhitelist()

Retrive the JSoup Whitelist used for HTML sanitization.

Returns:

a JSoup Whitelist object, never return null.

loadWhitelist

public static org.jsoup.safety.Whitelist loadWhitelist(JProperties properties)

Initialize a JSoup Whitelist from configuration available in the specifie JProperties. Several configuration can be simultaneously declared through properties wysiwyg.sanitize-html.whitelist.*..

 # Declare a configuration of whitelist
 # Is this whitelist enabled (if so, it will be added to other enabled whitelist configuration)
 wysiwyg.sanitize-html.whitelist.somewhitelist.enabled: false
 # HTML tags and attributes allowed by this whitelist
 wysiwyg.sanitize-html.whitelist.somewhitelist.tags:\
    a[href|title],\
    blockquote[cite],\
    strong
 # Protocols authorized for use for the specified tag & attribute
 wysiwyg.sanitize-html.whitelist.somewhitelist.protocols.a: href[ftp|http|https|mailto]
 wysiwyg.sanitize-html.whitelist.somewhitelist.protocols.blockquote: cite[http|https]
 

Only the configurations that have been enabled will be used to create the Whitelist object.

Parameters:

properties - the JProperties from which configuration will be read to create the Whitelist

Returns:

a Whitelist object (never return null)

cleanHtml

public static java.lang.String cleanHtml(java.lang.String unsafeStr,
                         java.util.Map<java.lang.String,java.lang.Object> contextMap)

Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.

Cleaning will occurs only if HTML sanitization is enabled with property wysiwyg.sanitize-html: true.

Parameters:

unsafeStr - input untrusted HTML (body fragment)

contextMap - a contextual map used to provide additionnal information regarding sanization context

Returns:

safe HTML (body fragment), original unsafeStr is returned if sanitization is disabled.

cleanHtml

public static java.lang.String[] cleanHtml(java.lang.String[] unsafeStrArray,
                           java.util.Map<java.lang.String,java.lang.Object> contextMap)

Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.

Cleaning will occurs only if HTML sanitization is enabled with property wysiwyg.sanitize-html: true.

Parameters:

unsafeStrArray - array of untrusted input HTML (body fragment)

contextMap - a contextual map used to provide additionnal information regarding sanization context

Returns:

array of safe HTML (body fragment), original array is returned if sanitization is disabled.

getCleanHtmlContextMap

public static java.util.Map<java.lang.String,java.lang.Object> getCleanHtmlContextMap(Data data,
                                                                      java.lang.String fieldName)

Retrieve a context map for use in cleanHtml method.

Parameters:

data - the Data for which the HTML cleanup is being performed

fieldName - the name of the Data field for which the HTML cleanup is being performed

Returns:

a new Map, never return null.