/*
    * Copyright (C) 2003-2012 eXo Platform SAS.
    *
    * This program is free software; you can redistribute it and/or
    * modify it under the terms of the GNU Affero General Public License
    * as published by the Free Software Foundation; either version 3
    * of the License, or (at your option) any later version.
    *
    * This program is distributed in the hope that it will be useful,
   * but WITHOUT ANY WARRANTY; without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   * GNU General Public License for more details.
   *
   * You should have received a copy of the GNU General Public License
   * along with this program; if not, see<http://www.gnu.org/licenses/>.
   */
  package org.exoplatform.ecm.webui.form.validator;
  
  import org.apache.commons.lang.StringUtils;
  
  import org.exoplatform.commons.utils.HTMLSanitizer;
  import org.exoplatform.web.application.ApplicationMessage;
  import org.exoplatform.webui.exception.MessageException;
  import org.exoplatform.webui.form.UIFormInput;
  import org.exoplatform.webui.form.validator.Validator;
  
  /**
   * Created by The eXo Platform SAS Author : Tran Hung Phong
   * phongth@exoplatform.com Jul 24, 2012
   */
  public class XSSValidator implements Validator {
  
    @Override
    public void validate(UIFormInput uiInput) throws Exception {
      String inputValue = ((String) uiInput.getValue());
      if (inputValue == null || inputValue.trim().length() == 0) {
        return;
      }
  
      inputValue = HTMLSanitizer.sanitize(inputValue);
      if (StringUtils.isEmpty(inputValue)) {
        String message = "UIActionForm.msg.xss-vulnerability-character";
        if (uiInput.getLabel() == null)
          message = "UIActionForm.msg.xss-vulnerability-character-wo-label";
        Object[] args = { uiInput.getLabel() };
        throw new MessageException(new ApplicationMessage(message, args, ApplicationMessage.WARNING));
      }
    }
  }