예제 #1
0
        /// <summary> Scans the contents of a full stylesheet (ex. a file based stylesheet or
        /// the complete stylesheet contents as declared within &lt;style&gt; tags)
        ///
        /// </summary>
        /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS
        /// stylesheet to validate
        /// </param>
        /// <returns> a <code>CleanResuts</code> object containing the results of the
        /// scan
        /// </returns>
        /// <throws>  ScanException </throws>
        /// <summary>             if an error occurs during scanning
        /// </summary>
        public virtual CleanResults scanStyleSheet(string taintedCss, int sizeLimit)
        {
            DateTime   startOfScan   = new DateTime();
            ArrayList  errorMessages = new ArrayList();
            ArrayList  stylesheets   = new ArrayList();
            CssHandler handler       = new CssHandler(policy, stylesheets, errorMessages);


            parser.setDocumentHandler(handler);
            try
            {
                // parse the style declaration
                // note this does not count against the size limit because it
                // should already have been counted by the caller since it was
                // embedded in the HTML

                InputSource source = new InputSource();
                source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray()));
                parser.parseStyleSheet(source);

                //not sure if this is correct, the java version puts in a string reader, i just pass in a string
            }
            catch (IOException ioe)
            {
                throw new ScanException(ioe);
            }

            //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit);

            return(new CleanResults(startOfScan, new DateTime(), handler.getCleanStylesheet(), null, errorMessages));
            //return null;
        }
예제 #2
0
        /// <summary> Scans the contents of an inline style declaration (ex. in the style
        /// attribute of an HTML tag) and validates the style sheet according to this
        /// <code>CssScanner</code>'s policy file.
        ///
        /// </summary>
        /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS
        /// stylesheet to validate
        /// </param>
        /// <param name="tagName">the name of the tag for which this inline style was declared
        /// </param>
        /// <returns> a <code>CleanResuts</code> object containing the results of the
        /// scan
        /// </returns>
        /// <throws>  ScanException </throws>
        /// <summary>             if an error occurs during scanning
        /// </summary>

        public virtual CleanResults scanInlineStyle(string taintedCss, string tagName, int sizeLimit)
        {
            DateTime startOfScan = new DateTime();

            ArrayList errorMessages = new ArrayList();

            // Create a queue of all style sheets that need to be validated to
            // account for any sheets that may be imported by the current CSS

            ArrayList stylesheets = new ArrayList();

            CssHandler handler = new CssHandler(policy, stylesheets, errorMessages, tagName);

            parser.setDocumentHandler(handler);

            try
            {
                // parse the inline style declaration
                // note this does not count against the size limit because it
                // should already have been counted by the caller since it was
                // embedded in the HTML
                InputSource source = new InputSource();
                source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray()));
                parser.parseStyleSheet(source);
                //parser.parseStyleDeclaration(taintedCss);
            }
            catch (IOException ioe)
            {
                throw new ScanException(ioe);
            }

            //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit);

            return(new CleanResults(startOfScan, new DateTime(), handler
                                    .getCleanStylesheet(), null, errorMessages));
        }
예제 #3
0
        /// <summary> Scans the contents of a full stylesheet (ex. a file based stylesheet or
        /// the complete stylesheet contents as declared within &lt;style&gt; tags)
        /// 
        /// </summary>
        /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS
        /// stylesheet to validate
        /// </param>
        /// <returns> a <code>CleanResuts</code> object containing the results of the
        /// scan
        /// </returns>
        /// <throws>  ScanException </throws>
        /// <summary>             if an error occurs during scanning
        /// </summary>
        public virtual CleanResults scanStyleSheet(string taintedCss, int sizeLimit)
        {
            DateTime startOfScan = new DateTime();
            ArrayList errorMessages = new ArrayList();
            ArrayList stylesheets = new ArrayList();
            CssHandler handler = new CssHandler(policy, stylesheets, errorMessages);


            parser.setDocumentHandler(handler);
            try
            {
                // parse the style declaration
                // note this does not count against the size limit because it
                // should already have been counted by the caller since it was
                // embedded in the HTML

                InputSource source = new InputSource();
                source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray()));
                parser.parseStyleSheet(source);

                //not sure if this is correct, the java version puts in a string reader, i just pass in a string

            }
            catch (IOException ioe)
            {
                throw new ScanException(ioe);
            }

            //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit);

            return new CleanResults(startOfScan, new DateTime(), handler.getCleanStylesheet(), null, errorMessages);
            //return null;
        }
예제 #4
0
        /// <summary> Scans the contents of an inline style declaration (ex. in the style
        /// attribute of an HTML tag) and validates the style sheet according to this
        /// <code>CssScanner</code>'s policy file.
        /// 
        /// </summary>
        /// <param name="taintedCss">a <code>String</code> containing the contents of the CSS
        /// stylesheet to validate
        /// </param>
        /// <param name="tagName">the name of the tag for which this inline style was declared
        /// </param>
        /// <returns> a <code>CleanResuts</code> object containing the results of the
        /// scan
        /// </returns>
        /// <throws>  ScanException </throws>
        /// <summary>             if an error occurs during scanning
        /// </summary>

        public virtual CleanResults scanInlineStyle(string taintedCss, string tagName, int sizeLimit)
        {

            DateTime startOfScan = new DateTime();

            ArrayList errorMessages = new ArrayList();

            // Create a queue of all style sheets that need to be validated to
            // account for any sheets that may be imported by the current CSS

            ArrayList stylesheets = new ArrayList();

            CssHandler handler = new CssHandler(policy, stylesheets, errorMessages, tagName);

            parser.setDocumentHandler(handler);

            try
            {
                // parse the inline style declaration
                // note this does not count against the size limit because it
                // should already have been counted by the caller since it was
                // embedded in the HTML
                InputSource source = new InputSource();
                source.setCharacterStream(new java.io.CharArrayReader(taintedCss.ToCharArray()));
                parser.parseStyleSheet(source);
                //parser.parseStyleDeclaration(taintedCss);
            }
            catch (IOException ioe)
            {
                throw new ScanException(ioe);
            }

            //parseImportedStylesheets(stylesheets, handler, errorMessages, sizeLimit);

            return new CleanResults(startOfScan, new DateTime(), handler
                .getCleanStylesheet(), null, errorMessages);

        }