Package com.righettod.antisamy.servlet

Source Code of com.righettod.antisamy.servlet.InputSanitizer

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package com.righettod.antisamy.servlet;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

/**
* Servlet managing input sanitizing using AntiSamy API and scanning rules set
* file "anti-samy-rules.xml"
*
* @author Dominique Righetto (dominique.righetto@gmail.com)
*
*/
@SuppressWarnings("serial")
@WebServlet("/sanitize")
public class InputSanitizer extends HttpServlet {

  /**
   * {@inheritDoc}
   *
   * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
   *      javax.servlet.http.HttpServletResponse)
   */
  @Override
  protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    doPost(req, resp);
  }

  /**
   * {@inheritDoc}
   *
   * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest,
   *      javax.servlet.http.HttpServletResponse)
   */
  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    StringBuilder html = new StringBuilder("<html><body>");
    try {
      /* Step 1 : Load AntiSamy Policy rules file */
      Policy policy = Policy.getInstance(getClass().getResource("/anti-samy-rules.xml"));

      /* Step 2 : Sanitize input */
      // --Create AS object using policy loaded
      AntiSamy as = new AntiSamy(policy);
      // --Scan input data received
      CleanResults result = as.scan(req.getParameter("input"), AntiSamy.SAX);

      /* Step 3 : Return to user processing information of data received */
      html.append("<h1>Input scan result</h1>");
      html.append("<ul>");
      html.append("<li>");
      html.append("Number of errors : ").append(result.getNumberOfErrors());
      html.append("</li>");
      html.append("<li>");
      html.append("Scan time : ").append(result.getScanTime());
      html.append("</li>");
      html.append("<li>");
      html.append("Clean HTML : <br><textarea rows='10' cols='100'>").append(result.getCleanHTML()).append("</textarea>");
      html.append("</li>");
      html.append("</ul>");
      if (!result.getErrorMessages().isEmpty()) {
        html.append("<h1>List of detected errors</h1>");
        html.append("<ul>");
        for (Object o : result.getErrorMessages()) {
          html.append("<li>").append(o.toString()).append("</li>");
        }
        html.append("</ul>");
      }

    } catch (PolicyException pe) {
      html.append("<font color='red'>").append(pe.getMessage()).append("</font>");
    } catch (ScanException se) {
      html.append("<font color='red'>").append(se.getMessage()).append("</font>");
    }

    // Finalize response
    html.append("</body></html>");
    resp.getWriter().write(html.toString());
  }

}
TOP

Related Classes of com.righettod.antisamy.servlet.InputSanitizer

  • org.owasp.validator.html.AntiSamy
  • org.owasp.validator.html.CleanResults
  • org.owasp.validator.html.Policy
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.