00001
00002
00003
00004
00005
00006
00008 #ifndef CPPCMS_XSS_H
00009 #define CPPCMS_XSS_H
00010
00011 #include <booster/copy_ptr.h>
00012 #include <booster/regex.h>
00013 #include <booster/function.h>
00014 #include <cppcms/defs.h>
00015
00016 #include <string.h>
00017 #include <string>
00018 #include <algorithm>
00019
00020 namespace cppcms {
00021 namespace json {
00022 class value;
00023 }
00030 namespace xss {
00031
00033 namespace details {
00034 class c_string;
00035 }
00036 struct basic_rules_holder;
00037
00039
00090 class CPPCMS_API rules {
00091 public:
00092 rules();
00093 rules(rules const &);
00094 rules const &operator=(rules const &);
00095 ~rules();
00096
00181 rules(json::value const &r);
00182
00188 rules(std::string const &file_name);
00189
00193 typedef enum {
00194 xhtml_input,
00195 html_input
00196 } html_type;
00197
00201 typedef enum {
00202 invalid_tag = 0,
00203 opening_and_closing = 1,
00204 stand_alone = 2,
00205 any_tag = 3,
00206 } tag_type;
00207
00211 html_type html() const;
00216 void html(html_type t);
00217
00224 void add_tag(std::string const &name,tag_type = any_tag);
00225
00229 void add_entity(std::string const &name);
00230
00231
00235 bool numeric_entities_allowed() const;
00236
00240 void numeric_entities_allowed(bool v);
00241
00245 typedef booster::function<bool(char const *begin,char const *end)> validator_type;
00246
00254 void add_boolean_property(std::string const &tag_name,std::string const &property);
00258 void add_property(std::string const &tag_name,std::string const &property,validator_type const &val);
00262 void add_property(std::string const &tag_name,std::string const &property,booster::regex const &r);
00267 void add_integer_property(std::string const &tag_name,std::string const &property);
00268
00276 void add_uri_property(std::string const &tag_name,std::string const &property);
00284 void add_uri_property(std::string const &tag_name,std::string const &property,std::string const &schema);
00285
00294 CPPCMS_DEPRECATED static booster::regex uri_matcher();
00309 CPPCMS_DEPRECATED static booster::regex uri_matcher(std::string const &schema);
00310
00317 static validator_type uri_validator();
00333 static validator_type uri_validator(std::string const &scheme,bool absolute_only = false);
00334
00339 static validator_type relative_uri_validator();
00340
00344 bool comments_allowed() const;
00348 void comments_allowed(bool comments);
00349
00365 void encoding(std::string const &enc);
00366
00367
00369
00374 tag_type valid_tag(details::c_string const &tag) const;
00375
00380 bool valid_boolean_property(details::c_string const &tag,details::c_string const &property) const;
00386 bool valid_property(details::c_string const &tag,details::c_string const &property,details::c_string const &value) const;
00387
00391 bool valid_entity(details::c_string const &val) const;
00392
00397 std::string encoding() const;
00398
00400
00401
00402 private:
00403 basic_rules_holder &impl();
00404 basic_rules_holder const &impl() const;
00405
00406 struct data;
00407 booster::copy_ptr<data> d;
00408
00409 };
00410
00414 typedef enum {
00415 remove_invalid,
00416 escape_invalid
00417 } filtering_method_type;
00418
00425 CPPCMS_API bool validate(char const *begin,char const *end,rules const &r);
00433 CPPCMS_API bool validate_and_filter_if_invalid( char const *begin,
00434 char const *end,
00435 rules const &r,
00436 std::string &filtered,
00437 filtering_method_type method=remove_invalid,
00438 char replacement_char = 0);
00439
00444 CPPCMS_API std::string filter(char const *begin,
00445 char const *end,
00446 rules const &r,
00447 filtering_method_type method=remove_invalid,
00448 char replacement_char = 0);
00452 CPPCMS_API std::string filter(std::string const &input,
00453 rules const &r,
00454 filtering_method_type method=remove_invalid,
00455 char replacement_char = 0);
00456
00457 }
00458 }
00459 #endif
