owasp/html/Sanitizers.java

38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// Copyright (c) 2011, Mike Samuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// All rights reserved.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel//
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// Redistribution and use in source and binary forms, with or without
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// modification, are permitted provided that the following conditions
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// are met:
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel//
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// Redistributions of source code must retain the above copyright
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// notice, this list of conditions and the following disclaimer.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// Redistributions in binary form must reproduce the above copyright
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// notice, this list of conditions and the following disclaimer in the
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// documentation and/or other materials provided with the distribution.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// Neither the name of the OWASP nor the names of its contributors may
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// be used to endorse or promote products derived from this software
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// without specific prior written permission.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel// POSSIBILITY OF SUCH DAMAGE.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuelpackage org.owasp.html;
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel/**
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * Pre-packaged HTML sanitizer policies.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel *
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * <p>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * These policies can be used to sanitize content.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * </p>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * <pre>
6434d0d4455c4afb38b7c9c58c4ad844fb761a3fmikesamuel *   Sanitizers.FORMATTING.sanitize({@code "<b>Hello, World!</b>"})
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * </pre>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * and can be chained
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * <pre>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel *   PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS);
6434d0d4455c4afb38b7c9c58c4ad844fb761a3fmikesamuel *   System.out.println(sanitizer.sanitize({@code "<p>Hello, <b>World!</b>"}));
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * </pre>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel *
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * <p>
d7c2f9f6c741b83b880ad878269d18ceb1af1d4amikesamuel * For more fine-grained control over sanitization, use
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * {@link HtmlPolicyBuilder}.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * </p>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel *
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel * @author Mike Samuel <mikesamuel@gmail.com>
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel */
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuelpublic final class Sanitizers {
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  /**
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   * Allows common formatting elements including {@code <b>}, {@code <i>}, etc.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   */
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  public static final PolicyFactory FORMATTING = new HtmlPolicyBuilder()
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowCommonInlineFormattingElements().toFactory();
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  /**
6434d0d4455c4afb38b7c9c58c4ad844fb761a3fmikesamuel   * Allows common block elements including <code>&lt;p&gt;</code>,
6434d0d4455c4afb38b7c9c58c4ad844fb761a3fmikesamuel   * <code>&lt;h1&gt;</code>, etc.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   */
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  public static final PolicyFactory BLOCKS = new HtmlPolicyBuilder()
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowCommonBlockElements().toFactory();
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  /**
6434d0d4455c4afb38b7c9c58c4ad844fb761a3fmikesamuel   * Allows certain safe CSS properties in {@code style="..."} attributes.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   */
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  public static final PolicyFactory STYLES = new HtmlPolicyBuilder()
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowStyling().toFactory();
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  /**
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   * Allows HTTP, HTTPS, MAILTO, and relative links.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   */
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  public static final PolicyFactory LINKS = new HtmlPolicyBuilder()
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowStandardUrlProtocols().allowElements("a")
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowAttributes("href").onElements("a").requireRelNofollowOnLinks()
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .toFactory();
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  private static final AttributePolicy INTEGER = new AttributePolicy() {
ce5bde40e2e126de05105f09f1f965a5c70aaa94mikesamuel    public String apply(
ce5bde40e2e126de05105f09f1f965a5c70aaa94mikesamuel        String elementName, String attributeName, String value) {
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      int n = value.length();
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      if (n == 0) { return null; }
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      for (int i = 0; i < n; ++i) {
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel        char ch = value.charAt(i);
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel        if (ch == '.') {
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel          if (i == 0) { return null; }
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel          return value.substring(0, i);  // truncate to integer.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel        } else if (!('0' <= ch && ch <= '9')) {
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel          return null;
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel        }
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      }
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      return value;
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel    }
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  };
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  /**
6434d0d4455c4afb38b7c9c58c4ad844fb761a3fmikesamuel   * Allows {@code <img>} elements from HTTP, HTTPS, and relative sources.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel   */
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  public static final PolicyFactory IMAGES = new HtmlPolicyBuilder()
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowUrlProtocols("http", "https").allowElements("img")
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowAttributes("alt", "src").onElements("img")
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .allowAttributes("border", "height", "width").matching(INTEGER)
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel          .onElements("img")
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel      .toFactory();
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  private Sanitizers() {
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel    // Uninstantiable.
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel  }
38bb37b955601261fd8945ee22aa09ac30d29298mikesamuel}