1 package org.cateproject.controller.sanitize;
2
3 import java.io.IOException;
4 import java.util.List;
5
6 import org.apache.commons.logging.Log;
7 import org.apache.commons.logging.LogFactory;
8 import org.owasp.validator.html.AntiSamy;
9 import org.owasp.validator.html.CleanResults;
10 import org.owasp.validator.html.Policy;
11 import org.owasp.validator.html.PolicyException;
12 import org.owasp.validator.html.ScanException;
13 import org.springframework.core.io.ClassPathResource;
14 import org.springframework.core.io.Resource;
15 import org.springframework.stereotype.Component;
16 import org.springframework.validation.Errors;
17
18 @Component
19 public class AntiSamyServiceImpl implements AntiSamyService {
20 protected static Log log = LogFactory.getLog(AntiSamyServiceImpl.class);
21
22 private AntiSamy antiSamy;
23
24 private Resource policyFile = new ClassPathResource("org/cateproject/controller/antisamy-policy.xml");
25
26 private Policy policy;
27
28 public void setPolicyFile(Resource policyFile) {
29 this.policyFile = policyFile;
30 }
31
32 private AntiSamy getAntiSamy() throws PolicyException {
33 if(policy == null) {
34
35 if(policyFile == null) {
36 policy = Policy.getInstance();
37 } else {
38 try {
39 policy = Policy.getInstance(policyFile.getFile());
40 } catch (IOException ioe) {
41 log.error(ioe);
42 }
43 }
44 }
45
46 if(antiSamy == null) {
47 antiSamy = new AntiSamy();
48 }
49
50 return antiSamy;
51 }
52
53 public String sanitize(String comment, String field, Errors errors) {
54 CleanResults cleanResults = null;
55 try {
56 cleanResults = getAntiSamy().scan(comment,policy);
57 } catch(PolicyException pe) {
58 log.error(pe);
59 } catch(ScanException se) {
60 log.error(se);
61 errors.rejectValue(field, "scanException", se.getMessage());
62 }
63 if(cleanResults.getNumberOfErrors() > 0) {
64 for(String errorMessage : (List<String>)cleanResults.getErrorMessages()) {
65 errors.rejectValue(field, "antisamyError", errorMessage);
66 }
67
68 }
69
70 return cleanResults.getCleanHTML();
71 }
72 }