Home | History | Annotate | Download | only in html 
      1 <HTML>
      2 <BODY BGCOLOR="white">
      3 <PRE>
      4 <FONT color="green">001</FONT>    // Copyright (c) 2011, Mike Samuel<a name="line.1"></a>
      5 <FONT color="green">002</FONT>    // All rights reserved.<a name="line.2"></a>
      6 <FONT color="green">003</FONT>    //<a name="line.3"></a>
      7 <FONT color="green">004</FONT>    // Redistribution and use in source and binary forms, with or without<a name="line.4"></a>
      8 <FONT color="green">005</FONT>    // modification, are permitted provided that the following conditions<a name="line.5"></a>
      9 <FONT color="green">006</FONT>    // are met:<a name="line.6"></a>
     10 <FONT color="green">007</FONT>    //<a name="line.7"></a>
     11 <FONT color="green">008</FONT>    // Redistributions of source code must retain the above copyright<a name="line.8"></a>
     12 <FONT color="green">009</FONT>    // notice, this list of conditions and the following disclaimer.<a name="line.9"></a>
     13 <FONT color="green">010</FONT>    // Redistributions in binary form must reproduce the above copyright<a name="line.10"></a>
     14 <FONT color="green">011</FONT>    // notice, this list of conditions and the following disclaimer in the<a name="line.11"></a>
     15 <FONT color="green">012</FONT>    // documentation and/or other materials provided with the distribution.<a name="line.12"></a>
     16 <FONT color="green">013</FONT>    // Neither the name of the OWASP nor the names of its contributors may<a name="line.13"></a>
     17 <FONT color="green">014</FONT>    // be used to endorse or promote products derived from this software<a name="line.14"></a>
     18 <FONT color="green">015</FONT>    // without specific prior written permission.<a name="line.15"></a>
     19 <FONT color="green">016</FONT>    // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS<a name="line.16"></a>
     20 <FONT color="green">017</FONT>    // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT<a name="line.17"></a>
     21 <FONT color="green">018</FONT>    // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS<a name="line.18"></a>
     22 <FONT color="green">019</FONT>    // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE<a name="line.19"></a>
     23 <FONT color="green">020</FONT>    // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,<a name="line.20"></a>
     24 <FONT color="green">021</FONT>    // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,<a name="line.21"></a>
     25 <FONT color="green">022</FONT>    // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;<a name="line.22"></a>
     26 <FONT color="green">023</FONT>    // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER<a name="line.23"></a>
     27 <FONT color="green">024</FONT>    // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT<a name="line.24"></a>
     28 <FONT color="green">025</FONT>    // LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN<a name="line.25"></a>
     29 <FONT color="green">026</FONT>    // ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE<a name="line.26"></a>
     30 <FONT color="green">027</FONT>    // POSSIBILITY OF SUCH DAMAGE.<a name="line.27"></a>
     31 <FONT color="green">028</FONT>    <a name="line.28"></a>
     32 <FONT color="green">029</FONT>    package org.owasp.html;<a name="line.29"></a>
     33 <FONT color="green">030</FONT>    <a name="line.30"></a>
     34 <FONT color="green">031</FONT>    import com.google.common.collect.ImmutableList;<a name="line.31"></a>
     35 <FONT color="green">032</FONT>    import java.util.Collection;<a name="line.32"></a>
     36 <FONT color="green">033</FONT>    import java.util.Set;<a name="line.33"></a>
     37 <FONT color="green">034</FONT>    import java.util.LinkedHashSet;<a name="line.34"></a>
     38 <FONT color="green">035</FONT>    import javax.annotation.CheckReturnValue;<a name="line.35"></a>
     39 <FONT color="green">036</FONT>    import javax.annotation.Nullable;<a name="line.36"></a>
     40 <FONT color="green">037</FONT>    import javax.annotation.concurrent.Immutable;<a name="line.37"></a>
     41 <FONT color="green">038</FONT>    <a name="line.38"></a>
     42 <FONT color="green">039</FONT>    /**<a name="line.39"></a>
     43 <FONT color="green">040</FONT>     * A policy that can be applied to an HTML attribute to decide whether or not to<a name="line.40"></a>
     44 <FONT color="green">041</FONT>     * allow it in the output, possibly after transforming its value.<a name="line.41"></a>
     45 <FONT color="green">042</FONT>     *<a name="line.42"></a>
     46 <FONT color="green">043</FONT>     * @author Mike Samuel &lt;mikesamuel (a] gmail.com&gt;<a name="line.43"></a>
