Package com.jalios.jcms.wysiwyg

Class WysiwygManager

    • Field Detail

      • RESPONSIVE_IMAGE_ENABLED_PROP

        protected static final java.lang.String RESPONSIVE_IMAGE_ENABLED_PROP
        See Also:
        Constant Field Values

      • RESPONSIVE_IMAGE_SRCSET_WIDTH_LIST_PROP

        protected static final java.lang.String RESPONSIVE_IMAGE_SRCSET_WIDTH_LIST_PROP
        See Also:
        Constant Field Values

      • RESPONSIVE_IMAGE_ENABLED_PARAMETER

        protected static final java.lang.String RESPONSIVE_IMAGE_ENABLED_PARAMETER
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_DATA

        public static final java.lang.String CLEANHTML_CTXT_DATA
        HTML cleanup context map key to use to store the Data instance for which HTML cleanup is being performed.
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_FIELDNAME

        public static final java.lang.String CLEANHTML_CTXT_FIELDNAME
        HTML cleanup context map key to use to store the name of the Data field for which HTML cleanup is being performed.
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_TYPEFIELDENTRY

        public static final java.lang.String CLEANHTML_CTXT_TYPEFIELDENTRY
        HTML cleanup context map key to use to store the TypeFieldEntry of field for which HTML cleanup is being performed.
        Since:
        10.0.8 - JCMS-9203
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_SAFELIST

        public static final java.lang.String CLEANHTML_CTXT_SAFELIST
        HTML cleanup context map key used to store the current JSoup Safelist being used to clean the HTML.
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_ATTRIBUTE_CLEANERS

        public static final java.lang.String CLEANHTML_CTXT_ATTRIBUTE_CLEANERS
        HTML cleanup context map key used to store the List of AttributeCleaner used to sanitize the HTML attributes.
        Since:
        jcms-10.0.0 / JCMS-6170
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_DIRTYDOC

        public static final java.lang.String CLEANHTML_CTXT_DIRTYDOC
        HTML cleanup context map key used to store the current JSoup Document obtained after parsing of user input.
        See Also:
        Constant Field Values

      • CLEANHTML_CTXT_CLEANDOC

        public static final java.lang.String CLEANHTML_CTXT_CLEANDOC
        HTML cleanup context map key used to store the current JSoup Document obtained after cleaning process.
        See Also:
        Constant Field Values

      • FULLHTML_DEFAULT_REGEX

        public static final java.lang.String FULLHTML_DEFAULT_REGEX
        Default regular expression used to detect if a string is a full html content (with html/doctype/meta/head) or a "simpler" HTML fragment (containing only the body)
        See Also:
        Constant Field Values

      • CLEANHTML_CTX_BLOCKS_CLASS_BLACKLIST

        public static final java.lang.String CLEANHTML_CTX_BLOCKS_CLASS_BLACKLIST
        HTML cleanup context map key used to store css classes used as selectors to delete blocks during the cleaning process
        See Also:
        Constant Field Values

    • Method Detail

      • propertiesChange

        public void propertiesChange​(JProperties properties)
        Description copied from interface: JPropertiesListener
        Invoked after properties have been modified in JCMS and save on disk.

        You cannot alter the value received in parameters.

        Note that properties parameter may be null, a limited set of site properties, or all site properties.

        To check that a property has been modified, reload the "current" property instead using channel.getProperties or channel.getProperty.

        Specified by:
        propertiesChange in interface JPropertiesListener
        Parameters:
        properties - the properties which have been submitted to change

      • isHtmlFragment

        public static boolean isHtmlFragment​(java.lang.String str)
        Check if the specified HTML is a "full html content" (with html/doctype/meta/head) or a "simpler" HTML fragment (containing only the body).

        Method behavior can be customized by specifying a regular expression in property wysiwyg.full-html-regex to detect "full HTML".

        Implementation note :
        Empty HTML are considered to be fragments.
        This method implementation is a best effort to differentiate both variation, it is not meant to be perfect.

