Search in sources :

Example 6 with Expression

use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.

the class MarkupHandler method emitMultipleFragment.

private void emitMultipleFragment(String name, Interpolation interpolation, char quoteChar, PluginInvoke invoke) {
    // Simplified algorithm for attribute output, which works when the interpolation is not of size 1. In this
    // case we are certain that the attribute value cannot be the boolean value true, so we can skip this test
    // altogether
    Expression expression = expressionWrapper.transform(interpolation, getAttributeMarkupContext(name), ExpressionContext.ATTRIBUTE);
    String attrContent = symbolGenerator.next("attrContent");
    String shouldDisplayAttr = symbolGenerator.next("shouldDisplayAttr");
    stream.write(new VariableBinding.Start(attrContent, expression.getRoot()));
    stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrContent), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrContent)))));
    stream.write(new Conditional.Start(shouldDisplayAttr, true));
    emitAttributeStart(name);
    invoke.beforeAttributeValue(stream, name, expression.getRoot());
    emitAttributeValueStart(quoteChar);
    stream.write(new OutputVariable(attrContent));
    emitAttributeEnd(quoteChar);
    invoke.afterAttributeValue(stream, name);
    stream.write(Conditional.END);
    stream.write(VariableBinding.END);
    stream.write(VariableBinding.END);
}
Also used : Identifier(org.apache.sling.scripting.sightly.compiler.expression.nodes.Identifier) Expression(org.apache.sling.scripting.sightly.compiler.expression.Expression) BinaryOperation(org.apache.sling.scripting.sightly.compiler.expression.nodes.BinaryOperation) Conditional(org.apache.sling.scripting.sightly.compiler.commands.Conditional) StringConstant(org.apache.sling.scripting.sightly.compiler.expression.nodes.StringConstant) VariableBinding(org.apache.sling.scripting.sightly.compiler.commands.VariableBinding) OutputVariable(org.apache.sling.scripting.sightly.compiler.commands.OutputVariable)

Example 7 with Expression

use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.

the class MarkupHandler method requireContext.

private Interpolation requireContext(Interpolation interpolation) {
    Interpolation result = new Interpolation();
    for (Fragment fragment : interpolation.getFragments()) {
        Fragment addedFragment;
        if (fragment.isString()) {
            addedFragment = fragment;
        } else {
            if (fragment.getExpression().containsOption(Syntax.CONTEXT_OPTION)) {
                addedFragment = fragment;
            } else {
                String currentTag = currentElementTag();
                String warningMessage = String.format("Element %s requires that all expressions have an explicit context specified. " + "The expression will be replaced with an empty string.", currentTag);
                stream.warn(new PushStream.StreamMessage(warningMessage, fragment.getExpression().getRawText()));
                addedFragment = new Fragment.Expr(new Expression(StringConstant.EMPTY));
            }
        }
        result.addFragment(addedFragment);
    }
    return result;
}
Also used : Interpolation(org.apache.sling.scripting.sightly.impl.compiler.frontend.Interpolation) Expression(org.apache.sling.scripting.sightly.compiler.expression.Expression) PushStream(org.apache.sling.scripting.sightly.impl.compiler.PushStream) Fragment(org.apache.sling.scripting.sightly.impl.compiler.frontend.Fragment)

Example 8 with Expression

use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.

the class ExpressionWrapperTest method testFormatOptionsRemoval.

