Class: AntiSamy::Policy

Inherits:
Object
  • Object
show all
Defined in:
lib/antisamy/policy.rb

Overview

Model for our policy engine. the XSD for AntiSammy is stored in this file after the END section

Constant Summary collapse

ALLOWED_EMPTY =

We allow these tags to be empty

["br", "hr", "a", "img", "link", "iframe", "script", "object", "applet", "frame", "base", "param", "meta", "input", "textarea", "embed", "basefont", "col"]
ACTION_FILTER =

Actions

"filter"
ACTION_TRUNCATE =
"truncate"
ACTION_VALIDATE =
"validate"
ACTION_REMOVE =
"remove"
ACTION_ENCODE =
"encode"
ANYTHING_REGEX =

Anything regular express

/.*/
DEFAULT_ONINVALID =

AntiSammy XSD constants

"removeAttribute"
OMIT_XML_DECL =

Directive Name Constants

"omitXmlDeclaration"
OMIT_DOC_TYPE =
"omitDoctypeDeclaration"
MAX_INPUT =
"maxInputSize"
USE_XHTML =
"userXHTML"
FORMAT_OUTPUT =
"formatOutput"
EMBED_STYLESHEETS =

will we allow embedded style sheets

"embedStyleSheets"
CONN_TIMEOUT =

Connection timeout in miliseconds

"conenctionTimeout"
ANCHORS_NOFOLLOW =
"nofollowAnchors"
VALIDATE_P_AS_E =
"validateParamAsEmbed"
PRESERVE_SPACE =
"preserveSpace"
PRESERVE_COMMENTS =
"preserveComments"
ON_UNKNOWN_TAG =
"onUnknownTag"
MAX_SHEETS =
"maxStyleSheetImports"

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(string_or_io) ⇒ Policy

Create a policy object. You can pass in either:

  • File path

  • IO object

  • String containing the policy XML

All policies will be validated against the builtin schema file and will raise an Error if the policy doesnt conform to the schema

Raises:



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/antisamy/policy.rb', line 54

def initialize(string_or_io)
  schema = Nokogiri::XML.Schema(Policy.schema)
  if string_or_io.respond_to?(:read)
    uri = string_or_io.read
  else
    if File.exists?(string_or_io)
      uri = IO.read(string_or_io)
    else
      uri = string_or_io
    end
  end
  doc = Nokogiri::XML.parse(uri)
  # We now have the Poolicy XML data lets parse it
  errors = schema.validate(doc)
  raise SchemaError, errors.join(",") if errors.size > 0
  @common_regex = {}
  @common_attrib = {}
  @tag_rules = {}
  @css_rules = {}
  @directives = Hash.new(false)
  @global_attrib = {}
  @encode_tags = []
	  @allowed_empty = []
	  @allowed_empty << ALLOWED_EMPTY
	  @allowed_empty.flatten!
  parse(doc)
end

Instance Attribute Details

#max_inputObject

Returns the value of attribute max_input.



13
14
15
# File 'lib/antisamy/policy.rb', line 13

def max_input
  @max_input
end

Class Method Details

.schemaObject

Class method to fetch the schema



43
44
45
# File 'lib/antisamy/policy.rb', line 43

def self.schema
	  XSD
end

Instance Method Details

#[]=(name, value) ⇒ Object

Set a directive for the policy



88
89
90
# File 'lib/antisamy/policy.rb', line 88

def []=(name,value)
  @directives[name] = value
end

#allow_empty?(name) ⇒ Boolean

Returns:

  • (Boolean)


142
143
144
# File 'lib/antisamy/policy.rb', line 142

def allow_empty?(name)
	@allowed_empty.include?(name.downcase)
end

#attribute(name) ⇒ Object

Get a specific attribute



128
129
130
# File 'lib/antisamy/policy.rb', line 128

def attribute(name)
  @common_attrib[name.downcase]
end

#attributesObject

Get the list of attributes



123
124
125
# File 'lib/antisamy/policy.rb', line 123

def attributes
  @common_attrib
end

#directive(name) ⇒ Object

Get a particular directive



83
84
85
# File 'lib/antisamy/policy.rb', line 83

def directive(name)
  @directives[name]
end

#encode?(tag) ⇒ Boolean

Is the tag in the encode list

Returns:

  • (Boolean)


98
99
100
# File 'lib/antisamy/policy.rb', line 98

def encode?(tag)
  @encode_tags.include?(tag)
end

#expression(name) ⇒ Object

Get a specific expression



138
139
140
# File 'lib/antisamy/policy.rb', line 138

def expression(name)
  @common_regex[name]
end

#expressionsObject

Get the list of expressions



133
134
135
# File 'lib/antisamy/policy.rb', line 133

def expressions
  @common_regex
end

#global(name) ⇒ Object

Get a global attribute



93
94
95
# File 'lib/antisamy/policy.rb', line 93

def global(name)
  @global_attrib[name.downcase]
end

#propertiesObject

return the css rules



113
114
115
# File 'lib/antisamy/policy.rb', line 113

def properties
  @css_rules
end

#property(prop) ⇒ Object

get a specific css rule



118
119
120
# File 'lib/antisamy/policy.rb', line 118

def property(prop)
  @css_rules[prop.downcase]
end

#tag(name) ⇒ Object

get a specific tag



108
109
110
# File 'lib/antisamy/policy.rb', line 108

def tag(name)
  @tag_rules[name.downcase]
end

#tagsObject

Return the tag rules



103
104
105
# File 'lib/antisamy/policy.rb', line 103

def tags
  @tag_rules
end