| | |
|---|
| | | import org.jsoup.safety.Cleaner; |
|---|
| | | import org.jsoup.safety.Whitelist; |
|---|
| | | |
|---|
| | | import com.google.inject.Inject; |
|---|
| | | import com.google.inject.Singleton; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Implementation of an XSS filter based on JSoup. |
|---|
| | | * |
|---|
| | | * @author James Moger |
|---|
| | | * |
|---|
| | | */ |
|---|
| | | @Singleton |
|---|
| | | public class JSoupXssFilter implements XssFilter { |
|---|
| | | |
|---|
| | | private final Cleaner none; |
|---|
| | | |
|---|
| | | private final Cleaner relaxed; |
|---|
| | | |
|---|
| | | @Inject |
|---|
| | | public JSoupXssFilter() { |
|---|
| | | none = new Cleaner(Whitelist.none()); |
|---|
| | | relaxed = new Cleaner(getRelaxedWhiteList()); |
|---|
| | |
|---|
| | | "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u", |
|---|
| | | "ul", "var") |
|---|
| | | |
|---|
| | | .addAttributes("a", "class", "href", "style", "title") |
|---|
| | | .addAttributes("a", "class", "href", "style", "target", "title") |
|---|
| | | .addAttributes("blockquote", "cite") |
|---|
| | | .addAttributes("col", "span", "width") |
|---|
| | | .addAttributes("colgroup", "span", "width") |
|---|
