Class: AntiSamy::Policy
- Inherits:
-
Object
- Object
- AntiSamy::Policy
- Defined in:
- lib/antisamy/policy.rb
Overview
Model for our policy engine. the XSD for AntiSammy is stored in this file after the END section
Constant Summary collapse
- ALLOWED_EMPTY =
We allow these tags to be empty
["br", "hr", "a", "img", "link", "iframe", "script", "object", "applet", "frame", "base", "param", "meta", "input", "textarea", "embed", "basefont", "col"]
- ACTION_FILTER =
Actions
"filter"
- ACTION_TRUNCATE =
"truncate"
- ACTION_VALIDATE =
"validate"
- ACTION_REMOVE =
"remove"
- ACTION_ENCODE =
"encode"
- ANYTHING_REGEX =
Anything regular express
/.*/
- DEFAULT_ONINVALID =
AntiSammy XSD constants
"removeAttribute"
- OMIT_XML_DECL =
Directive Name Constants
"omitXmlDeclaration"
- OMIT_DOC_TYPE =
"omitDoctypeDeclaration"
- MAX_INPUT =
"maxInputSize"
- USE_XHTML =
"userXHTML"
- FORMAT_OUTPUT =
"formatOutput"
- EMBED_STYLESHEETS =
will we allow embedded style sheets
"embedStyleSheets"
- CONN_TIMEOUT =
Connection timeout in miliseconds
"conenctionTimeout"
- ANCHORS_NOFOLLOW =
"nofollowAnchors"
- VALIDATE_P_AS_E =
"validateParamAsEmbed"
- PRESERVE_SPACE =
"preserveSpace"
- PRESERVE_COMMENTS =
"preserveComments"
- ON_UNKNOWN_TAG =
"onUnknownTag"
- MAX_SHEETS =
"maxStyleSheetImports"
Instance Attribute Summary collapse
-
#max_input ⇒ Object
Returns the value of attribute max_input.
Class Method Summary collapse
-
.schema ⇒ Object
Class method to fetch the schema.
Instance Method Summary collapse
-
#[]=(name, value) ⇒ Object
Set a directive for the policy.
- #allow_empty?(name) ⇒ Boolean
-
#attribute(name) ⇒ Object
Get a specific attribute.
-
#attributes ⇒ Object
Get the list of attributes.
-
#directive(name) ⇒ Object
Get a particular directive.
-
#encode?(tag) ⇒ Boolean
Is the tag in the encode list.
-
#expression(name) ⇒ Object
Get a specific expression.
-
#expressions ⇒ Object
Get the list of expressions.
-
#global(name) ⇒ Object
Get a global attribute.
-
#initialize(string_or_io) ⇒ Policy
constructor
Create a policy object.
-
#properties ⇒ Object
return the css rules.
-
#property(prop) ⇒ Object
get a specific css rule.
-
#tag(name) ⇒ Object
get a specific tag.
-
#tags ⇒ Object
Return the tag rules.
Constructor Details
#initialize(string_or_io) ⇒ Policy
Create a policy object. You can pass in either:
-
File path
-
IO object
-
String containing the policy XML
All policies will be validated against the builtin schema file and will raise an Error if the policy doesnt conform to the schema
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/antisamy/policy.rb', line 54 def initialize(string_or_io) schema = Nokogiri::XML.Schema(Policy.schema) if string_or_io.respond_to?(:read) uri = string_or_io.read else if File.exists?(string_or_io) uri = IO.read(string_or_io) else uri = string_or_io end end doc = Nokogiri::XML.parse(uri) # We now have the Poolicy XML data lets parse it errors = schema.validate(doc) raise SchemaError, errors.join(",") if errors.size > 0 @common_regex = {} @common_attrib = {} @tag_rules = {} @css_rules = {} @directives = Hash.new(false) @global_attrib = {} @encode_tags = [] @allowed_empty = [] @allowed_empty << ALLOWED_EMPTY @allowed_empty.flatten! parse(doc) end |
Instance Attribute Details
#max_input ⇒ Object
Returns the value of attribute max_input.
13 14 15 |
# File 'lib/antisamy/policy.rb', line 13 def max_input @max_input end |
Class Method Details
.schema ⇒ Object
Class method to fetch the schema
43 44 45 |
# File 'lib/antisamy/policy.rb', line 43 def self.schema XSD end |
Instance Method Details
#[]=(name, value) ⇒ Object
Set a directive for the policy
88 89 90 |
# File 'lib/antisamy/policy.rb', line 88 def []=(name,value) @directives[name] = value end |
#allow_empty?(name) ⇒ Boolean
142 143 144 |
# File 'lib/antisamy/policy.rb', line 142 def allow_empty?(name) @allowed_empty.include?(name.downcase) end |
#attribute(name) ⇒ Object
Get a specific attribute
128 129 130 |
# File 'lib/antisamy/policy.rb', line 128 def attribute(name) @common_attrib[name.downcase] end |
#attributes ⇒ Object
Get the list of attributes
123 124 125 |
# File 'lib/antisamy/policy.rb', line 123 def attributes @common_attrib end |
#directive(name) ⇒ Object
Get a particular directive
83 84 85 |
# File 'lib/antisamy/policy.rb', line 83 def directive(name) @directives[name] end |
#encode?(tag) ⇒ Boolean
Is the tag in the encode list
98 99 100 |
# File 'lib/antisamy/policy.rb', line 98 def encode?(tag) @encode_tags.include?(tag) end |
#expression(name) ⇒ Object
Get a specific expression
138 139 140 |
# File 'lib/antisamy/policy.rb', line 138 def expression(name) @common_regex[name] end |
#expressions ⇒ Object
Get the list of expressions
133 134 135 |
# File 'lib/antisamy/policy.rb', line 133 def expressions @common_regex end |
#global(name) ⇒ Object
Get a global attribute
93 94 95 |
# File 'lib/antisamy/policy.rb', line 93 def global(name) @global_attrib[name.downcase] end |
#properties ⇒ Object
return the css rules
113 114 115 |
# File 'lib/antisamy/policy.rb', line 113 def properties @css_rules end |
#property(prop) ⇒ Object
get a specific css rule
118 119 120 |
# File 'lib/antisamy/policy.rb', line 118 def property(prop) @css_rules[prop.downcase] end |
#tag(name) ⇒ Object
get a specific tag
108 109 110 |
# File 'lib/antisamy/policy.rb', line 108 def tag(name) @tag_rules[name.downcase] end |
#tags ⇒ Object
Return the tag rules
103 104 105 |
# File 'lib/antisamy/policy.rb', line 103 def @tag_rules end |