Examples with MarkupContext org.apache.sling.scripting.sightly.compiler.expression.MarkupContext used on opensource projects

Example 1 with MarkupContext

use of org.apache.sling.scripting.sightly.compiler.expression.MarkupContext in project sling by apache.

the class MarkupHandler method onText.

public void onText(String text) {
    String tag = currentElementTag();
    boolean explicitContextRequired = isExplicitContextRequired(tag);
    MarkupContext markupContext = (explicitContextRequired) ? null : MarkupContext.TEXT;
    outText(text, markupContext);
}

Example 2 with MarkupContext

use of org.apache.sling.scripting.sightly.compiler.expression.MarkupContext in project sling by apache.

the class XSSRuntimeExtension method applyXSSFilter.

private String applyXSSFilter(String text, Object hint, MarkupContext xssContext) {
    if (xssContext.equals(MarkupContext.ATTRIBUTE) && hint instanceof String) {
        String attributeName = (String) hint;
        MarkupContext attrMarkupContext = getAttributeMarkupContext(attributeName);
        return applyXSSFilter(text, attrMarkupContext);
    }
    return applyXSSFilter(text, xssContext);
}

Example 3 with MarkupContext

use of org.apache.sling.scripting.sightly.compiler.expression.MarkupContext in project sling by apache.

the class XSSRuntimeExtension method call.

@Override
public Object call(final RenderContext renderContext, Object... arguments) {
    if (arguments.length < 2) {
        throw new SightlyException(String.format("Extension %s requires at least %d arguments", RuntimeFunction.XSS, 2));
    }
    Object original = arguments[0];
    Object option = arguments[1];
    Object hint = null;
    if (arguments.length >= 3) {
        hint = arguments[2];
    }
    MarkupContext markupContext = null;
    if (option != null && option instanceof String) {
        String name = (String) option;
        markupContext = MarkupContext.lookup(name);
    }
    if (markupContext == MarkupContext.UNSAFE) {
        return original;
    }
    if (markupContext == null) {
        LOG.warn("Expression context {} is invalid, expression will be replaced by the empty string", option);
        return "";
    }
    String text = renderContext.getObjectModel().toString(original);
    return applyXSSFilter(text, hint, markupContext);
}

Example 4 with MarkupContext

use of org.apache.sling.scripting.sightly.compiler.expression.MarkupContext in project sling by apache.

the class MarkupHandler method emitSingleFragment.

private void emitSingleFragment(String name, Interpolation interpolation, char quoteChar, PluginInvoke invoke) {
    //raw expression
    Expression valueExpression = expressionWrapper.transform(interpolation, null, ExpressionContext.ATTRIBUTE);
    //holds the raw attribute value
    String attrValue = symbolGenerator.next("attrValue");
    //holds the escaped attribute value
    String attrContent = symbolGenerator.next("attrContent");
    // holds the comparison (attrValue == true)
    String isTrueVar = symbolGenerator.next("isTrueAttr");
    String shouldDisplayAttr = symbolGenerator.next("shouldDisplayAttr");
    MarkupContext markupContext = getAttributeMarkupContext(name);
    boolean alreadyEscaped = false;
    if (valueExpression.getRoot() instanceof RuntimeCall) {
        RuntimeCall rc = (RuntimeCall) valueExpression.getRoot();
        if (RuntimeFunction.XSS.equals(rc.getFunctionName())) {
            alreadyEscaped = true;
        }
    }
    ExpressionNode node = valueExpression.getRoot();
    //attrContent = <expr>
    stream.write(new VariableBinding.Start(attrValue, node));
    if (!alreadyEscaped) {
        Expression contentExpression = valueExpression.withNode(new Identifier(attrValue));
        stream.write(new VariableBinding.Start(attrContent, adjustContext(compilerContext, contentExpression, markupContext, ExpressionContext.ATTRIBUTE).getRoot()));
        stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrContent), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrValue)))));
    } else {
        stream.write(new VariableBinding.Start(shouldDisplayAttr, new BinaryOperation(BinaryOperator.OR, new Identifier(attrValue), new BinaryOperation(BinaryOperator.EQ, new StringConstant("false"), new Identifier(attrValue)))));
    }
    // if (attrContent)
    stream.write(new Conditional.Start(shouldDisplayAttr, true));
    //write("attrName");
    emitAttributeStart(name);
    invoke.beforeAttributeValue(stream, name, node);
    stream.write(new //isTrueAttr = (attrValue == true)
    VariableBinding.Start(//isTrueAttr = (attrValue == true)
    isTrueVar, new BinaryOperation(BinaryOperator.EQ, new Identifier(attrValue), BooleanConstant.TRUE)));
    //if (!isTrueAttr)
    stream.write(new Conditional.Start(isTrueVar, false));
    // write("='");
    emitAttributeValueStart(quoteChar);
    if (!alreadyEscaped) {
        //write(attrContent)
        stream.write(new OutputVariable(attrContent));
    } else {
        // write(attrValue)
        stream.write(new OutputVariable(attrValue));
    }
    //write("'");
    emitAttributeEnd(quoteChar);
    //end if isTrueAttr
    stream.write(Conditional.END);
    //end scope for isTrueAttr
    stream.write(VariableBinding.END);
    invoke.afterAttributeValue(stream, name);
    //end if attrContent
    stream.write(Conditional.END);
    //end scope for attrContent
    stream.write(VariableBinding.END);
    if (!alreadyEscaped) {
        stream.write(VariableBinding.END);
    }
    //end scope for attrValue
    stream.write(VariableBinding.END);
}