Package com.day.cq.xss

Interface XSSProtectionService

  • @Deprecated
public interface XSSProtectionService
    Deprecated.
    Use the XSSFilter instead.
    This interface must be implemented by all services that can be used for preventing XSS attacks.

    • Method Summary

      All Methods Instance Methods Abstract Methods Deprecated Methods 
      Modifier and Type Method Description
      void invalidatePolicy​(java.lang.String policyPath)
      Deprecated.
      java.lang.String protectForContext​(ProtectionContext context, java.lang.String src)
      Deprecated.
      Protected the given source string from containing XSS stuff, considering the specified protection context.
      java.lang.String protectForContext​(ProtectionContext context, java.lang.String src, java.lang.String policyPath)
      Deprecated.
      Protected the given source string from containing XSS stuff, considering the specified protection context.
      java.lang.String protectFromXSS​(java.lang.String src)
      Deprecated.
      Prevents the given source string from containing XSS stuff.
      java.lang.String protectFromXSS​(java.lang.String src, java.lang.String policyPath)
      Deprecated.
      Protects the given source string from containing XSS stuff.

    • Method Detail

      • invalidatePolicy

        @Deprecated
void invalidatePolicy​(java.lang.String policyPath)
        Deprecated.
        Invalidates the given policy.

        This is used to declare cached policies as invalid and enforce reloading when protectFromXss() is called the next time.

        Invalidating policies manually is not necessary anymore, as changes get detetcted automatically since CQ 5.4.

        Parameters:
        policyPath - policy path (as used for protectFromXSS()) to invalidate

      • protectFromXSS

        java.lang.String protectFromXSS​(java.lang.String src)
                         throws XSSProtectionException
        Deprecated.
        Prevents the given source string from containing XSS stuff.

        The default policy is used for checking.

        Parameters:
        src - source string
        Returns:
        string that does not contain XSS stuff
        Throws:
        XSSProtectionException - if loading the default policy or scanning the source string didn't succeed.

      • protectFromXSS

        java.lang.String protectFromXSS​(java.lang.String src,
                                java.lang.String policyPath)
                         throws XSSProtectionException
        Deprecated.
        Protects the given source string from containing XSS stuff.

        The default policy is used for checking.

        Parameters:
        src - source string
        policyPath - path to policy configuration node; the default configuration will be taken if this parameter is set to null
        Returns:
        string that does not contain XSS stuff
        Throws:
        XSSProtectionException - if loading the given policy or scanning the source string didn't succeed.

      • protectForContext

        java.lang.String protectForContext​(ProtectionContext context,
                                   java.lang.String src,
                                   java.lang.String policyPath)
                            throws XSSProtectionException
        Deprecated.
        Protected the given source string from containing XSS stuff, considering the specified protection context.

        For more information about protection contexts, see ProtectionContext and http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

        Parameters:
        context - The protection context
        src - The string to protect
        policyPath - The path to a configuration node that contains the policy to be used (dependant on the protection context); null to use the default policy.
        Returns:
        The protected String
        Throws:
        XSSProtectionException - if loading the policy or scanning the source does not succeed
        Since:
        5.4

      • protectForContext

        java.lang.String protectForContext​(ProtectionContext context,
                                   java.lang.String src)
                            throws XSSProtectionException
        Deprecated.
        Protected the given source string from containing XSS stuff, considering the specified protection context.

        For more information about protection contexts, see ProtectionContext and http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

        Parameters:
        context - The protection context
        src - The string to protect
        Returns:
        The protected String
        Throws:
        XSSProtectionException - if loading the policy or scanning the source does not succeed
        Since:
        5.4