use of org.owasp.html.HtmlPolicyBuilder in project ddf by codice.
the class AbstractCatalogService method deleteDocument.
@Override
public void deleteDocument(String id) throws CatalogServiceException {
LOGGER.debug("DELETE");
try {
if (id != null) {
DeleteRequestImpl deleteReq = new DeleteRequestImpl(new HtmlPolicyBuilder().toFactory().sanitize(id));
catalogFramework.delete(deleteReq);
LOGGER.debug("Attempting to delete Metacard with id: {}", LogSanitizer.sanitize(id));
} else {
String errorMessage = "ID of entry not specified, cannot do DELETE.";
LOGGER.info(errorMessage);
throw new CatalogServiceException(errorMessage);
}
} catch (SourceUnavailableException ce) {
String exceptionMessage = "Could not delete entry from catalog since the source is unavailable: ";
LOGGER.info(exceptionMessage, ce);
throw new InternalServerErrorException(exceptionMessage);
} catch (InternalIngestException e) {
String exceptionMessage = "Error deleting entry from catalog: ";
LOGGER.info(exceptionMessage, e);
throw new InternalServerErrorException(exceptionMessage);
} catch (IngestException e) {
String errorMessage = "Error deleting entry from catalog: ";
LOGGER.info(errorMessage, e);
throw new CatalogServiceException(errorMessage);
}
}
use of org.owasp.html.HtmlPolicyBuilder in project mamute by caelum.
the class MamutePolicyProducer method setUp.
@PostConstruct
public void setUp() {
List<HtmlElement> allowedElements = builder.build();
HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
for (HtmlElement htmlElement : allowedElements) {
htmlElement.configure(policyBuilder);
}
policy = policyBuilder.allowUrlProtocols("https", "http").requireRelNofollowOnLinks().toFactory();
}
use of org.owasp.html.HtmlPolicyBuilder in project zm-mailbox by Zimbra.
the class OwaspPolicyProducer method setUp.
private static void setUp(boolean neuterImages) {
HtmlElementsBuilder builder = new HtmlElementsBuilder(new HtmlAttributesBuilder(), neuterImages);
List<HtmlElement> allowedElements = builder.build();
HtmlPolicyBuilder policyBuilder = new HtmlPolicyBuilder();
policyBuilder.requireRelNofollowOnLinks();
for (HtmlElement htmlElement : allowedElements) {
htmlElement.configure(policyBuilder, neuterImages);
}
Set<String> disallowTextElements = OwaspPolicy.getDisallowTextElements();
for (String disAllowTextElement : disallowTextElements) {
policyBuilder.disallowTextIn(disAllowTextElement.trim());
}
Set<String> allowTextElements = OwaspPolicy.getAllowTextElements();
for (String allowTextElement : allowTextElements) {
policyBuilder.allowTextIn(allowTextElement.trim());
}
/**
* The following CSS properties do not appear in the default whitelist from
* OWASP, but they improve the fidelity of the HTML display without
* unacceptable risk.
*/
Set<String> cssWhitelist = OwaspPolicy.getCssWhitelist();
CssSchema ADDITIONAL_CSS = null;
if (!cssWhitelist.isEmpty()) {
ADDITIONAL_CSS = CssSchema.withProperties(cssWhitelist);
}
Set<String> urlProtocols = OwaspPolicy.getURLProtocols();
for (String urlProtocol : urlProtocols) {
policyBuilder.allowUrlProtocols(urlProtocol.trim());
}
if (neuterImages) {
if (policyNeuterImagesTrue == null) {
policyNeuterImagesTrue = policyBuilder.allowStyling(ADDITIONAL_CSS == null ? CssSchema.DEFAULT : CssSchema.union(CssSchema.DEFAULT, ADDITIONAL_CSS)).toFactory();
}
} else {
if (policyNeuterImagesFalse == null) {
policyNeuterImagesFalse = policyBuilder.allowStyling(ADDITIONAL_CSS == null ? CssSchema.DEFAULT : CssSchema.union(CssSchema.DEFAULT, ADDITIONAL_CSS)).toFactory();
}
}
}
Aggregations