Class: AntiSamy::Policy

Inherits:

Object

• Object
• AntiSamy::Policy

Defined in:

lib/antisamy/policy.rb

Overview

Model for our policy engine. the XSD for AntiSammy is stored in this file after the END section

Constant Summary

ALLOWED_EMPTY =

We allow these tags to be empty

["br", "hr", "a", "img", "link", "iframe", "script", "object", "applet", "frame", "base", "param", "meta", "input", "textarea", "embed", "basefont", "col"]

ACTION_FILTER =

Actions

"filter"

ACTION_TRUNCATE =

"truncate"

ACTION_VALIDATE =

"validate"

ACTION_REMOVE =

"remove"

ACTION_ENCODE =

"encode"

ANYTHING_REGEX =

Anything regular express

/.*/

DEFAULT_ONINVALID =

AntiSammy XSD constants

"removeAttribute"

OMIT_XML_DECL =

Directive Name Constants

"omitXmlDeclaration"

OMIT_DOC_TYPE =

"omitDoctypeDeclaration"

MAX_INPUT =

"maxInputSize"

USE_XHTML =

"userXHTML"

FORMAT_OUTPUT =

"formatOutput"

EMBED_STYLESHEETS =

will we allow embedded style sheets

"embedStyleSheets"

CONN_TIMEOUT =

Connection timeout in miliseconds

"conenctionTimeout"

ANCHORS_NOFOLLOW =

"nofollowAnchors"

VALIDATE_P_AS_E =

"validateParamAsEmbed"

PRESERVE_SPACE =

"preserveSpace"

PRESERVE_COMMENTS =

"preserveComments"

ON_UNKNOWN_TAG =

"onUnknownTag"

MAX_SHEETS =

"maxStyleSheetImports"

Instance Attribute Summary

• #max_input ⇒ Object

  Returns the value of attribute max_input.

Class Method Summary

• .schema ⇒ Object

  Class method to fetch the schema.

Instance Method Summary

• #[]=(name, value) ⇒ Object

  Set a directive for the policy.

• #allow_empty?(name) ⇒ Boolean
• #attribute(name) ⇒ Object

  Get a specific attribute.

• #attributes ⇒ Object

  Get the list of attributes.

• #directive(name) ⇒ Object

  Get a particular directive.

• #encode?(tag) ⇒ Boolean

  Is the tag in the encode list.

• #expression(name) ⇒ Object

  Get a specific expression.

• #expressions ⇒ Object

  Get the list of expressions.

• #global(name) ⇒ Object

  Get a global attribute.

• #initialize(string_or_io) ⇒ Policy constructor

  Create a policy object.

• #properties ⇒ Object

  return the css rules.

• #property(prop) ⇒ Object

  get a specific css rule.

• #tag(name) ⇒ Object

  get a specific tag.

• #tags ⇒ Object

  Return the tag rules.

Constructor Details

#initialize(string_or_io) ⇒ Policy

Create a policy object. You can pass in either:

• File path

• IO object

• String containing the policy XML

All policies will be validated against the builtin schema file and will raise an Error if the policy doesnt conform to the schema

Raises:

• (SchemaError)

# File 'lib/antisamy/policy.rb', line 54

def initialize(string_or_io)
  schema = Nokogiri::XML.Schema(Policy.schema)
  if string_or_io.respond_to?(:read)
    uri = string_or_io.read
  else
    if File.exists?(string_or_io)
      uri = IO.read(string_or_io)
    else
      uri = string_or_io
    end
  end
  doc = Nokogiri::XML.parse(uri)
  # We now have the Poolicy XML data lets parse it
  errors = schema.validate(doc)
  raise SchemaError, errors.join(",") if errors.size > 0
  @common_regex = {}
  @common_attrib = {}
  @tag_rules = {}
  @css_rules = {}
  @directives = Hash.new(false)
  @global_attrib = {}
  @encode_tags = []
	  @allowed_empty = []
	  @allowed_empty << ALLOWED_EMPTY
	  @allowed_empty.flatten!
  parse(doc)
end

Instance Attribute Details

#max_input ⇒ Object

Returns the value of attribute max_input.

# File 'lib/antisamy/policy.rb', line 13

def max_input
  @max_input
end

Class Method Details

.schema ⇒ Object

Class method to fetch the schema

# File 'lib/antisamy/policy.rb', line 43

def self.schema
	  XSD
end

Instance Method Details

#[]=(name, value) ⇒ Object

Set a directive for the policy

# File 'lib/antisamy/policy.rb', line 88

def []=(name,value)
  @directives[name] = value
end

#allow_empty?(name) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/antisamy/policy.rb', line 142

def allow_empty?(name)
	@allowed_empty.include?(name.downcase)
end

#attribute(name) ⇒ Object

Get a specific attribute

# File 'lib/antisamy/policy.rb', line 128

def attribute(name)
  @common_attrib[name.downcase]
end

#attributes ⇒ Object

Get the list of attributes

# File 'lib/antisamy/policy.rb', line 123

def attributes
  @common_attrib
end

#directive(name) ⇒ Object

Get a particular directive

# File 'lib/antisamy/policy.rb', line 83

def directive(name)
  @directives[name]
end

#encode?(tag) ⇒ Boolean

Is the tag in the encode list

Returns:

• (Boolean)

# File 'lib/antisamy/policy.rb', line 98

def encode?(tag)
  @encode_tags.include?(tag)
end

#expression(name) ⇒ Object

Get a specific expression

# File 'lib/antisamy/policy.rb', line 138

def expression(name)
  @common_regex[name]
end

#expressions ⇒ Object

Get the list of expressions

# File 'lib/antisamy/policy.rb', line 133

def expressions
  @common_regex
end

#global(name) ⇒ Object

Get a global attribute

# File 'lib/antisamy/policy.rb', line 93

def global(name)
  @global_attrib[name.downcase]
end

#properties ⇒ Object

return the css rules

# File 'lib/antisamy/policy.rb', line 113

def properties
  @css_rules
end

#property(prop) ⇒ Object

get a specific css rule

# File 'lib/antisamy/policy.rb', line 118

def property(prop)
  @css_rules[prop.downcase]
end

#tag(name) ⇒ Object

get a specific tag

# File 'lib/antisamy/policy.rb', line 108

def tag(name)
  @tag_rules[name.downcase]
end

#tags ⇒ Object

Return the tag rules

# File 'lib/antisamy/policy.rb', line 103

def tags
  @tag_rules
end