| java.lang.Object org.jasig.portal.channels.SaferHTMLHandler
SaferHTMLHandler | public class SaferHTMLHandler implements ContentHandler(Code) | | ContentHandler that will produce a document that only includes
a white listed list of elements, attributes and URL schemes. Only
HTML that is considered to be safe from cross-site scripting
attacks is passed on to the document.
|
Method Summary | |
public void | characters(char[] ch, int start, int length) | public void | endDocument() | public void | endElement(String uri, String localName, String qName) | public void | endPrefixMapping(String prefix) | public void | ignorableWhitespace(char[] ch, int start, int length) | public void | processingInstruction(String target, String data) | public static String | sanitizeURL(String url) Make sure to only allow safe URL schemes.
This includes http, https, ftp, mailto. | public void | setDocumentLocator(Locator locator) | public void | skippedEntity(String name) | public void | startDocument() | public void | startElement(String uri, String localName, String qName, Attributes atts) | public void | startPrefixMapping(String prefix, String uri) |
characters | public void characters(char[] ch, int start, int length) throws SAXException(Code) | | |
ignorableWhitespace | public void ignorableWhitespace(char[] ch, int start, int length) throws SAXException(Code) | | |
sanitizeURL | public static String sanitizeURL(String url)(Code) | | Make sure to only allow safe URL schemes.
This includes http, https, ftp, mailto. This will
prevent dangerous javascript URLs and other things
we never even thought about. Returns url unaltered
if the scheme is save. Returns empty string if the
scheme is unsafe.
We could add more URL schemes if we determine they are
need and safe.
|
setDocumentLocator | public void setDocumentLocator(Locator locator)(Code) | | |
|
|