Package com.jalios.jcms.wysiwyg.safety

Class Cleaner

java.lang.Object

com.jalios.jcms.wysiwyg.safety.Cleaner

Direct Known Subclasses:

AttributeCleaner

public class Cleaner
extends java.lang.Object

Provides common settings for any sanitizer.

• enabled
• whitelisted set
• whitelist regular expression
• blacklisted set
• blacklist regular expression
• default behavior when value is not found in whitelist/blacklist

Whitelist and whitelist regex have precedence over blacklist and blacklist regex.
The setDefaultBehavior(boolean) authorization is applied to values which are neither whitelisted nor blacklisted (through list or regex). Default is to consider unknown values are unauthorized.

Since:

jcms-10.0.0 / JCMS-6170

Constructor Summary

Constructors

Constructor	Description
Cleaner()

Method Summary

Modifier and Type	Method	Description
void	addBlacklistedValue(java.lang.String... values)	Add the specified value to the blacklisted values.
void	addWhitelistedValue(java.lang.String... values)	Add the specified value to the whitelisted values.
void	configureFromProperties(JProperties prop)	Configure the current cleaner with the specified properties.
java.util.Set<java.lang.String>	getBlacklist()	Retrieve the blacklisted values
java.lang.String	getBlacklistRegex()	Retrieve the blacklist regular expression
boolean	getDefaultBehavior()	Get default behavior applied for values not part of whitelist or blacklist and which do not match any whitelist or blacklist pattern.
java.util.Set<java.lang.String>	getWhitelist()	Retrieve the whitelited values
java.lang.String	getWhitelistRegex()	Retrieve the whitelist regular expression
boolean	isAuthorized(java.lang.String value)	Check if the specified value is authorized or not.
boolean	isEnabled()	Check if this cleaner is enabled.
void	removeBlacklistedValue(java.lang.String... values)	Remove the specified value from blacklisted values.
void	removeWhitelistedValue(java.lang.String... values)	Remove the specified value from authorized values.
void	setBlacklistRegex(java.lang.String blacklistRegex)	Set the regular expresion to consider value as blacklisted
void	setDefaultBehavior(boolean authorize)	Set the default behavior applied for values not part of whitelist or blacklist and which do not match any whitelist or blacklist pattern.
void	setEnabled(boolean enabled)	Set the enabled status of this cleaner
void	setWhitelistRegex(java.lang.String whitelistRegex)	Set the regular expresion to consider value as whitelisted
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

Cleaner

public Cleaner()

Method Detail

configureFromProperties

public void configureFromProperties(JProperties prop)

Configure the current cleaner with the specified properties.

Parameters:

prop - a instance of JProperties, must not be null

setEnabled

public void setEnabled(boolean enabled)

Set the enabled status of this cleaner

Parameters:

enabled - true to enable, false to disable

isEnabled

public boolean isEnabled()

Check if this cleaner is enabled.

Returns:

the enabled

addWhitelistedValue

public void addWhitelistedValue(java.lang.String... values)

Add the specified value to the whitelisted values.

Parameters:

values - any value

removeWhitelistedValue

public void removeWhitelistedValue(java.lang.String... values)

Remove the specified value from authorized values.

Parameters:

values - any value

getWhitelist

public java.util.Set<java.lang.String> getWhitelist()

Retrieve the whitelited values

Returns:

a set of whitelisted values, never return null

setWhitelistRegex

public void setWhitelistRegex(java.lang.String whitelistRegex)

Set the regular expresion to consider value as whitelisted

Parameters:

whitelistRegex - a regular expression

getWhitelistRegex

public java.lang.String getWhitelistRegex()

Retrieve the whitelist regular expression

Returns:

a regex or null if none is defined

addBlacklistedValue

public void addBlacklistedValue(java.lang.String... values)

Add the specified value to the blacklisted values.

Parameters:

values - any attribute values (eg alert-danger)

removeBlacklistedValue

public void removeBlacklistedValue(java.lang.String... values)

Remove the specified value from blacklisted values.

Parameters:

values - any attribute values (eg modal)

getBlacklist

public java.util.Set<java.lang.String> getBlacklist()

Retrieve the blacklisted values

Returns:

a set of blacklisted values, never return null

setBlacklistRegex

public void setBlacklistRegex(java.lang.String blacklistRegex)

Set the regular expresion to consider value as blacklisted

Parameters:

blacklistRegex - a regular expression

getBlacklistRegex

public java.lang.String getBlacklistRegex()

Retrieve the blacklist regular expression

Returns:

a regex or null if none is defined

setDefaultBehavior

public void setDefaultBehavior(boolean authorize)

Set the default behavior applied for values not part of whitelist or blacklist and which do not match any whitelist or blacklist pattern.

Default is false: unknown values are considered as unauthorized.

Parameters:

authorize - true to authorize unknown values, false to blacklist

getDefaultBehavior

public boolean getDefaultBehavior()

Get default behavior applied for values not part of whitelist or blacklist and which do not match any whitelist or blacklist pattern.

Default is false: unknown values are considered as unauthorized.

Returns:

true if authorized, false if unauthorized

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

isAuthorized

public boolean isAuthorized(java.lang.String value)

Check if the specified value is authorized or not.

Parameters:

value - the value to verify

Returns:

true if value is authorized, false otherwise