     47 <FONT color="green">044</FONT>     * @see HtmlPolicyBuilder.AttributeBuilder#matching(AttributePolicy)<a name="line.44"></a>
     48 <FONT color="green">045</FONT>     */<a name="line.45"></a>
     49 <FONT color="green">046</FONT>    @TCB public interface AttributePolicy {<a name="line.46"></a>
     50 <FONT color="green">047</FONT>    <a name="line.47"></a>
     51 <FONT color="green">048</FONT>      /**<a name="line.48"></a>
     52 <FONT color="green">049</FONT>       * @param elementName the lower-case element name.<a name="line.49"></a>
     53 <FONT color="green">050</FONT>       * @param attributeName the lower-case attribute name.<a name="line.50"></a>
     54 <FONT color="green">051</FONT>       * @param value the attribute value without quotes and with HTML entities<a name="line.51"></a>
     55 <FONT color="green">052</FONT>       *     decoded.<a name="line.52"></a>
     56 <FONT color="green">053</FONT>       *<a name="line.53"></a>
     57 <FONT color="green">054</FONT>       * @return {@code null} to disallow the attribute or the adjusted value if<a name="line.54"></a>
     58 <FONT color="green">055</FONT>       *     allowed.<a name="line.55"></a>
     59 <FONT color="green">056</FONT>       */<a name="line.56"></a>
     60 <FONT color="green">057</FONT>      public @Nullable String apply(<a name="line.57"></a>
     61 <FONT color="green">058</FONT>          String elementName, String attributeName, String value);<a name="line.58"></a>
     62 <FONT color="green">059</FONT>    <a name="line.59"></a>
     63 <FONT color="green">060</FONT>    <a name="line.60"></a>
     64 <FONT color="green">061</FONT>      /** Utilities for working with attribute policies. */<a name="line.61"></a>
     65 <FONT color="green">062</FONT>      public static final class Util {<a name="line.62"></a>
     66 <FONT color="green">063</FONT>    <a name="line.63"></a>
     67 <FONT color="green">064</FONT>        /**<a name="line.64"></a>
     68 <FONT color="green">065</FONT>         * An attribute policy equivalent to applying all the given policies in<a name="line.65"></a>
     69 <FONT color="green">066</FONT>         * order, failing early if any of them fails.<a name="line.66"></a>
     70 <FONT color="green">067</FONT>         */<a name="line.67"></a>
     71 <FONT color="green">068</FONT>        @CheckReturnValue<a name="line.68"></a>
     72 <FONT color="green">069</FONT>        public static final AttributePolicy join(AttributePolicy... policies) {<a name="line.69"></a>
     73 <FONT color="green">070</FONT>          Set&lt;AttributePolicy&gt; uniq = new LinkedHashSet&lt;AttributePolicy&gt;();<a name="line.70"></a>
     74 <FONT color="green">071</FONT>          for (AttributePolicy p : policies) {<a name="line.71"></a>
     75 <FONT color="green">072</FONT>            if (p instanceof JoinedAttributePolicy) {<a name="line.72"></a>
     76 <FONT color="green">073</FONT>              uniq.addAll(((JoinedAttributePolicy) p).policies);<a name="line.73"></a>
     77 <FONT color="green">074</FONT>            } else if (p != null) {<a name="line.74"></a>
     78 <FONT color="green">075</FONT>              uniq.add(p);<a name="line.75"></a>
     79 <FONT color="green">076</FONT>            }<a name="line.76"></a>
     80 <FONT color="green">077</FONT>          }<a name="line.77"></a>
     81 <FONT color="green">078</FONT>    <a name="line.78"></a>
     82 <FONT color="green">079</FONT>          if (uniq.contains(REJECT_ALL_ATTRIBUTE_POLICY)) {<a name="line.79"></a>
     83 <FONT color="green">080</FONT>            return REJECT_ALL_ATTRIBUTE_POLICY;<a name="line.80"></a>
     84 <FONT color="green">081</FONT>          }<a name="line.81"></a>
     85 <FONT color="green">082</FONT>          uniq.remove(IDENTITY_ATTRIBUTE_POLICY);<a name="line.82"></a>
     86 <FONT color="green">083</FONT>          switch (uniq.size()) {<a name="line.83"></a>
     87 <FONT color="green">084</FONT>            case 0:  return IDENTITY_ATTRIBUTE_POLICY;<a name="line.84"></a>
     88 <FONT color="green">085</FONT>            case 1:  return uniq.iterator().next();<a name="line.85"></a>
     89 <FONT color="green">086</FONT>            default: return new JoinedAttributePolicy(uniq);<a name="line.86"></a>
     90 <FONT color="green">087</FONT>          }<a name="line.87"></a>
     91 <FONT color="green">088</FONT>        }<a name="line.88"></a>
     92 <FONT color="green">089</FONT>      }<a name="line.89"></a>
     93 <FONT color="green">090</FONT>    <a name="line.90"></a>
     94 <FONT color="green">091</FONT>    <a name="line.91"></a>
     95 <FONT color="green">092</FONT>      public static final AttributePolicy IDENTITY_ATTRIBUTE_POLICY<a name="line.92"></a>
