Package overit.geocall.util.services

Interface CSPSafenessPropertiesService

All Known Implementing Classes:
CSPSafenessPropertiesServiceImpl
public interface CSPSafenessPropertiesService
Service interface for managing Content Security Policy (CSP) safeness properties.

This service provides methods to check if various CSP safeness properties are active, allowing the application to adapt its behavior to comply with strict Content Security Policy settings. When these features are enabled, the application uses alternative approaches to handle inline scripts, styles, event handlers, and eval functions in a CSP-compliant way.

The service is used by components like SafeInlineService and CSPInjectionFilter to determine whether to use traditional inline attributes or CSP-safe alternatives.

The activation of these properties is controlled by the following configuration properties:

  • foundation.ui.csp.safe - Master switch for all CSP safeness features
  • foundation.ui.csp.safe.inline.script - Controls inline script tag safeness
  • foundation.ui.csp.safe.inline.style - Controls inline style tag safeness
  • foundation.ui.csp.safe.inline.handler - Controls inline event handler safeness
  • foundation.ui.csp.safe.eval - Controls eval() function safeness

When these properties are enabled, the application can function properly while maintaining compatibility with strict Content Security Policy settings that forbid the use of 'unsafe-inline' and 'unsafe-eval' directives, significantly enhancing security against Cross-Site Scripting (XSS) attacks.

See Also:

  • Field Details

  • Method Details

    • isInlineScriptSafenessActive

      boolean isInlineScriptSafenessActive()
      Checks if inline script tag safeness is active. When active, the system will inject nonce attributes into script-src CSP directive to allow the execution of inline script tags in a CSP-compliant way.
      Returns:
      true if inline script tag safeness is active, false otherwise

    • isInlineStyleSafenessActive

      boolean isInlineStyleSafenessActive()
      Checks if inline style tag safeness is active. When active, the system will inject nonce attributes into style-src CSP directive to allow the execution of inline style tags in a CSP-compliant way.
      Returns:
      true if inline style tag safeness is active, false otherwise

    • isInlineHandlerSafenessActive

      boolean isInlineHandlerSafenessActive()
      Checks if inline event handler safeness is active. When active, the system will replace traditional inline event handlers (like onclick) with data-event-* attributes and appropriate CSS classes that are processed by the SafeInlineEngine.
      Returns:
      true if inline event handler safeness is active, false otherwise

    • isEvalSafenessActive

      boolean isEvalSafenessActive()
      Checks if eval() function safeness is active. When active, the system will replace traditional window.eval() function calls with a custom and safe management of the function that is compatible with CSP restrictions.
      Returns:
      true if eval() function safeness is active, false otherwise