src/main/java/org/apache/sling/xss/XSSFilter.java - sling-org-apache-sling-xss - Git at Google

 /*******************************************************************************
  * Licensed to the Apache Software Foundation (ASF) under one or
  * more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to you under the
  * Apache License, Version 2.0 (the "License"); you may not use
  * this file except in compliance with the License. You may obtain
  * a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0 Unless required by
  * applicable law or agreed to in writing, software distributed
  * under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions
  * and limitations under the License.
  ******************************************************************************/
 package org.apache.sling.xss;

 import org.osgi.annotation.versioning.ProviderType;

 /**
  * This service should be used to protect output against potential XSS attacks.
  * The protection is context based.
  */
 @ProviderType
 public interface XSSFilter {

     /**
      * Default context.
      */
     ProtectionContext DEFAULT_CONTEXT = ProtectionContext.HTML_HTML_CONTENT;

     /**
      * Indicates whether or not a given source string contains XSS policy violations.
      *
      * @param context context to use for checking
      * @param src     source string
      * @return true if the source is violation-free
      * @throws NullPointerException if context is <code>null</code>
      */
     boolean check(ProtectionContext context, String src);

     /**
      * Prevents the given source string from containing XSS stuff.
      * <p>
      * The default protection context is used for checking.
      *
      * @param src source string
      * @return string that does not contain XSS stuff
      */
     String filter(String src);

     /**
      * Protects the given source string from containing XSS stuff.
      *
      * @param context context to use for checking
      * @param src     source string
      * @return string that does not contain XSS stuff
      * @throws NullPointerException if context is <code>null</code>
      */
     String filter(ProtectionContext context, String src);

     /**
      * Checks if the given URL is valid to be used for the <code>href</code> attribute in a <code>a</code> tag.
      * <p>
      * The default protection context is used for checking.
      *
      * @param url the URL that should be validated
      * @return true if the URL is violation-free
      */
     boolean isValidHref(String url);

 }
	/*******************************************************************************
	* Licensed to the Apache Software Foundation (ASF) under one or
	* more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to you under the
	* Apache License, Version 2.0 (the "License"); you may not use
	* this file except in compliance with the License. You may obtain
	* a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0 Unless required by
	* applicable law or agreed to in writing, software distributed
	* under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions
	* and limitations under the License.
	******************************************************************************/
	package org.apache.sling.xss;

	import org.osgi.annotation.versioning.ProviderType;

	/**
	* This service should be used to protect output against potential XSS attacks.
	* The protection is context based.
	*/
	@ProviderType
	public interface XSSFilter {

	/**
	* Default context.
	*/
	ProtectionContext DEFAULT_CONTEXT = ProtectionContext.HTML_HTML_CONTENT;

	/**
	* Indicates whether or not a given source string contains XSS policy violations.
	*
	* @param context context to use for checking
	* @param src source string
	* @return true if the source is violation-free
	* @throws NullPointerException if context is <code>null</code>
	*/
	boolean check(ProtectionContext context, String src);

	/**
	* Prevents the given source string from containing XSS stuff.
	* <p>
	* The default protection context is used for checking.
	*
	* @param src source string
	* @return string that does not contain XSS stuff
	*/
	String filter(String src);

	/**
	* Protects the given source string from containing XSS stuff.
	*
	* @param context context to use for checking
	* @param src source string
	* @return string that does not contain XSS stuff
	* @throws NullPointerException if context is <code>null</code>
	*/
	String filter(ProtectionContext context, String src);

	/**
	* Checks if the given URL is valid to be used for the <code>href</code> attribute in a <code>a</code> tag.
	* <p>
	* The default protection context is used for checking.
	*
	* @param url the URL that should be validated
	* @return true if the URL is violation-free
	*/
	boolean isValidHref(String url);

	}