Examples of org.jsoup.safety.Whitelist$Protocol

• org.jsoup.safety.Whitelist
  ers.org/xss.html for some XSS attack examples. @author Jonathan Hedley

              if(socket != null){
                socket.dispose();
              }
            }
            byte[] buffer = socket.receive(p.getSessionID(), currUserCount);
            Protocol result = Protocol.fromBytes(buffer,socket.isRights(),socket.getDESKey());
            if (this.state == ServerState.Testing) {
                relive();
            }
            return result;
        } catch (IOException ex) {

        //----发送客户端公钥去服务器端、并获取服务器端公钥--start---------------------
        SecureKey sk = new SecureKey();//生成客户端公/私 钥
        ServiceProxy proxy = ServiceProxy.getProxy(serviceConfig.getServicename());
        HandclaspProtocol handclaspProtocol = new HandclaspProtocol("1",sk.getStringPublicKey());
        Protocol publicKeyProtocol = proxy.createProtocol(handclaspProtocol);

        try {
          scoket.registerRec(publicKeyProtocol.getSessionID());
          scoket.send(publicKeyProtocol.toBytes());//过程2
          logger.info("send client publicKey sucess!");
        } finally {
          //scoket.dispose();
        }

        handclaspProtocol = null;
        /**
        * 过程3,接收服务器端生成公钥
        */
        byte[] receivePublicBuffer = scoket.receive(publicKeyProtocol.getSessionID(), server.getCurrUserCount());
        if(null == receivePublicBuffer){
          logger.warn("获取服务器公钥失败!");
            return false;
        }

        Protocol serverPublicProtocol = publicKeyProtocol.fromBytes(receivePublicBuffer);
        HandclaspProtocol _handclaspProtocol = null;

        if (serverPublicProtocol.getSDPType() == SDPType.Handclasp) {
          _handclaspProtocol = (HandclaspProtocol)serverPublicProtocol.getSdpEntity();
            logger.debug("get server publicKey time:" + (System.currentTimeMillis() - startTime) + "ms");

        } else if (serverPublicProtocol.getSDPType() == SDPType.Exception) {
            ExceptionProtocol ep = (ExceptionProtocol)serverPublicProtocol.getSdpEntity();
            throw ThrowErrorHelper.throwServiceError(ep.getErrorCode(), ep.getErrorMsg());
        } else if(serverPublicProtocol.getSDPType() == SDPType.Reset){
          throw new RebootException("this server is reboot!");
        } else {
            throw new Exception("userdatatype error!");
        }

        logger.info("receive server publicKey sucess!");
        publicKeyProtocol = null;

        String keyInfo = serviceConfig.getSecureKey().getInfo();//授权文件
        if(null == keyInfo || "".equals(keyInfo)){
          logger.warn("获取授权文件失败!");
           return false;
        }

        String ciphertext = sk.encryptByPublicKeyString(keyInfo, _handclaspProtocol.getData());
        _handclaspProtocol = null;
        serverPublicProtocol = null;
        //----发送客户端公钥去服务器端、并获取服务器端公钥--end---------------------
        //---发送授权文件到服务器端认证--------------------start-------------------------------
        HandclaspProtocol handclaspProtocol_ = new HandclaspProtocol("2",ciphertext);
        Protocol protocol_mw = proxy.createProtocol(handclaspProtocol_);

        try {
          scoket.registerRec(protocol_mw.getSessionID());
          scoket.send(protocol_mw.toBytes());//过程4
          logger.info("send keyInfo sucess!");
        } finally {
            //scoket.dispose();
        }

        handclaspProtocol_ = null;
        /**
         * 过程5
         * 获取由客户端公钥加密后的DES密钥
         */
        byte [] receiveDESKey = scoket.receive(protocol_mw.getSessionID(), server.getCurrUserCount());
        if(null == receiveDESKey){
          logger.warn("获取DES密钥失败!");
          return false;
        }
        logger.info("receive DESKey sucess!");