        Parameters:
        str - the HTML string to check
        Returns:
        true if HTML is a fragment, false otherwise.
        Since:
        jcms-9.0.5

      • isLightboxEnabled

        public boolean isLightboxEnabled()
        Returns:
        true if lightbox are enabled on wysiwyg images
        Since:
        jcms-10.0.6

      • isResponsiveImagesEnabled

        public boolean isResponsiveImagesEnabled()
        Returns:
        weither to use responsive images.
        Since:
        jcms-10.0.7 JCMS-4963

      • getResponsiveImagesSrcsetWidthList

        protected java.util.List<java.lang.Integer> getResponsiveImagesSrcsetWidthList()
        Returns:
        the list of width an image in JHTML should provide a responsive, thumbnail version of.
        Since:
        jcms-10.0.7 JCMS-4963

      • addResponsiveImageAttributes

        protected void addResponsiveImageAttributes​(org.jsoup.nodes.Element img,
                                            FileDocument fileDoc,
                                            int mediaTagWidth,
                                            int mediaTagHeight)
        Adds srcset HTML image tag attribute to allow client side browser to use the more relevant image regarding client viewport.
        Parameters:
        img - the JSoup document in which to perform modification (must not be null)
        fileDoc - the fileDoc for which image is added responsive utilities
        mediaTagWidth - image width to set in attribute (optional, use 0 or negative value to ignore)
        mediaTagHeight - image height to set in attribute (optional, use 0 or negative value to ignore)
        Since:
        jcms-10.0.7 JCMS-4963

      • getSafelist

        public org.jsoup.safety.Safelist getSafelist()
        Retrive the JSoup Safelist used for HTML sanitization.
        Returns:
        a JSoup Safelist object, never return null.
        Since:
        JCMS-9246 (was getWhitelist() before)

      • loadSafelist

        public static org.jsoup.safety.Safelist loadSafelist​(JProperties properties)
        Initialize a JSoup Safelist from configuration available in the specified JProperties. Several configuration can be simultaneously declared through properties wysiwyg.sanitize-html.whitelist.*.. 
         # Declare a configuration of whitelist
 # Is this whitelist enabled (if so, it will be added to other enabled whitelist configuration)
 wysiwyg.sanitize-html.whitelist.somewhitelist.enabled: false
 # HTML tags and attributes allowed by this whitelist
 wysiwyg.sanitize-html.whitelist.somewhitelist.tags:\
    a[href|title],\
    blockquote[cite],\
    strong
 # Protocols authorized for use for the specified tag and attribute
 wysiwyg.sanitize-html.whitelist.somewhitelist.protocols.a: href[ftp|http|https|mailto]
 wysiwyg.sanitize-html.whitelist.somewhitelist.protocols.blockquote: cite[http|https]
        Only the configurations that have been enabled will be used to create the Safelist object.
        Parameters:
        properties - the JProperties from which configuration will be read to create the Safelist
        Returns:
        a Safelist object (never return null)
        Since:
        JCMS-9246 (was loadWhitelist() before)

      • loadAttributeCleaners

        public java.util.List<AttributeCleaner> loadAttributeCleaners​(JProperties properties)
        Initialize HTML attributes cleaner from properties.

        Two types of cleaners are being loaded :

        You can declare several configuration simultaneously, each configuration using a unique identifier.

        HTML attribute cleaner.

         # Property allowing quick toggle of the enable status for this configuration
 wysiwyg.sanitize-html.attributes.somecleaner.enabled: true
 # Name of attribute being cleaned (optional if the cleaner name is the name of the attribute)
 wysiwyg.sanitize-html.attributes.somecleaner.attribute: class
 # optional value delimiter if attribute may contains several value (as it it the case for the class attributes) 
 wysiwyg.sanitize-html.attributes.somecleaner.attribute: \\s
 # Set of authorized values, separated with space
 wysiwyg.sanitize-html.attributes.somecleaner.whitelist: wysiwyg
 # Regular expresion to consider value as whitelisted
 wysiwyg.sanitize-html.attributes.somecleaner.whitelist-regex: mysite-.*
 # Set of forbidden values, separated with space
 wysiwyg.sanitize-html.whitelist.somecleaner.blacklist: wysiwyg
 # Regular expresion to consider value as blacklisted
 wysiwyg.sanitize-html.attributes.somecleaner.blacklist-regex: ajax-.*
 # Default behavior applied for values which are not whitelisted or blacklisted (through list or regex).
 # Default is false: unknown values are considered as unauthorized.
 # Set to true to authorize unknown values
 wysiwyg.sanitize-html.attributes.somecleaner.default-behavior: true

        Inline styles cleaner is a variation of HTML attribute, for which validation is applied on css property contained in the style attribute. 

