Package overit.geocall.ui.cleaner
Class Cleaner
java.lang.Object
overit.geocall.ui.cleaner.Cleaner
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
HtmlCleaner,NoneCleaner,RtfCleaner,TextCleaner,XmlCleaner
Abstract class that must be extended to implements a Cleaner object, i.e. the object that perform the input sanitization
to prevent the cross site scripting attacks
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionMakes the sanitization of the string passed as parameter.static final Cleanerhtml()html cleaner provider for a single threadstatic final Cleanernone()dumb cleaner provider for a single threadabstract StringQuotes the string passed as parameter, to prevent browser unwanted interpretation.static final Cleanerrtf()rtf cleaner provider for a single threadabstract CleanersafeCopy()Deprecated.use equivalent static method Cleaner objectstatic CleanersafeInstance(String name) Factory that returns a cleaner based on the name and looking for it in the cleaner dictionary, defined in the system configuration.abstract StringSifts the string to find and remove insecure substrings.static final Cleanertext()text cleaner provider for a single threadprotected StringUnquotes the string passed as parameter.
For example this method replace all "<" with "<" ecc.static final Cleanerxml()xml cleaner provider for a single thread
-
Constructor Details
-
Cleaner
public Cleaner()
-
-
Method Details
-
text
text cleaner provider for a single thread- Returns:
- return a cleaner for text
-
xml
xml cleaner provider for a single thread- Returns:
- return a cleaner for xml
-
none
dumb cleaner provider for a single thread- Returns:
- return a dumb cleaner
-
rtf
rtf cleaner provider for a single thread- Returns:
- return a cleaner for rtf
-
html
html cleaner provider for a single thread- Returns:
- return a cleaner for html
-
safeInstance
Factory that returns a cleaner based on the name and looking for it in the cleaner dictionary, defined in the system configuration.- Parameters:
name- "none" to obtain aNoneCleaner, "text" to obtain aTextCleaner, "rtf" to obtain aRtfCleaner, "html" to obtain aHtmlCleaner- Returns:
- A thread safe Cleraner
-
safeCopy
Deprecated.use equivalent static method Cleaner objectMust returns a copy of this object totally independent of the original, only if the cleaning methodology was not thread safe- Returns:
- A copy of the object totally independent of the original if the cleaning methodology was not thread safe
-
clean
Makes the sanitization of the string passed as parameter. The sanitizaion process is composed by 2 phases: drop (to remove insecure substrings) and quote (to quote strings for the browser)- Parameters:
html- The string to be sanitized- Returns:
- The sanitized string
-
sift
Sifts the string to find and remove insecure substrings.- Parameters:
html- The string to be sifted- Returns:
- The string without the insecure substrings
-
quote
Quotes the string passed as parameter, to prevent browser unwanted interpretation.- Parameters:
html- The string to be quoted- Returns:
- The quoted string
-
unQuote
Unquotes the string passed as parameter.
For example this method replace all "<" with "<" ecc.- Parameters:
html- The string to be unquoted.- Returns:
- The unquoted string.
-