Class: AntiSamy::CssScanner

Inherits:
Object
  • Object
show all
Defined in:
lib/antisamy/css/css_scanner.rb

Overview

Css Scanner class

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(policy) ⇒ CssScanner

Create a scanner with a given policy



7
8
9
10
# File 'lib/antisamy/css/css_scanner.rb', line 7

def initialize(policy)
  @policy = policy
  @errors = []
end

Instance Attribute Details

#errorsObject

Returns the value of attribute errors.



5
6
7
# File 'lib/antisamy/css/css_scanner.rb', line 5

def errors
  @errors
end

#policyObject

Returns the value of attribute policy.



5
6
7
# File 'lib/antisamy/css/css_scanner.rb', line 5

def policy
  @policy
end

Instance Method Details

#scan_inline(a_value, name, max_input) ⇒ Object

Scan the input using the provided input and output encoding will raise an error if nil input or the maximum input size is exceeded



13
14
15
# File 'lib/antisamy/css/css_scanner.rb', line 13

def scan_inline(a_value,name,max_input)
  return scan_sheet("#{name} { #{a_value} }",max_input,name)
end

#scan_sheet(input, limit, tag = nil) ⇒ Object

Raises:

  • (ArgumentError)


17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# File 'lib/antisamy/css/css_scanner.rb', line 17

def scan_sheet(input,limit,tag = nil)
  raise ArgumentError if input.nil?
  raise ScanError, "Max input Exceeded #{input.size} > #{limit}" if input.size > limit
  space_remaining = limit - input.size
  # check poilcy stuff
  if input =~ /^\s*<!\[CDATA\[(.*)\]\]>\s*$/
    input = $1
  end
  # validator needs token sizes
  filter = CssFilter.new(@policy,tag)
  parser = RSAC::Parser.new(filter)
  parser.error_handler = filter
  parser.logger = filter
  parser.parse(input)
  # Populate the results
  results = ScanResults.new(Time.now)
  if @policy.directive(Policy::USE_XHTML)
    result.clean_html = "<![CDATA[#{filter.clean}]]>"
  else
    results.clean_html = filter.clean
  end
  results.messages = filter.errors
  # check for style sheets
  sheets = filter.style_sheets
  max_sheets = @policy.directive(Policy::MAX_SHEETS).to_i
  max_sheets ||= 1
  import_sheets = 0
  if sheets.size > 0
    timeout = 1000
    if @policy.directive(Policy::CONN_TIMEOUT)
      timeout = @policy.directive(Policy::CONN_TIMEOUT).to_i
    end
    timeout /= 1000
    sheets.each do |sheet|
      sheet_content = ''
      begin
        open(sheet,{:read_timeout => timeout}) do |f|
          sheet_content = f.read(space_remaining)
        end
        space_remaining -= sheet_content.size
        if import_sheets > max_sheets
          # skip any remaing sheets if we exceeded the import count
          results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_EXCEEDED,"@import",sheet)
          break;
        end
        
        if sheet_content.size > 0
          #r = scan_sheet(sheet_content,space_remaining)
          parser.parse(sheet_content)
          #results.messages << r.messages
          #results.messages.flatten!
          import_sheets += 1
        end
        
        if space_remaining <= 0 or sheet_content.empty?
          results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_INPUT_SIZE,"@import",sheet)
          break
        end
      rescue Exception => e
        results.messages << ScanMessage.new(ScanMessage::ERROR_CSS_IMPORT_FAILURE,"@import",sheet)
      end
      # check the sheet rules
    end
  end      
  results
end