/
HtmlElementsBuilder.java
70 lines (60 loc) · 2.51 KB
/
HtmlElementsBuilder.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/*
* ***** BEGIN LICENSE BLOCK *****
* Zimbra Collaboration Suite Server
* Copyright (C) 2019 Synacor, Inc.
*
* This program is free software: you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software Foundation,
* version 2 of the License.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
* You should have received a copy of the GNU General Public License along with this program.
* If not, see <https://www.gnu.org/licenses/>.
* ***** END LICENSE BLOCK *****
*/
package com.zimbra.cs.html.owasp;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.owasp.html.ElementPolicy;
import com.zimbra.cs.html.owasp.policies.AElementPolicy;
import com.zimbra.cs.html.owasp.policies.AreaElementPolicy;
import com.zimbra.cs.html.owasp.policies.BaseElementPolicy;
import com.zimbra.cs.html.owasp.policies.ImgInputElementPolicy;
/*
* Build the list of HtmlElements from policy file
*/
public class HtmlElementsBuilder {
static final String COMMA = "(\\s)?+,(\\s)?+";
private HtmlAttributesBuilder builder;
private boolean neuterImages;
private Map<String, ElementPolicy> elementSpecificPolicies = new HashMap<String, ElementPolicy>();
public HtmlElementsBuilder(HtmlAttributesBuilder builder, boolean neuterImages) {
this.builder = builder;
this.neuterImages = neuterImages;
}
public void setUp() {
elementSpecificPolicies.put("a", new AElementPolicy());
elementSpecificPolicies.put("area", new AreaElementPolicy());
elementSpecificPolicies.put("base", new BaseElementPolicy());
if (neuterImages) {
elementSpecificPolicies.put("img", new ImgInputElementPolicy());
elementSpecificPolicies.put("input", new ImgInputElementPolicy());
}
// add any other element policies
}
public List<HtmlElement> build() {
setUp();
Set<String> allowed = OwaspPolicy.getAllowedElements();
List<HtmlElement> elements = new ArrayList<>();
for (String element : allowed) {
final ElementPolicy policy = elementSpecificPolicies.get(element);
elements.add(new HtmlElement(element, policy, builder.build(element)));
}
return elements;
}
}