         # Property allowing quick toggle of the enable status for this configuration
 wysiwyg.sanitize-html.inline-styles.mycleanerconf.enabled: true
 # Set of authorized values, separated with space
 wysiwyg.sanitize-html.inline-styles.mycleanerconf.whitelist: color text-align
 # Regular expresion to consider value as whitelisted
 wysiwyg.sanitize-html.inline-styles.mycleanerconf.whitelist-regex: font-.*
 # Set of forbidden values, separated with space
 wysiwyg.sanitize-html.whitelist.mycleanerconf.blacklist: position
 # Regular expresion to consider value as blacklisted
 wysiwyg.sanitize-html.inline-styles.mycleanerconf.blacklist-regex: ^(margin|padding).*$
 # Default behavior applied for values which are not whitelisted or blacklisted (through list or regex).
 # Default is false: unknown values are considered as unauthorized.
 # Set to true to authorize unknown values
 wysiwyg.sanitize-html.inline-styles.mycleanerconf.default-behavior: false
        Parameters:
        properties - the JProperties from which configuration will be read to create the cleaners
        Returns:
        a list of cleaner instanciated and configured from the specified properties. (never return null)
        Since:
        jcms-10.0.0 / JCMS-6170

      • cleanHtml

        public static java.lang.String cleanHtml​(java.lang.String unsafeStr,
                                         java.util.Map<java.lang.String,​java.lang.Object> contextMap)
        Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.

        Cleaning will occurs only if HTML sanitization is enabled with property wysiwyg.sanitize-html: true.

        Parameters:
        unsafeStr - input untrusted HTML (body fragment)
        contextMap - a contextual map used to provide additionnal information regarding sanization context
        Returns:
        safe HTML (body fragment), original unsafeStr is returned if sanitization is disabled.

      • cleanHtml

        public static java.lang.String[] cleanHtml​(java.lang.String[] unsafeStrArray,
                                           java.util.Map<java.lang.String,​java.lang.Object> contextMap)
        Get safe HTML from untrusted input HTML, by parsing input HTML and filtering it through a white-list of permitted tags and attributes.

        Cleaning will occurs only if HTML sanitization is enabled with property wysiwyg.sanitize-html: true.

        Parameters:
        unsafeStrArray - array of untrusted input HTML (body fragment)
        contextMap - a contextual map used to provide additionnal information regarding sanization context
        Returns:
        array of safe HTML (body fragment), original array is returned if sanitization is disabled.

      • getCleanHtmlContextMap

        public static java.util.Map<java.lang.String,​java.lang.Object> getCleanHtmlContextMap​(Data data,
                                                                                            java.lang.String fieldName)
        Retrieve a context map for use in cleanHtml method.
        Parameters:
        data - the Data for which the HTML cleanup is being performed
        fieldName - the name of the Data field for which the HTML cleanup is being performed
        Returns:
        a new Map, never return null.

      • getCleanHtmlContextMap

        public static java.util.Map<java.lang.String,​java.lang.Object> getCleanHtmlContextMap​(TypeFieldEntry tfe)
        Retrieve a context map for use in cleanHtml method.
        Parameters:
        tfe - the TypeFieldEntry of field for which HTML cleanup is being performed.
        Returns:
        a new Map, never return null.
        Since:
        10.0.8 - JCMS-9203

      • getConfiguration

        public WysiwygConfiguration getConfiguration​(java.lang.String configurationId)
        Returns the WysiwygConfiguration from the given configuration ID
        Parameters:
        configurationId - ID of WISYWYG configuration
        Returns:
        WysiwygConfiguration object, or null if there is no configuration with the given ID

      • getPluginConfigurations

        public PluginConfiguration[] getPluginConfigurations​(java.lang.String configurationId)
        Returns the PluginConfigurations found in the Configuration corresponding to the given ID.
        Parameters:
        configurationId - ID of WISYWYG configuration
        Returns:
        Array of PluginConfigurations