Class: AntiSamy::Policy
- Inherits:
-
Object
- Object
- AntiSamy::Policy
- Defined in:
- lib/antisamy/policy.rb
Overview
Model for our policy engine. the XSD for AntiSammy is stored in this file after the END section
Constant Summary collapse
- ALLOWED_EMPTY =
We allow these tags to be empty
["br", "hr", "a", "img", "link", "iframe", "script", "object", "applet", "frame", "base", "param", "meta", "input", "textarea", "embed", "basefont", "col"]
- ACTION_FILTER =
Actions
"filter"
- ACTION_TRUNCATE =
"truncate"
- ACTION_VALIDATE =
"validate"
- ACTION_REMOVE =
"remove"
- ACTION_ENCODE =
"encode"
- ANYTHING_REGEX =
Anything regular express
/.*/
- DEFAULT_ONINVALID =
AntiSammy XSD constants
"removeAttribute"
- OMIT_XML_DECL =
Directive Name Constants
"omitXmlDeclaration"
- OMIT_DOC_TYPE =
"omitDoctypeDeclaration"
- MAX_INPUT =
"maxInputSize"
- USE_XHTML =
"userXHTML"
- FORMAT_OUTPUT =
"formatOutput"
- EMBED_STYLESHEETS =
will we allow embedded style sheets
"embedStyleSheets"
- CONN_TIMEOUT =
Connection timeout in miliseconds
"conenctionTimeout"
- ANCHROS_NOFOLLOW =
"nofollowAnchors"
- VALIDATE_P_AS_E =
"validateParamAsEmbed"
- PRESERVE_SPACE =
"preserveSpace"
- PRESERVE_COMMENTS =
"preserveComments"
- ON_UNKNOWN_TAG =
"onUnknownTag"
- MAX_SHEETS =
"maxStyleSheetImports"
Instance Attribute Summary collapse
-
#max_input ⇒ Object
Returns the value of attribute max_input.
Class Method Summary collapse
-
.schema ⇒ Object
Class method to fetch the schema.
Instance Method Summary collapse
-
#[]=(name, value) ⇒ Object
Set a directive for the policy.
-
#attribute(name) ⇒ Object
Get a specific attribute.
-
#attributes ⇒ Object
Get the list of attributes.
-
#directive(name) ⇒ Object
Get a particular directive.
-
#encode?(tag) ⇒ Boolean
Is the tag in the encode list.
-
#expression(name) ⇒ Object
Get a specific expression.
-
#expressions ⇒ Object
Get the list of expressions.
-
#global(name) ⇒ Object
Get a global attribute.
-
#initialize(string_or_io) ⇒ Policy
constructor
Create a policy object.
-
#properties ⇒ Object
return the css rules.
-
#property(prop) ⇒ Object
get a specific css rule.
-
#tag(name) ⇒ Object
get a specific tag.
-
#tags ⇒ Object
Return the tag rules.
Constructor Details
#initialize(string_or_io) ⇒ Policy
Create a policy object. You can pass in either:
-
File path
-
IO object
-
String containing the policy XML
All policies will be validated against the builtin schema file and will raise an Error if the policy doesnt conform to the schema
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'lib/antisamy/policy.rb', line 65 def initialize(string_or_io) schema = Nokogiri::XML.Schema(Policy.schema) if string_or_io.respond_to?(:read) uri = string_or_io.read else if File.exists?(string_or_io) uri = IO.read(string_or_io) else uri = string_or_io end end doc = Nokogiri::XML.parse(uri) # We now have the Poolicy XML data lets parse it errors = schema.validate(doc) raise SchemaError, errors.join(",") if errors.size > 0 @common_regex = {} @common_attrib = {} @tag_rules = {} @css_rules = {} @directives = Hash.new(false) @global_attrib = {} @encode_tags = [] parse(doc) end |
Instance Attribute Details
#max_input ⇒ Object
Returns the value of attribute max_input.
13 14 15 |
# File 'lib/antisamy/policy.rb', line 13 def max_input @max_input end |
Class Method Details
.schema ⇒ Object
Class method to fetch the schema
44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/antisamy/policy.rb', line 44 def self.schema data = StringIO.new File.open(__FILE__) do |f| begin line = f.gets end until line.match(/^__END__$/) while line = f.gets data << line end end data.rewind data.read end |
Instance Method Details
#[]=(name, value) ⇒ Object
Set a directive for the policy
96 97 98 |
# File 'lib/antisamy/policy.rb', line 96 def []=(name,value) @directives[name] = value end |
#attribute(name) ⇒ Object
Get a specific attribute
136 137 138 |
# File 'lib/antisamy/policy.rb', line 136 def attribute(name) @common_attrib[name.downcase] end |
#attributes ⇒ Object
Get the list of attributes
131 132 133 |
# File 'lib/antisamy/policy.rb', line 131 def attributes @common_attrib end |
#directive(name) ⇒ Object
Get a particular directive
91 92 93 |
# File 'lib/antisamy/policy.rb', line 91 def directive(name) @directives[name] end |
#encode?(tag) ⇒ Boolean
Is the tag in the encode list
106 107 108 |
# File 'lib/antisamy/policy.rb', line 106 def encode?(tag) @encode_tags.include?(tag) end |
#expression(name) ⇒ Object
Get a specific expression
146 147 148 |
# File 'lib/antisamy/policy.rb', line 146 def expression(name) @common_regex[name] end |
#expressions ⇒ Object
Get the list of expressions
141 142 143 |
# File 'lib/antisamy/policy.rb', line 141 def expressions @common_regex end |
#global(name) ⇒ Object
Get a global attribute
101 102 103 |
# File 'lib/antisamy/policy.rb', line 101 def global(name) @global_attrib[name.downcase] end |
#properties ⇒ Object
return the css rules
121 122 123 |
# File 'lib/antisamy/policy.rb', line 121 def properties @css_rules end |
#property(prop) ⇒ Object
get a specific css rule
126 127 128 |
# File 'lib/antisamy/policy.rb', line 126 def property(prop) @css_rules[prop.downcase] end |
#tag(name) ⇒ Object
get a specific tag
116 117 118 |
# File 'lib/antisamy/policy.rb', line 116 def tag(name) @tag_rules[name.downcase] end |
#tags ⇒ Object
Return the tag rules
111 112 113 |
# File 'lib/antisamy/policy.rb', line 111 def @tag_rules end |