Flatten packages
Remove modules prefix
This commit is contained in:
@@ -0,0 +1,38 @@
|
||||
package be.simplenotes.domain.security
|
||||
|
||||
import be.simplenotes.types.LoggedInUser
|
||||
import org.owasp.html.HtmlChangeListener
|
||||
import org.owasp.html.HtmlPolicyBuilder
|
||||
import org.slf4j.LoggerFactory
|
||||
import javax.inject.Singleton
|
||||
|
||||
@Singleton
|
||||
class HtmlSanitizer {
|
||||
private val htmlPolicy = HtmlPolicyBuilder()
|
||||
.allowElements("a")
|
||||
.allowCommonBlockElements()
|
||||
.allowCommonInlineFormattingElements()
|
||||
.allowElements("pre")
|
||||
.allowAttributes("class").onElements("code")
|
||||
.allowUrlProtocols("http", "https")
|
||||
.allowAttributes("href").onElements("a")
|
||||
.allowElements("input")
|
||||
.allowAttributes("type", "checked", "disabled", "readonly").onElements("input")
|
||||
.requireRelNofollowOnLinks()
|
||||
.toFactory()!!
|
||||
|
||||
private val logger = LoggerFactory.getLogger(javaClass)
|
||||
|
||||
private val htmlChangeListener = object : HtmlChangeListener<LoggedInUser> {
|
||||
override fun discardedTag(context: LoggedInUser?, elementName: String) {
|
||||
logger.warn("Discarded tag $elementName for user $context")
|
||||
}
|
||||
|
||||
override fun discardedAttributes(context: LoggedInUser?, tagName: String, vararg attributeNames: String) {
|
||||
logger.warn("Discarded attributes ${attributeNames.contentToString()} on tag $tagName for user $context")
|
||||
}
|
||||
}
|
||||
|
||||
fun sanitize(userId: LoggedInUser, unsafeHtml: String) =
|
||||
htmlPolicy.sanitize(unsafeHtml, htmlChangeListener, userId)!!
|
||||
}
|
||||
Reference in New Issue
Block a user