1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.myfaces.tobago.sanitizer;
21
22 import org.apache.myfaces.tobago.exception.TobagoConfigurationException;
23 import org.jsoup.Jsoup;
24 import org.jsoup.safety.Whitelist;
25 import org.slf4j.Logger;
26 import org.slf4j.LoggerFactory;
27
28 import java.lang.invoke.MethodHandles;
29 import java.util.Properties;
30
31
32
33
34 public class JsoupSanitizer implements Sanitizer {
35
36 private static final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
37
38 private Whitelist whitelist;
39 private String whitelistName;
40
41 private boolean unmodifiable = false;
42
43 @Override
44 public String sanitize(final String html) {
45
46 final String safe = Jsoup.clean(html, whitelist);
47 if (LOG.isDebugEnabled()) {
48 LOG.debug("Sanitized: " + safe);
49 }
50 return safe;
51 }
52
53 @Override
54 public void setProperties(final Properties configuration) {
55 checkLocked();
56
57 unmodifiable = true;
58
59 for (final String key : configuration.stringPropertyNames()) {
60 if ("whitelist".equals(key)) {
61 whitelistName = configuration.getProperty(key);
62 if ("basic".equals(whitelistName)) {
63 whitelist = Whitelist.basic();
64 } else if ("basicWithImages".equals(whitelistName)) {
65 whitelist = Whitelist.basicWithImages();
66 } else if ("none".equals(whitelistName)) {
67 whitelist = Whitelist.none();
68 } else if ("relaxed".equals(whitelistName)) {
69 whitelist = Whitelist.relaxed();
70 } else if ("simpleText".equals(whitelistName)) {
71 whitelist = Whitelist.simpleText();
72 } else {
73 throw new TobagoConfigurationException(
74 "Unknown configuration value for 'whitelist' in tobago-config.xml found! value='" + whitelistName + "'");
75 }
76 } else {
77 throw new TobagoConfigurationException(
78 "Unknown configuration key in tobago-config.xml found! key='" + key + "'");
79 }
80 }
81
82 if (LOG.isInfoEnabled()) {
83 LOG.warn("Using whitelist '" + whitelistName + "' for sanitizing!");
84 }
85 }
86
87 private void checkLocked() throws IllegalStateException {
88 if (unmodifiable) {
89 throw new TobagoConfigurationException("The configuration must not be changed after initialization!");
90 }
91 }
92
93 @Override
94 public String toString() {
95 return getClass().getSimpleName() + " whitelist='" + whitelistName + "'";
96 }
97
98 }