-
Notifications
You must be signed in to change notification settings - Fork 23
/
hdiv-config.xml
27 lines (23 loc) · 1.34 KB
/
hdiv-config.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:hdiv="http://www.hdiv.org/schema/hdiv"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd">
<hdiv:config excludedExtensions="css,png">
<hdiv:sessionExpired loginPage="/login.html" homePage="/"/>
<hdiv:startPages>/attacks/.*</hdiv:startPages>
<hdiv:startPages method="get">/,/login.html</hdiv:startPages>
<hdiv:startPages method="post">/j_spring_security_check,/logout.html</hdiv:startPages>
<hdiv:startParameters>_csrf</hdiv:startParameters>
</hdiv:config>
<!-- Accepted pattern within the application for all editable parameters (generated from textbox and textarea) -->
<hdiv:validation id="safeText">
<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9@.\-_]*$]]></hdiv:acceptedPattern>
</hdiv:validation>
<!-- Finally, it's necessary to define editable data validation list for
the application -->
<hdiv:editableValidations>
<hdiv:validationRule url="/secure/.*"></hdiv:validationRule>
<hdiv:validationRule url="/safetext/.*" enableDefaults="false">safeText</hdiv:validationRule>
</hdiv:editableValidations>
</beans>