public VisitStatus visit(Gadget gadget, Node node) throws RewritingException { if (node.getNodeType() == Node.ELEMENT_NODE && "style".equalsIgnoreCase(node.getNodeName())) { cssSanitizer.sanitize((Element) node, gadget.getSpec().getUrl(), gadget.getContext(), cssImportRewriter, imageRewriter); return VisitStatus.MODIFY; } return VisitStatus.BYPASS; }
/** * recurse up through chain to find a safe clean point * @param chain chain of nodes */ private static void clean(AncestorChain<?> chain) { if (chain.node instanceof CssTree.Declaration || chain.node instanceof CssTree.Import) { if (chain.getParentNode() instanceof CssTree.UserAgentHack) { clean(chain.parent); } else { // Remove the entire subtree ((AbstractParseTreeNode)chain.getParentNode()).removeChild(chain.node); } } else { clean(chain.parent); } } }
private GadgetRewriter createRewriter(Set<String> tags, Set<String> attributes) { Set<String> newTags = new HashSet<String>(tags); newTags.addAll(DEFAULT_TAGS); ContentRewriterFeature.Factory rewriterFeatureFactory = new ContentRewriterFeature.Factory(null, new ContentRewriterFeature.DefaultConfig( ".*", "", "HTTP", "embed,img,script,link,style", false, false)); return new SanitizingGadgetRewriter(newTags, attributes, rewriterFeatureFactory, new CajaCssSanitizer(new CajaCssParser()), new PassthruManager("host.com", "/proxy")); }
private GadgetRewriter createRewriter(Set<String> tags, Set<String> attributes) { Set<String> newTags = new HashSet<String>(tags); newTags.addAll(DEFAULT_TAGS); ContentRewriterFeature.Factory rewriterFeatureFactory = new ContentRewriterFeature.Factory(null, Providers.of(new ContentRewriterFeature.DefaultConfig( ".*", "", "HTTP", "embed,img,script,link,style", false, false, false))); return new SanitizingGadgetRewriter(Providers.of(newTags), Providers.of(attributes), rewriterFeatureFactory, new CajaCssSanitizer(new CajaCssParser()), new PassthruManager("host.com", "/proxy")); }
public VisitStatus visit(Gadget gadget, Node node) throws RewritingException { if (node.getNodeType() == Node.ELEMENT_NODE && "style".equalsIgnoreCase(node.getNodeName())) { cssSanitizer.sanitize((Element) node, gadget.getSpec().getUrl(), gadget.getContext(), cssImportRewriter, imageRewriter); return VisitStatus.MODIFY; } return VisitStatus.BYPASS; }
private GadgetRewriter createRewriter(Set<String> tags, Set<String> attributes) { Set<String> newTags = new HashSet<String>(tags); newTags.addAll(DEFAULT_TAGS); ContentRewriterFeature.Factory rewriterFeatureFactory = new ContentRewriterFeature.Factory(null, Providers.of(new ContentRewriterFeature.DefaultConfig( ".*", "", "HTTP", "embed,img,script,link,style", false, false, false))); return new SanitizingGadgetRewriter(Providers.of(newTags), Providers.of(attributes), rewriterFeatureFactory, new CajaCssSanitizer(new CajaCssParser()), new PassthruManager("host.com", "/proxy")); }
/** * recurse up through chain to find a safe clean point * @param chain chain of nodes */ private static void clean(AncestorChain<?> chain) { if (chain == null) { return; } if (chain.node instanceof CssTree.Declaration || chain.node instanceof CssTree.Import) { if (chain.getParentNode() instanceof CssTree.UserAgentHack) { clean(chain.parent); } else { // Remove the entire subtree ((AbstractParseTreeNode)chain.getParentNode()).removeChild(chain.node); } } else { clean(chain.parent); } } }
public VisitStatus visit(Gadget gadget, Node node) throws RewritingException { if (node.getNodeType() == Node.ELEMENT_NODE && "style".equalsIgnoreCase(node.getNodeName())) { cssSanitizer.sanitize((Element) node, gadget.getSpec().getUrl(), gadget.getContext(), cssImportRewriter, imageRewriter); return VisitStatus.MODIFY; } return VisitStatus.BYPASS; }
private ResponseRewriter createRewriter(Set<String> tags, Set<String> attributes) { ContentRewriterFeature.Factory rewriterFeatureFactory = new ContentRewriterFeature.Factory(null, new ContentRewriterFeature.DefaultConfig( ".*", "", "HTTP", "embed,img,script,link,style", false, false)); return new SanitizingResponseRewriter(rewriterFeatureFactory, new CajaCssSanitizer(new CajaCssParser()), new PassthruManager()); }
/** * recurse up through chain to find a safe clean point * @param chain chain of nodes */ private static void clean(AncestorChain<?> chain) { if (chain.node instanceof CssTree.Declaration || chain.node instanceof CssTree.Import) { if (chain.getParentNode() instanceof CssTree.UserAgentHack) { clean(chain.parent); } else { // Remove the entire subtree ((AbstractParseTreeNode)chain.getParentNode()).removeChild(chain.node); } } else { clean(chain.parent); } } }
/** * Sanitize the CSS content of a style tag. * @param styleElem to sanitize * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite @imports to sanitizing proxy * @param imageRewriter to rewrite images to sanitizing proxy */ public void sanitize(Element styleElem, Uri linkContext, GadgetContext gadgetContext, ProxyUriManager importRewriter, ProxyUriManager imageRewriter) { String content = null; try { CssTree.StyleSheet stylesheet = parser.parseDom(styleElem.getTextContent(), linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter); // Write the rewritten CSS back into the element content = parser.serialize(stylesheet); } catch (GadgetException ge) { // Failed to parse stylesheet so log and continue LOG.log(Level.INFO, "Failed to parse stylesheet", ge); } if (StringUtils.isEmpty(content)) { // Remove the owning node styleElem.getParentNode().removeChild(styleElem); } else { styleElem.setTextContent(content); } }