     96 <FONT color="green">093</FONT>          = new AttributePolicy() {<a name="line.93"></a>
     97 <FONT color="green">094</FONT>            public String apply(<a name="line.94"></a>
     98 <FONT color="green">095</FONT>                String elementName, String attributeName, String value) {<a name="line.95"></a>
     99 <FONT color="green">096</FONT>              return value;<a name="line.96"></a>
    100 <FONT color="green">097</FONT>            }<a name="line.97"></a>
    101 <FONT color="green">098</FONT>          };<a name="line.98"></a>
    102 <FONT color="green">099</FONT>    <a name="line.99"></a>
    103 <FONT color="green">100</FONT>      public static final AttributePolicy REJECT_ALL_ATTRIBUTE_POLICY<a name="line.100"></a>
    104 <FONT color="green">101</FONT>          = new AttributePolicy() {<a name="line.101"></a>
    105 <FONT color="green">102</FONT>            public @Nullable String apply(<a name="line.102"></a>
    106 <FONT color="green">103</FONT>                String elementName, String attributeName, String value) {<a name="line.103"></a>
    107 <FONT color="green">104</FONT>              return null;<a name="line.104"></a>
    108 <FONT color="green">105</FONT>            }<a name="line.105"></a>
    109 <FONT color="green">106</FONT>          };<a name="line.106"></a>
    110 <FONT color="green">107</FONT>    <a name="line.107"></a>
    111 <FONT color="green">108</FONT>    }<a name="line.108"></a>
    112 <FONT color="green">109</FONT>    <a name="line.109"></a>
    113 <FONT color="green">110</FONT>    @Immutable<a name="line.110"></a>
    114 <FONT color="green">111</FONT>    final class JoinedAttributePolicy implements AttributePolicy {<a name="line.111"></a>
    115 <FONT color="green">112</FONT>      final ImmutableList&lt;AttributePolicy&gt; policies;<a name="line.112"></a>
    116 <FONT color="green">113</FONT>    <a name="line.113"></a>
    117 <FONT color="green">114</FONT>      JoinedAttributePolicy(Collection&lt;? extends AttributePolicy&gt; policies) {<a name="line.114"></a>
    118 <FONT color="green">115</FONT>        this.policies = ImmutableList.copyOf(policies);<a name="line.115"></a>
    119 <FONT color="green">116</FONT>      }<a name="line.116"></a>
    120 <FONT color="green">117</FONT>    <a name="line.117"></a>
    121 <FONT color="green">118</FONT>      public @Nullable String apply(<a name="line.118"></a>
    122 <FONT color="green">119</FONT>          String elementName, String attributeName, @Nullable String value) {<a name="line.119"></a>
    123 <FONT color="green">120</FONT>        for (AttributePolicy p : policies) {<a name="line.120"></a>
    124 <FONT color="green">121</FONT>          if (value == null) { break; }<a name="line.121"></a>
    125 <FONT color="green">122</FONT>          value = p.apply(elementName, attributeName, value);<a name="line.122"></a>
    126 <FONT color="green">123</FONT>        }<a name="line.123"></a>
    127 <FONT color="green">124</FONT>        return value;<a name="line.124"></a>
    128 <FONT color="green">125</FONT>      }<a name="line.125"></a>
    129 <FONT color="green">126</FONT>    <a name="line.126"></a>
    130 <FONT color="green">127</FONT>      @Override<a name="line.127"></a>
    131 <FONT color="green">128</FONT>      public boolean equals(Object o) {<a name="line.128"></a>
    132 <FONT color="green">129</FONT>        return o != null &amp;&amp; this.getClass() == o.getClass()<a name="line.129"></a>
    133 <FONT color="green">130</FONT>            &amp;&amp; policies.equals(((JoinedAttributePolicy) o).policies);<a name="line.130"></a>
    134 <FONT color="green">131</FONT>      }<a name="line.131"></a>
    135 <FONT color="green">132</FONT>    <a name="line.132"></a>
    136 <FONT color="green">133</FONT>      @Override<a name="line.133"></a>
    137 <FONT color="green">134</FONT>      public int hashCode() {<a name="line.134"></a>
    138 <FONT color="green">135</FONT>        return policies.hashCode();<a name="line.135"></a>
    139 <FONT color="green">136</FONT>      }<a name="line.136"></a>
    140 <FONT color="green">137</FONT>    }<a name="line.137"></a>
    141 
    142 
    143 
    144 
    145 
    146 
    147 
    148 
    149 
    150 
    151 
    152 
    153 
    154 
    155 
    156 
    157 
    158 
    159 
    160 
    161 
    162 
    163 
    164 
    165 
    166 
    167 
    168 
    169 
    170 
    171 
    172 
    173 
    174 
    175 
    176 
    177 
    178 
    179 
    180 
    181 
    182 
    183 
    184 
    185 
    186 
    187 
    188 
    189 
    190 
    191 
    192 
    193 
    194 
    195 
    196 
    197 
    198 
    199 
    200 
    201 </PRE>
    202 </BODY>
    203 </HTML>
    204