Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jasig.portal.channels
Class SaferHTMLHandler

java.lang.Object
  extended by org.jasig.portal.channels.SaferHTMLHandler
All Implemented Interfaces:
ContentHandler
Deprecated. All IChannel implementations should be migrated to portlets 

@Deprecated
public class SaferHTMLHandler
extends Object
implements ContentHandler

ContentHandler that will produce a document that only includes a white listed list of elements, attributes and URL schemes. Only HTML that is considered to be safe from cross-site scripting attacks is passed on to the document.

Constructor Summary
SaferHTMLHandler(Document doc, Node root)
          Deprecated.  
 
Method Summary
 void characters(char[] ch, int start, int length)
          Deprecated.  
 void endDocument()
          Deprecated.  
 void endElement(String uri, String localName, String qName)
          Deprecated.  
 void endPrefixMapping(String prefix)
          Deprecated.  
 void ignorableWhitespace(char[] ch, int start, int length)
          Deprecated.  
 void processingInstruction(String target, String data)
          Deprecated.  
static String sanitizeURL(String url)
          Deprecated. Make sure to only allow safe URL schemes.
 void setDocumentLocator(Locator locator)
          Deprecated.  
 void skippedEntity(String name)
          Deprecated.  
 void startDocument()
          Deprecated.  
 void startElement(String uri, String localName, String qName, Attributes atts)
          Deprecated.  
 void startPrefixMapping(String prefix, String uri)
          Deprecated.  
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SaferHTMLHandler

public SaferHTMLHandler(Document doc,
                        Node root)
Deprecated. 
Method Detail

setDocumentLocator

public void setDocumentLocator(Locator locator)
Deprecated. 
Specified by:
setDocumentLocator in interface ContentHandler

startDocument

public void startDocument()
                   throws SAXException
Deprecated. 
Specified by:
startDocument in interface ContentHandler
Throws:
SAXException

endDocument

public void endDocument()
                 throws SAXException
Deprecated. 
Specified by:
endDocument in interface ContentHandler
Throws:
SAXException

startPrefixMapping

public void startPrefixMapping(String prefix,
                               String uri)
                        throws SAXException
Deprecated. 
Specified by:
startPrefixMapping in interface ContentHandler
Throws:
SAXException

endPrefixMapping

public void endPrefixMapping(String prefix)
                      throws SAXException
Deprecated. 
Specified by:
endPrefixMapping in interface ContentHandler
Throws:
SAXException

startElement

public void startElement(String uri,
                         String localName,
                         String qName,
                         Attributes atts)
                  throws SAXException
Deprecated. 
Specified by:
startElement in interface ContentHandler
Throws:
SAXException

endElement

public void endElement(String uri,
                       String localName,
                       String qName)
                throws SAXException
Deprecated. 
Specified by:
endElement in interface ContentHandler
Throws:
SAXException

characters

public void characters(char[] ch,
                       int start,
                       int length)
                throws SAXException
Deprecated. 
Specified by:
characters in interface ContentHandler
Throws:
SAXException

ignorableWhitespace

public void ignorableWhitespace(char[] ch,
                                int start,
                                int length)
                         throws SAXException
Deprecated. 
Specified by:
ignorableWhitespace in interface ContentHandler
Throws:
SAXException

processingInstruction

public void processingInstruction(String target,
                                  String data)
                           throws SAXException
Deprecated. 
Specified by:
processingInstruction in interface ContentHandler
Throws:
SAXException

skippedEntity

public void skippedEntity(String name)
                   throws SAXException
Deprecated. 
Specified by:
skippedEntity in interface ContentHandler
Throws:
SAXException

sanitizeURL

public static String sanitizeURL(String url)
Deprecated. 
Make sure to only allow safe URL schemes. This includes http, https, ftp, mailto. This will prevent dangerous javascript URLs and other things we never even thought about. Returns url unaltered if the scheme is save. Returns empty string if the scheme is unsafe. We could add more URL schemes if we determine they are need and safe.

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 Jasig. All Rights Reserved.