/// <summary> Scans the contents of a full stylesheet (ex. a file based stylesheet or /// the complete stylesheet contents as declared within <style> tags) /// /// </summary> /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS /// stylesheet to validate /// </param> /// <returns> a <code>CleanResuts</code> object containing the results of the /// scan /// </returns> /// <throws> ScanException </throws> /// <summary> if an error occurs during scanning /// </summary> public virtual CleanResults scanStyleSheet(string taintedCss, int sizeLimit) { DateTime startOfScan = new DateTime(); ArrayList errorMessages = new ArrayList(); ArrayList stylesheets = new ArrayList(); CssHandler handler = new CssHandler(policy, stylesheets, errorMessages); parser.setDocumentHandler(handler); try { // parse the style declaration // note this does not count against the size limit because it // should already have been counted by the caller since it was // embedded in the HTML InputSource source = new InputSource(); source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray())); parser.parseStyleSheet(source); //not sure if this is correct, the java version puts in a string reader, i just pass in a string } catch (IOException ioe) { throw new ScanException(ioe); } //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit); return(new CleanResults(startOfScan, new DateTime(), handler.getCleanStylesheet(), null, errorMessages)); //return null; }
/// <summary> Scans the contents of an inline style declaration (ex. in the style /// attribute of an HTML tag) and validates the style sheet according to this /// <code>CssScanner</code>'s policy file. /// /// </summary> /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS /// stylesheet to validate /// </param> /// <param name="tagName">the name of the tag for which this inline style was declared /// </param> /// <returns> a <code>CleanResuts</code> object containing the results of the /// scan /// </returns> /// <throws> ScanException </throws> /// <summary> if an error occurs during scanning /// </summary> public virtual CleanResults scanInlineStyle(string taintedCss, string tagName, int sizeLimit) { DateTime startOfScan = new DateTime(); ArrayList errorMessages = new ArrayList(); // Create a queue of all style sheets that need to be validated to // account for any sheets that may be imported by the current CSS ArrayList stylesheets = new ArrayList(); CssHandler handler = new CssHandler(policy, stylesheets, errorMessages, tagName); parser.setDocumentHandler(handler); try { // parse the inline style declaration // note this does not count against the size limit because it // should already have been counted by the caller since it was // embedded in the HTML InputSource source = new InputSource(); source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray())); parser.parseStyleSheet(source); //parser.parseStyleDeclaration(taintedCss); } catch (IOException ioe) { throw new ScanException(ioe); } //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit); return(new CleanResults(startOfScan, new DateTime(), handler .getCleanStylesheet(), null, errorMessages)); }
/// <summary> Scans the contents of a full stylesheet (ex. a file based stylesheet or /// the complete stylesheet contents as declared within <style> tags) /// /// </summary> /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS /// stylesheet to validate /// </param> /// <returns> a <code>CleanResuts</code> object containing the results of the /// scan /// </returns> /// <throws> ScanException </throws> /// <summary> if an error occurs during scanning /// </summary> public virtual CleanResults scanStyleSheet(string taintedCss, int sizeLimit) { DateTime startOfScan = new DateTime(); ArrayList errorMessages = new ArrayList(); ArrayList stylesheets = new ArrayList(); CssHandler handler = new CssHandler(policy, stylesheets, errorMessages); parser.setDocumentHandler(handler); try { // parse the style declaration // note this does not count against the size limit because it // should already have been counted by the caller since it was // embedded in the HTML InputSource source = new InputSource(); source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray())); parser.parseStyleSheet(source); //not sure if this is correct, the java version puts in a string reader, i just pass in a string } catch (IOException ioe) { throw new ScanException(ioe); } //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit); return new CleanResults(startOfScan, new DateTime(), handler.getCleanStylesheet(), null, errorMessages); //return null; }
/// <summary> Scans the contents of an inline style declaration (ex. in the style /// attribute of an HTML tag) and validates the style sheet according to this /// <code>CssScanner</code>'s policy file. /// /// </summary> /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS /// stylesheet to validate /// </param> /// <param name="tagName">the name of the tag for which this inline style was declared /// </param> /// <returns> a <code>CleanResuts</code> object containing the results of the /// scan /// </returns> /// <throws> ScanException </throws> /// <summary> if an error occurs during scanning /// </summary> public virtual CleanResults scanInlineStyle(string taintedCss, string tagName, int sizeLimit) { DateTime startOfScan = new DateTime(); ArrayList errorMessages = new ArrayList(); // Create a queue of all style sheets that need to be validated to // account for any sheets that may be imported by the current CSS ArrayList stylesheets = new ArrayList(); CssHandler handler = new CssHandler(policy, stylesheets, errorMessages, tagName); parser.setDocumentHandler(handler); try { // parse the inline style declaration // note this does not count against the size limit because it // should already have been counted by the caller since it was // embedded in the HTML InputSource source = new InputSource(); source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray())); parser.parseStyleSheet(source); //parser.parseStyleDeclaration(taintedCss); } catch (IOException ioe) { throw new ScanException(ioe); } //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit); return new CleanResults(startOfScan, new DateTime(), handler .getCleanStylesheet(), null, errorMessages); }