@Test
public void testFormatOptionsRemoval() {
    Interpolation interpolation = new Interpolation();
    Map<String, ExpressionNode> options = new HashMap<>();
    List<ExpressionNode> formatArray = new ArrayList<>();
    formatArray.add(new StringConstant("John"));
    formatArray.add(new StringConstant("Doe"));
    options.put(FormatFilter.FORMAT_OPTION, new ArrayLiteral(formatArray));
    interpolation.addExpression(new Expression(new StringConstant("Hello {0} {1}"), options));
    ExpressionWrapper wrapper = new ExpressionWrapper(filters);
    Expression result = wrapper.transform(interpolation, MarkupContext.TEXT, ExpressionContext.TEXT);
    List<ExpressionNode> xssArguments = runOptionsAndXSSAssertions(result, 0);
    RuntimeCall format = (RuntimeCall) xssArguments.get(0);
    assertEquals(RuntimeFunction.FORMAT, format.getFunctionName());
}
Also used : Interpolation(org.apache.sling.scripting.sightly.impl.compiler.frontend.Interpolation) HashMap(java.util.HashMap) Expression(org.apache.sling.scripting.sightly.compiler.expression.Expression) ExpressionNode(org.apache.sling.scripting.sightly.compiler.expression.ExpressionNode) ArrayList(java.util.ArrayList) RuntimeCall(org.apache.sling.scripting.sightly.compiler.expression.nodes.RuntimeCall) StringConstant(org.apache.sling.scripting.sightly.compiler.expression.nodes.StringConstant) ArrayLiteral(org.apache.sling.scripting.sightly.compiler.expression.nodes.ArrayLiteral) ExpressionWrapper(org.apache.sling.scripting.sightly.impl.compiler.frontend.ExpressionWrapper) Test(org.junit.Test)

Example 9 with Expression

use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.

the class MarkupHandler method emitSingleFragment.

private void emitSingleFragment(String name, Interpolation interpolation, char quoteChar, PluginInvoke invoke) {
    //raw expression
    Expression valueExpression = expressionWrapper.transform(interpolation, null, ExpressionContext.ATTRIBUTE);
    //holds the raw attribute value
    String attrValue = symbolGenerator.next("attrValue");
    //holds the escaped attribute value
    String attrContent = symbolGenerator.next("attrContent");
    // holds the comparison (attrValue == true)
    String isTrueVar = symbolGenerator.next("isTrueAttr");
    String shouldDisplayAttr = symbolGenerator.next("shouldDisplayAttr");
    MarkupContext markupContext = getAttributeMarkupContext(name);
    boolean alreadyEscaped = false;
    if (valueExpression.getRoot() instanceof RuntimeCall) {
        RuntimeCall rc = (RuntimeCall) valueExpression.getRoot();
        if (RuntimeFunction.XSS.equals(rc.getFunctionName())) {
            alreadyEscaped = true;
        }
    }
    ExpressionNode node = valueExpression.getRoot();
    //attrContent = <expr>
    stream.write(new VariableBinding.Start(attrValue, node));
    if (!alreadyEscaped) {
        Expression contentExpression = valueExpression.withNode(new Identifier(attrValue));
        stream.write(new VariableBinding.Start(attrContent, adjustContext(compilerContext, contentExpression, markupContext, ExpressionContext.ATTRIBUTE).getRoot()));
        stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrContent), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrValue)))));
    } else {
        stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrValue), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrValue)))));
    }
    // if (attrContent)
    stream.write(new Conditional.Start(shouldDisplayAttr, true));
    //write("attrName");
    emitAttributeStart(name);
    invoke.beforeAttributeValue(stream, name, node);
    stream.write(new //isTrueAttr = (attrValue == true)
    VariableBinding.Start(//isTrueAttr = (attrValue == true)
    isTrueVar, new BinaryOperation(BinaryOperator.EQ, new Identifier(attrValue), BooleanConstant.TRUE)));
    //if (!isTrueAttr)
    stream.write(new Conditional.Start(isTrueVar, false));
    // write("='");
    emitAttributeValueStart(quoteChar);
    if (!alreadyEscaped) {
        //write(attrContent)
        stream.write(new OutputVariable(attrContent));
    } else {
        // write(attrValue)
        stream.write(new OutputVariable(attrValue));
    }
    //write("'");
    emitAttributeEnd(quoteChar);
    //end if isTrueAttr
    stream.write(Conditional.END);
    //end scope for isTrueAttr
    stream.write(VariableBinding.END);
    invoke.afterAttributeValue(stream, name);
    //end if attrContent
    stream.write(Conditional.END);
    //end scope for attrContent
    stream.write(VariableBinding.END);
    if (!alreadyEscaped) {
        stream.write(VariableBinding.END);
    }
    //end scope for attrValue
    stream.write(VariableBinding.END);
}
Also used : BinaryOperation(org.apache.sling.scripting.sightly.compiler.expression.nodes.BinaryOperation) RuntimeCall(org.apache.sling.scripting.sightly.compiler.expression.nodes.RuntimeCall) Conditional(org.apache.sling.scripting.sightly.compiler.commands.Conditional) OutputVariable(org.apache.sling.scripting.sightly.compiler.commands.OutputVariable) Identifier(org.apache.sling.scripting.sightly.compiler.expression.nodes.Identifier) Expression(org.apache.sling.scripting.sightly.compiler.expression.Expression) ExpressionNode(org.apache.sling.scripting.sightly.compiler.expression.ExpressionNode) MarkupContext(org.apache.sling.scripting.sightly.compiler.expression.MarkupContext) StringConstant(org.apache.sling.scripting.sightly.compiler.expression.nodes.StringConstant) VariableBinding(org.apache.sling.scripting.sightly.compiler.commands.VariableBinding)