        HandclaspProtocol handclaspProtocol_mw = null;
        Protocol serverDesKeyProtocol = Protocol.fromBytes(receiveDESKey);
        if (serverDesKeyProtocol.getSDPType() == SDPType.Handclasp) {
          handclaspProtocol_mw = (HandclaspProtocol)serverDesKeyProtocol.getSdpEntity();
        } else if (serverDesKeyProtocol.getSDPType() == SDPType.Exception) {
          ExceptionProtocol ep = (ExceptionProtocol)serverDesKeyProtocol.getSdpEntity();
            throw ThrowErrorHelper.throwServiceError(ep.getErrorCode(), ep.getErrorMsg());
        } else if(serverDesKeyProtocol.getSDPType() == SDPType.Reset){
          throw new RebootException("this server is reboot!");
        } else {
          throw new Exception("userdatatype error!");
        }

      }

      if(desKeyStr != null){
        desKeyByte = desKeyStr.getBytes("utf-8");
      }
      Protocol protocol = Protocol.fromBytes(context.getGaeaRequest().getRequestBuffer(),global.getGlobalSecureIsRights(),desKeyByte);
      context.getGaeaRequest().setProtocol(protocol);
      /**
       * 服务重启直接返回
       */
      if(Global.getSingleton().getServerState() == ServerStateType.Reboot && protocol.getPlatformType() == PlatformType.Java){
        GaeaResponse response = new GaeaResponse();
        ResetProtocol rp = new ResetProtocol();
        rp.setMsg("This server is reboot!");
        protocol.setSdpEntity(rp);
        response.setResponseBuffer(protocol.toBytes(global.getGlobalSecureIsRights(),desKeyByte));
        context.setGaeaResponse(response);
        context.setExecFilter(ExecFilterType.None);
        context.setDoInvoke(false);
      }
    }

        GaeaContext gaeaContext = new GaeaContext();
        gaeaContext.setServerType(ServerType.HTTP);
        gaeaContext.setServerHandler(this);
        gaeaContext.setChannel(new GaeaChannel(e.getChannel()));
      /**协议*/
      Protocol protocol = new Protocol();
      RequestProtocol request = new RequestProtocol();
      request.setLookup(action.getLookup());
      request.setMethodName(action.getMethodName());
      request.setParaKVList(paraKVList);
      protocol.setSdpEntity(request);
      gaeaContext.getGaeaRequest().setProtocol(protocol);
      /**HttpContext 上下文*/
      com.bj58.spat.gaea.server.contract.http.HttpContext httpcontext = new com.bj58.spat.gaea.server.contract.http.HttpContext();
      com.bj58.spat.gaea.server.contract.http.HttpRequest httpRequest = new com.bj58.spat.gaea.server.contract.http.HttpRequest();
      httpRequest.setContent(httpContext.getContentBuffer());

   *
   * https://github.com/github/markup/tree/master#html-sanitization
   * @return a loose HTML whitelist
   */
  protected Whitelist getRelaxedWhiteList() {
    return new Whitelist()
        .addTags(
                "a", "b", "blockquote", "br", "caption", "cite", "code", "col",
                "colgroup", "dd", "del", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr",
                "i", "img", "ins", "kbd", "li", "ol", "p", "pre", "q", "samp", "small", "strike", "strong",
                "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u",

   *
   * @param options Specified options to use on this instance.  See the docs for the Options class for common options sets.
   */
  public Remark(Options options) {
    this.options = options.getCopy();
    Whitelist whitelist = Whitelist.basicWithImages()
                    .addTags("div",
                                              "h1", "h2", "h3", "h4", "h5", "h6",
                                              "table", "tbody", "td", "tfoot", "th", "thead", "tr",
                                              "hr",
                                              "span", "font")
                    .addAttributes("th", "colspan", "align", "style")
                    .addAttributes("td", "colspan", "align", "style")
                    .addAttributes(":all", "title", "style");
        if(options.preserveRelativeLinks) {
            whitelist.preserveRelativeLinks(true);
        }
    if(options.abbreviations) {
      whitelist.addTags("abbr", "acronym");
    }
    if(options.headerIds) {
      for(int i=1; i<=6; i++) {
        whitelist.addAttributes("h"+i, "id");
      }
    }
    for(final IgnoredHtmlElement el : options.getIgnoredHtmlElements()) {
      whitelist.addTags(el.getTagName());
            if(!el.getAttributes().isEmpty()) {
                whitelist.addAttributes(el.getTagName(), el.getAttributes().toArray(new String[el.getAttributes().size()]));
            }
    }
    cleaner = new Cleaner(whitelist);

