use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.
the class MarkupHandler method emitMultipleFragment.
private void emitMultipleFragment(String name, Interpolation interpolation, char quoteChar, PluginInvoke invoke) {
// Simplified algorithm for attribute output, which works when the interpolation is not of size 1. In this
// case we are certain that the attribute value cannot be the boolean value true, so we can skip this test
// altogether
Expression expression = expressionWrapper.transform(interpolation, getAttributeMarkupContext(name), ExpressionContext.ATTRIBUTE);
String attrContent = symbolGenerator.next("attrContent");
String shouldDisplayAttr = symbolGenerator.next("shouldDisplayAttr");
stream.write(new VariableBinding.Start(attrContent, expression.getRoot()));
stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrContent), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrContent)))));
stream.write(new Conditional.Start(shouldDisplayAttr, true));
emitAttributeStart(name);
invoke.beforeAttributeValue(stream, name, expression.getRoot());
emitAttributeValueStart(quoteChar);
stream.write(new OutputVariable(attrContent));
emitAttributeEnd(quoteChar);
invoke.afterAttributeValue(stream, name);
stream.write(Conditional.END);
stream.write(VariableBinding.END);
stream.write(VariableBinding.END);
}
use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.
the class MarkupHandler method requireContext.
private Interpolation requireContext(Interpolation interpolation) {
Interpolation result = new Interpolation();
for (Fragment fragment : interpolation.getFragments()) {
Fragment addedFragment;
if (fragment.isString()) {
addedFragment = fragment;
} else {
if (fragment.getExpression().containsOption(Syntax.CONTEXT_OPTION)) {
addedFragment = fragment;
} else {
String currentTag = currentElementTag();
String warningMessage = String.format("Element %s requires that all expressions have an explicit context specified. " + "The expression will be replaced with an empty string.", currentTag);
stream.warn(new PushStream.StreamMessage(warningMessage, fragment.getExpression().getRawText()));
addedFragment = new Fragment.Expr(new Expression(StringConstant.EMPTY));
}
}
result.addFragment(addedFragment);
}
return result;
}
use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.
the class ExpressionWrapperTest method testFormatOptionsRemoval.
@Test
public void testFormatOptionsRemoval() {
Interpolation interpolation = new Interpolation();
Map<String, ExpressionNode> options = new HashMap<>();
List<ExpressionNode> formatArray = new ArrayList<>();
formatArray.add(new StringConstant("John"));
formatArray.add(new StringConstant("Doe"));
options.put(FormatFilter.FORMAT_OPTION, new ArrayLiteral(formatArray));
interpolation.addExpression(new Expression(new StringConstant("Hello {0} {1}"), options));
ExpressionWrapper wrapper = new ExpressionWrapper(filters);
Expression result = wrapper.transform(interpolation, MarkupContext.TEXT, ExpressionContext.TEXT);
List<ExpressionNode> xssArguments = runOptionsAndXSSAssertions(result, 0);
RuntimeCall format = (RuntimeCall) xssArguments.get(0);
assertEquals(RuntimeFunction.FORMAT, format.getFunctionName());
}
use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.
the class MarkupHandler method emitSingleFragment.
private void emitSingleFragment(String name, Interpolation interpolation, char quoteChar, PluginInvoke invoke) {
//raw expression
Expression valueExpression = expressionWrapper.transform(interpolation, null, ExpressionContext.ATTRIBUTE);
//holds the raw attribute value
String attrValue = symbolGenerator.next("attrValue");
//holds the escaped attribute value
String attrContent = symbolGenerator.next("attrContent");
// holds the comparison (attrValue == true)
String isTrueVar = symbolGenerator.next("isTrueAttr");
String shouldDisplayAttr = symbolGenerator.next("shouldDisplayAttr");
MarkupContext markupContext = getAttributeMarkupContext(name);
boolean alreadyEscaped = false;
if (valueExpression.getRoot() instanceof RuntimeCall) {
RuntimeCall rc = (RuntimeCall) valueExpression.getRoot();
if (RuntimeFunction.XSS.equals(rc.getFunctionName())) {
alreadyEscaped = true;
}
}
ExpressionNode node = valueExpression.getRoot();
//attrContent = <expr>
stream.write(new VariableBinding.Start(attrValue, node));
if (!alreadyEscaped) {
Expression contentExpression = valueExpression.withNode(new Identifier(attrValue));
stream.write(new VariableBinding.Start(attrContent, adjustContext(compilerContext, contentExpression, markupContext, ExpressionContext.ATTRIBUTE).getRoot()));
stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrContent), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrValue)))));
} else {
stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrValue), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrValue)))));
}
// if (attrContent)
stream.write(new Conditional.Start(shouldDisplayAttr, true));
//write("attrName");
emitAttributeStart(name);
invoke.beforeAttributeValue(stream, name, node);
stream.write(new //isTrueAttr = (attrValue == true)
VariableBinding.Start(//isTrueAttr = (attrValue == true)
isTrueVar, new BinaryOperation(BinaryOperator.EQ, new Identifier(attrValue), BooleanConstant.TRUE)));
//if (!isTrueAttr)
stream.write(new Conditional.Start(isTrueVar, false));
// write("='");
emitAttributeValueStart(quoteChar);
if (!alreadyEscaped) {
//write(attrContent)
stream.write(new OutputVariable(attrContent));
} else {
// write(attrValue)
stream.write(new OutputVariable(attrValue));
}
//write("'");
emitAttributeEnd(quoteChar);
//end if isTrueAttr
stream.write(Conditional.END);
//end scope for isTrueAttr
stream.write(VariableBinding.END);
invoke.afterAttributeValue(stream, name);
//end if attrContent
stream.write(Conditional.END);
//end scope for attrContent
stream.write(VariableBinding.END);
if (!alreadyEscaped) {
stream.write(VariableBinding.END);
}
//end scope for attrValue
stream.write(VariableBinding.END);
}
use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.
the class MarkupHandler method attributeChecked.
private Interpolation attributeChecked(String attributeName, Interpolation interpolation) {
if (!MarkupUtils.isSensitiveAttribute(attributeName)) {
return interpolation;
}
Interpolation newInterpolation = new Interpolation();
for (Fragment fragment : interpolation.getFragments()) {
Fragment addedFragment = fragment;
if (fragment.isExpression()) {
Expression expression = fragment.getExpression();
if (!expression.containsOption(Syntax.CONTEXT_OPTION)) {
String warningMessage = String.format("Expressions within the value of attribute %s need to have an explicit context " + "option. The expression will be replaced with an empty string.", attributeName);
stream.warn(new PushStream.StreamMessage(warningMessage, expression.getRawText()));
addedFragment = new Fragment.Text("");
}
}
newInterpolation.addFragment(addedFragment);
}
return newInterpolation;
}
Aggregations