Example 10 with Expression

use of org.apache.sling.scripting.sightly.compiler.expression.Expression in project sling by apache.

the class MarkupHandler method attributeChecked.

private Interpolation attributeChecked(String attributeName, Interpolation interpolation) {
    if (!MarkupUtils.isSensitiveAttribute(attributeName)) {
        return interpolation;
    }
    Interpolation newInterpolation = new Interpolation();
    for (Fragment fragment : interpolation.getFragments()) {
        Fragment addedFragment = fragment;
        if (fragment.isExpression()) {
            Expression expression = fragment.getExpression();
            if (!expression.containsOption(Syntax.CONTEXT_OPTION)) {
                String warningMessage = String.format("Expressions within the value of attribute %s need to have an explicit context " + "option. The expression will be replaced with an empty string.", attributeName);
                stream.warn(new PushStream.StreamMessage(warningMessage, expression.getRawText()));
                addedFragment = new Fragment.Text("");
            }
        }
        newInterpolation.addFragment(addedFragment);
    }
    return newInterpolation;
}
Also used : Interpolation(org.apache.sling.scripting.sightly.impl.compiler.frontend.Interpolation) Expression(org.apache.sling.scripting.sightly.compiler.expression.Expression) PushStream(org.apache.sling.scripting.sightly.impl.compiler.PushStream) Fragment(org.apache.sling.scripting.sightly.impl.compiler.frontend.Fragment)

Aggregations

Expression (org.apache.sling.scripting.sightly.compiler.expression.Expression)10 StringConstant (org.apache.sling.scripting.sightly.compiler.expression.nodes.StringConstant)7 ExpressionNode (org.apache.sling.scripting.sightly.compiler.expression.ExpressionNode)6 Interpolation (org.apache.sling.scripting.sightly.impl.compiler.frontend.Interpolation)6 HashMap (java.util.HashMap)5 RuntimeCall (org.apache.sling.scripting.sightly.compiler.expression.nodes.RuntimeCall)5 ArrayList (java.util.ArrayList)4 ExpressionWrapper (org.apache.sling.scripting.sightly.impl.compiler.frontend.ExpressionWrapper)4 Test (org.junit.Test)4 ArrayLiteral (org.apache.sling.scripting.sightly.compiler.expression.nodes.ArrayLiteral)3 Conditional (org.apache.sling.scripting.sightly.compiler.commands.Conditional)2 OutputVariable (org.apache.sling.scripting.sightly.compiler.commands.OutputVariable)2 VariableBinding (org.apache.sling.scripting.sightly.compiler.commands.VariableBinding)2 BinaryOperation (org.apache.sling.scripting.sightly.compiler.expression.nodes.BinaryOperation)2 Identifier (org.apache.sling.scripting.sightly.compiler.expression.nodes.Identifier)2 NumericConstant (org.apache.sling.scripting.sightly.compiler.expression.nodes.NumericConstant)2 PushStream (org.apache.sling.scripting.sightly.impl.compiler.PushStream)2 Fragment (org.apache.sling.scripting.sightly.impl.compiler.frontend.Fragment)2 MarkupContext (org.apache.sling.scripting.sightly.compiler.expression.MarkupContext)1 MapLiteral (org.apache.sling.scripting.sightly.compiler.expression.nodes.MapLiteral)1