Package org.owasp.validator.css
Class CssScanner
- java.lang.Object
-
- org.owasp.validator.css.CssScanner
-
- Direct Known Subclasses:
ExternalCssScanner
public class CssScanner extends java.lang.Object
Encapsulates the parsing and validation of a CSS stylesheet or inline declaration. To make use of this class, instantiate the scanner with the desired policy and call eitherscanInlineSheet()
orscanStyleSheet
as appropriate.- Author:
- Jason Li
- See Also:
scanInlineStyle(String, String, int)
,scanStyleSheet(String, int)
-
-
Field Summary
Fields Modifier and Type Field Description protected static int
DEFAULT_TIMEOUT
protected java.util.ResourceBundle
messages
The message bundled to pull error messages from.protected org.apache.batik.css.parser.Parser
parser
The parser to be used in any scanningprotected InternalPolicy
policy
The policy file to be used in any scanning
-
Constructor Summary
Constructors Constructor Description CssScanner(InternalPolicy policy, java.util.ResourceBundle messages)
Constructs a scanner based on the given policy.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static void
main(java.lang.String[] args)
Deprecated.protected void
parseImportedStylesheets(java.util.LinkedList stylesheets, CssHandler handler, java.util.List<java.lang.String> errorMessages, int sizeLimit)
Parses through aLinkedList
of imported stylesheet URIs, this method parses through those stylesheets and validates themCleanResults
scanInlineStyle(java.lang.String taintedCss, java.lang.String tagName, int sizeLimit)
Scans the contents of an inline style declaration (ex.CleanResults
scanStyleSheet(java.lang.String taintedCss, int sizeLimit)
Scans the contents of a full stylesheet (ex.
-
-
-
Field Detail
-
DEFAULT_TIMEOUT
protected static final int DEFAULT_TIMEOUT
- See Also:
- Constant Field Values
-
parser
protected final org.apache.batik.css.parser.Parser parser
The parser to be used in any scanning
-
policy
protected final InternalPolicy policy
The policy file to be used in any scanning
-
messages
protected final java.util.ResourceBundle messages
The message bundled to pull error messages from.
-
-
Constructor Detail
-
CssScanner
public CssScanner(InternalPolicy policy, java.util.ResourceBundle messages)
Constructs a scanner based on the given policy.- Parameters:
policy
- the policy to follow when scanning
-
-
Method Detail
-
scanStyleSheet
public CleanResults scanStyleSheet(java.lang.String taintedCss, int sizeLimit) throws ScanException
Scans the contents of a full stylesheet (ex. a file based stylesheet or the complete stylesheet contents as declared within <style> tags)- Parameters:
taintedCss
- aString
containing the contents of the CSS stylesheet to validatesizeLimit
- the limit on the total size in bytes of any imported stylesheets- Returns:
- a
CleanResuts
object containing the results of the scan - Throws:
ScanException
- if an error occurs during scanning
-
scanInlineStyle
public CleanResults scanInlineStyle(java.lang.String taintedCss, java.lang.String tagName, int sizeLimit) throws ScanException
Scans the contents of an inline style declaration (ex. in the style attribute of an HTML tag) and validates the style sheet according to thisCssScanner
's policy file.- Parameters:
taintedCss
- aString
containing the contents of the CSS stylesheet to validatetagName
- the name of the tag for which this inline style was declaredsizeLimit
- the limit on the total size in bites of any imported stylesheets- Returns:
- a
CleanResuts
object containing the results of the scan - Throws:
ScanException
- if an error occurs during scanning
-
parseImportedStylesheets
protected void parseImportedStylesheets(java.util.LinkedList stylesheets, CssHandler handler, java.util.List<java.lang.String> errorMessages, int sizeLimit) throws ScanException
Parses through aLinkedList
of imported stylesheet URIs, this method parses through those stylesheets and validates them- Parameters:
stylesheets
- theLinkedList
of stylesheet URIs to parsehandler
- theCssHandler
to use for parsingerrorMessages
- the list of error messages to append tosizeLimit
- the limit on the total size in bites of any imported stylesheets- Throws:
ScanException
- if an error occurs during scanning
-
main
public static void main(java.lang.String[] args) throws java.lang.Exception
Deprecated.Test method to demonstrate CSS scanning.- Parameters:
args
- unused- Throws:
java.lang.Exception
- if any error occurs
-
-