Examples with HtmlPolicyBuilder - org.owasp.html.HtmlPolicyBuilder

Example 1 with HtmlPolicyBuilder

use of org.owasp.html.HtmlPolicyBuilder in project ddf by codice.

the class AbstractCatalogService method deleteDocument.

@Override
public void deleteDocument(String id) throws CatalogServiceException {
    LOGGER.debug("DELETE");
    try {
        if (id != null) {
            DeleteRequestImpl deleteReq = new DeleteRequestImpl(new HtmlPolicyBuilder().toFactory().sanitize(id));
            catalogFramework.delete(deleteReq);
            LOGGER.debug("Attempting to delete Metacard with id: {}", LogSanitizer.sanitize(id));
        } else {
            String errorMessage = "ID of entry not specified, cannot do DELETE.";
            LOGGER.info(errorMessage);
            throw new CatalogServiceException(errorMessage);
        }
    } catch (SourceUnavailableException ce) {
        String exceptionMessage = "Could not delete entry from catalog since the source is unavailable: ";
        LOGGER.info(exceptionMessage, ce);
        throw new InternalServerErrorException(exceptionMessage);
    } catch (InternalIngestException e) {
        String exceptionMessage = "Error deleting entry from catalog: ";
        LOGGER.info(exceptionMessage, e);
        throw new InternalServerErrorException(exceptionMessage);
    } catch (IngestException e) {
        String errorMessage = "Error deleting entry from catalog: ";
        LOGGER.info(errorMessage, e);
        throw new CatalogServiceException(errorMessage);
    }
}

Also used : SourceUnavailableException(ddf.catalog.source.SourceUnavailableException) CatalogServiceException(org.codice.ddf.rest.api.CatalogServiceException) InternalIngestException(ddf.catalog.source.InternalIngestException) DeleteRequestImpl(ddf.catalog.operation.impl.DeleteRequestImpl) InternalServerErrorException(javax.ws.rs.InternalServerErrorException) IngestException(ddf.catalog.source.IngestException) InternalIngestException(ddf.catalog.source.InternalIngestException) HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder)

Example 2 with HtmlPolicyBuilder

use of org.owasp.html.HtmlPolicyBuilder in project mamute by caelum.

the class MamutePolicyProducer method setUp.

@PostConstruct
public void setUp() {
    List<HtmlElement> allowedElements = builder.build();
    HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
    for (HtmlElement htmlElement : allowedElements) {
        htmlElement.configure(policyBuilder);
    }
    policy = policyBuilder.allowUrlProtocols("https", "http").requireRelNofollowOnLinks().toFactory();
}

Also used : HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder) PostConstruct(javax.annotation.PostConstruct)

Example 3 with HtmlPolicyBuilder

use of org.owasp.html.HtmlPolicyBuilder in project zm-mailbox by Zimbra.

the class OwaspPolicyProducer method setUp.

private static void setUp(boolean neuterImages) {
    HtmlElementsBuilder builder = new HtmlElementsBuilder(new HtmlAttributesBuilder(), neuterImages);
    List<HtmlElement> allowedElements = builder.build();
    HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
    policyBuilder.requireRelNofollowOnLinks();
    for (HtmlElement htmlElement : allowedElements) {
        htmlElement.configure(policyBuilder, neuterImages);
    }
    Set<String> disallowTextElements = OwaspPolicy.getDisallowTextElements();
    for (String disAllowTextElement : disallowTextElements) {
        policyBuilder.disallowTextIn(disAllowTextElement.trim());
    }
    Set<String> allowTextElements = OwaspPolicy.getAllowTextElements();
    for (String allowTextElement : allowTextElements) {
        policyBuilder.allowTextIn(allowTextElement.trim());
    }
    /**
     * The following CSS properties do not appear in the default whitelist from
     * OWASP, but they improve the fidelity of the HTML display without
     * unacceptable risk.
     */
    Set<String> cssWhitelist = OwaspPolicy.getCssWhitelist();
    CssSchema ADDITIONAL_CSS = null;
    if (!cssWhitelist.isEmpty()) {
        ADDITIONAL_CSS = CssSchema.withProperties(cssWhitelist);
    }
    Set<String> urlProtocols = OwaspPolicy.getURLProtocols();
    for (String urlProtocol : urlProtocols) {
        policyBuilder.allowUrlProtocols(urlProtocol.trim());
    }
    if (neuterImages) {
        if (policyNeuterImagesTrue == null) {
            policyNeuterImagesTrue = policyBuilder.allowStyling(ADDITIONAL_CSS == null ? CssSchema.DEFAULT : CssSchema.union(CssSchema.DEFAULT, ADDITIONAL_CSS)).toFactory();
        }
    } else {
        if (policyNeuterImagesFalse == null) {
            policyNeuterImagesFalse = policyBuilder.allowStyling(ADDITIONAL_CSS == null ? CssSchema.DEFAULT : CssSchema.union(CssSchema.DEFAULT, ADDITIONAL_CSS)).toFactory();
        }
    }
}

Also used : CssSchema(org.owasp.html.CssSchema) HtmlPolicyBuilder(org.owasp.html.HtmlPolicyBuilder)

Aggregations

HtmlPolicyBuilder (org.owasp.html.HtmlPolicyBuilder)3 DeleteRequestImpl (ddf.catalog.operation.impl.DeleteRequestImpl)1 IngestException (ddf.catalog.source.IngestException)1 InternalIngestException (ddf.catalog.source.InternalIngestException)1 SourceUnavailableException (ddf.catalog.source.SourceUnavailableException)1 PostConstruct (javax.annotation.PostConstruct)1 InternalServerErrorException (javax.ws.rs.InternalServerErrorException)1 CatalogServiceException (org.codice.ddf.rest.api.CatalogServiceException)1 CssSchema (org.owasp.html.CssSchema)1