    if(options.getTables().isLeftAsHtml()) {

    return Jsoup.clean(html, Whitelist.relaxed());
  }

  //只允许指定的html标签
  public static String clearTags(String html, String ...tags) {
    Whitelist wl = new Whitelist();
    return Jsoup.clean(html, wl.addTags(tags));
  }

    }
    return string;
  }

  private static synchronized Whitelist buildWhiteList() {
    Whitelist whitelist = new Whitelist();
    whitelist.addTags("a", "b", "blockquote", "br", "caption", "cite", "code", "col", "colgroup", "dd", "div", "dl", "dt", "em", "h1",
        "h2", "h3", "h4", "h5", "h6", "i", "iframe", "img", "li", "ol", "p", "pre", "q", "small", "strike", "strong", "sub", "sup",
        "table", "tbody", "td", "tfoot", "th", "thead", "tr", "u", "ul");

    whitelist.addAttributes("div", "dir");
    whitelist.addAttributes("pre", "dir");
    whitelist.addAttributes("code", "dir");
    whitelist.addAttributes("table", "dir");
    whitelist.addAttributes("p", "dir");
    whitelist.addAttributes("a", "href", "title");
    whitelist.addAttributes("blockquote", "cite");
    whitelist.addAttributes("col", "span", "width");
    whitelist.addAttributes("colgroup", "span", "width");
    whitelist.addAttributes("iframe", "src", "height", "width", "allowfullscreen", "frameborder", "style");
    whitelist.addAttributes("img", "align", "alt", "height", "src", "title", "width", "style");
    whitelist.addAttributes("ol", "start", "type");
    whitelist.addAttributes("q", "cite");
    whitelist.addAttributes("table", "border", "bordercolor", "summary", "width");
    whitelist.addAttributes("td", "border", "bordercolor", "abbr", "axis", "colspan", "rowspan", "width");
    whitelist.addAttributes("th", "border", "bordercolor", "abbr", "axis", "colspan", "rowspan", "scope", "width");
    whitelist.addAttributes("ul", "type");

    whitelist.addProtocols("a", "href", "ftp", "http", "https", "mailto");
    whitelist.addProtocols("blockquote", "cite", "http", "https");
    whitelist.addProtocols("img", "src", "http", "https");
    whitelist.addProtocols("q", "cite", "http", "https");

    whitelist.addEnforcedAttribute("a", "target", "_blank");
    return whitelist;
  }

        return content;
    }

    public static String stripHtmlTag(String content, String[] allowedTag) {
        if (content != null && !content.isEmpty()) {
            Whitelist whitelist = Whitelist.none().addAttributes(":all","style","class","title","id","src","href","target");
            for (String tag : allowedTag) {
                whitelist.addTags(tag);
            }
            java.lang.reflect.Field field = ReflectionUtils.findField(whitelist.getClass(), "protocols");
            ReflectionUtils.makeAccessible(field);
            ReflectionUtils.setField(field, whitelist, new HashMap());
            content = Jsoup.clean(content, whitelist);
        }
        return content;

        s = s.replaceAll("</p>", "tinymce-renderer-reverse_br");
        s = s.replaceAll("</ul>", "tinymce-renderer-reverse_br");
        s = s.replaceAll("</ol>", "tinymce-renderer-reverse_br");
        s = s.replaceAll("</blockquote>", "tinymce-renderer-reverse_br");

        Whitelist wl = stripAllTags() ? Whitelist.none() : this.whitelist;

        String safe = Jsoup.clean(s, wl);
        safe = safe.replaceAll("tinymce-renderer-reverse_br", "\n");
        safe = safe.replaceAll("tinymce-renderer-reverse_sp", " ");