private ResponseRewriter createRewriter(Set<String> tags, Set<String> attributes) { ContentRewriterFeature.Factory rewriterFeatureFactory = new ContentRewriterFeature.Factory(null, Providers.of(new ContentRewriterFeature.DefaultConfig( ".*", "", "HTTP", "embed,img,script,link,style", false, false, false))); return new SanitizingResponseRewriter(rewriterFeatureFactory, new CajaCssSanitizer(new CajaCssParser()), new PassthruManager(PROXY_HOST, PROXY_PATH)); }
/** * Sanitize the CSS content of a style tag. * @param styleElem to sanitize * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite @imports to sanitizing proxy * @param imageRewriter to rewrite images to sanitizing proxy */ public void sanitize(Element styleElem, Uri linkContext, GadgetContext gadgetContext, ProxyUriManager importRewriter, ProxyUriManager imageRewriter) { String content = null; try { CssTree.StyleSheet stylesheet = parser.parseDom(styleElem.getTextContent(), linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter); // Write the rewritten CSS back into the element content = parser.serialize(stylesheet); } catch (GadgetException ge) { // Failed to parse stylesheet so log and continue LOG.log(Level.INFO, "Failed to parse stylesheet", ge); } if (StringUtils.isEmpty(content)) { // Remove the owning node styleElem.getParentNode().removeChild(styleElem); } else { styleElem.setTextContent(content); } }
private ResponseRewriter createRewriter(Set<String> tags, Set<String> attributes) { ContentRewriterFeature.Factory rewriterFeatureFactory = new ContentRewriterFeature.Factory(null, Providers.of(new ContentRewriterFeature.DefaultConfig( ".*", "", "HTTP", "embed,img,script,link,style", false, false, false))); return new SanitizingResponseRewriter(rewriterFeatureFactory, new CajaCssSanitizer(new CajaCssParser()), new PassthruManager(PROXY_HOST, PROXY_PATH)); }
CssTree.StyleSheet stylesheet = parser.parseDom(styleElem.getTextContent(), linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter);
@Before public void setUp() throws Exception { parser = new CajaCssParser(); sanitizer = new CajaCssSanitizer(parser); ContainerConfig config = new FakeContainerConfig(); ProxyUriManager proxyUriManager = new DefaultProxyUriManager(config, null); importRewriter = new SanitizingProxyUriManager(proxyUriManager, "text/css"); imageRewriter = new SanitizingProxyUriManager(proxyUriManager, "image/*"); gadgetContext = new GadgetContext() { @Override public String getContainer() { return MOCK_CONTAINER; } }; }
/** * Sanitize the CSS content of a style tag. * @param content to sanitize * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite @imports to sanitizing proxy * @param imageRewriter to rewrite images to sanitizing proxy * @return Sanitized css. */ public String sanitize(String content, Uri linkContext, GadgetContext gadgetContext, ProxyUriManager importRewriter, ProxyUriManager imageRewriter) { try { CssTree.StyleSheet stylesheet = parser.parseDom(content, linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter); // Write the rewritten CSS back into the element return parser.serialize(stylesheet); } catch (GadgetException ge) { // Failed to parse stylesheet so log and continue LOG.log(Level.INFO, "Failed to parse stylesheet", ge); return ""; } }
@Before public void setUp() throws Exception { parser = new CajaCssParser(); sanitizer = new CajaCssSanitizer(parser); ContainerConfig config = new BasicContainerConfig(); config.newTransaction().addContainer(DEFAULT_CONTAINER_CONFIG).addContainer(MOCK_CONTAINER_CONFIG).commit(); ProxyUriManager proxyUriManager = new DefaultProxyUriManager(config, null); importRewriter = new SanitizingProxyUriManager(proxyUriManager, "text/css"); imageRewriter = new SanitizingProxyUriManager(proxyUriManager, "image/*"); gadgetContext = new GadgetContext() { @Override public String getContainer() { return MOCK_CONTAINER; } }; }
/** * Sanitize the CSS content of a style tag. * @param content to sanitize * @param linkContext url of containing content * @param gadgetContext The gadget context. * @param importRewriter to rewrite @imports to sanitizing proxy * @param imageRewriter to rewrite images to sanitizing proxy * @return Sanitized css. */ public String sanitize(String content, Uri linkContext, GadgetContext gadgetContext, ProxyUriManager importRewriter, ProxyUriManager imageRewriter) { try { CssTree.StyleSheet stylesheet = parser.parseDom(content, linkContext); sanitize(stylesheet, linkContext, gadgetContext, importRewriter, imageRewriter); // Write the rewritten CSS back into the element return parser.serialize(stylesheet); } catch (GadgetException ge) { // Failed to parse stylesheet so log and continue LOG.log(Level.INFO, "Failed to parse stylesheet", ge); return ""; } }
@Before public void setUp() throws Exception { parser = new CajaCssParser(); sanitizer = new CajaCssSanitizer(parser); ContainerConfig config = new BasicContainerConfig(); config.newTransaction().addContainer(DEFAULT_CONTAINER_CONFIG).addContainer(MOCK_CONTAINER_CONFIG).commit(); ProxyUriManager proxyUriManager = new DefaultProxyUriManager(config, null); importRewriter = new SanitizingProxyUriManager(proxyUriManager, "text/css"); imageRewriter = new SanitizingProxyUriManager(proxyUriManager, "image/*"); gadgetContext = new GadgetContext() { @Override public String getContainer() { return MOCK_CONTAINER; } }; }