|
CppCMS
|
00001 00002 // 00003 // Copyright (C) 2008-2012 Artyom Beilis (Tonkikh) <artyomtnk@yahoo.com> 00004 // 00005 // See accompanying file COPYING.TXT file for licensing details. 00006 // 00008 #ifndef CPPCMS_XSS_H 00009 #define CPPCMS_XSS_H 00010 00011 #include <booster/copy_ptr.h> 00012 #include <booster/regex.h> 00013 #include <booster/function.h> 00014 #include <cppcms/defs.h> 00015 00016 #include <string.h> 00017 #include <string> 00018 #include <algorithm> 00019 00020 namespace cppcms { 00021 namespace json { 00022 class value; 00023 } 00030 namespace xss { 00031 00033 namespace details { 00034 class c_string; 00035 } 00036 struct basic_rules_holder; 00037 00039 00090 class CPPCMS_API rules { 00091 public: 00092 rules(); 00093 rules(rules const &); 00094 rules const &operator=(rules const &); 00095 ~rules(); 00096 00181 rules(json::value const &r); 00182 00188 rules(std::string const &file_name); 00189 00193 typedef enum { 00194 xhtml_input, 00195 html_input 00196 } html_type; 00197 00201 typedef enum { 00202 invalid_tag = 0, 00203 opening_and_closing = 1, 00204 stand_alone = 2, 00205 any_tag = 3, 00206 } tag_type; 00207 00211 html_type html() const; 00216 void html(html_type t); 00217 00224 void add_tag(std::string const &name,tag_type = any_tag); 00225 00229 void add_entity(std::string const &name); 00230 00231 00235 bool numeric_entities_allowed() const; 00236 00240 void numeric_entities_allowed(bool v); 00241 00245 typedef booster::function<bool(char const *begin,char const *end)> validator_type; 00246 00254 void add_boolean_property(std::string const &tag_name,std::string const &property); 00258 void add_property(std::string const &tag_name,std::string const &property,validator_type const &val); 00262 void add_property(std::string const &tag_name,std::string const &property,booster::regex const &r); 00267 void add_integer_property(std::string const &tag_name,std::string const &property); 00268 00276 void add_uri_property(std::string const &tag_name,std::string const &property); 00284 void add_uri_property(std::string const &tag_name,std::string const &property,std::string const &schema); 00285 00294 CPPCMS_DEPRECATED static booster::regex uri_matcher(); 00309 CPPCMS_DEPRECATED static booster::regex uri_matcher(std::string const &schema); 00310 00317 static validator_type uri_validator(); 00333 static validator_type uri_validator(std::string const &scheme,bool absolute_only = false); 00334 00339 static validator_type relative_uri_validator(); 00340 00344 bool comments_allowed() const; 00348 void comments_allowed(bool comments); 00349 00365 void encoding(std::string const &enc); 00366 00367 00369 00374 tag_type valid_tag(details::c_string const &tag) const; 00375 00380 bool valid_boolean_property(details::c_string const &tag,details::c_string const &property) const; 00386 bool valid_property(details::c_string const &tag,details::c_string const &property,details::c_string const &value) const; 00387 00391 bool valid_entity(details::c_string const &val) const; 00392 00397 std::string encoding() const; 00398 00400 00401 00402 private: 00403 basic_rules_holder &impl(); 00404 basic_rules_holder const &impl() const; 00405 00406 struct data; 00407 booster::copy_ptr<data> d; 00408 00409 }; 00410 00414 typedef enum { 00415 remove_invalid, 00416 escape_invalid 00417 } filtering_method_type; 00418 00425 CPPCMS_API bool validate(char const *begin,char const *end,rules const &r); 00433 CPPCMS_API bool validate_and_filter_if_invalid( char const *begin, 00434 char const *end, 00435 rules const &r, 00436 std::string &filtered, 00437 filtering_method_type method=remove_invalid, 00438 char replacement_char = 0); 00439 00444 CPPCMS_API std::string filter(char const *begin, 00445 char const *end, 00446 rules const &r, 00447 filtering_method_type method=remove_invalid, 00448 char replacement_char = 0); 00452 CPPCMS_API std::string filter(std::string const &input, 00453 rules const &r, 00454 filtering_method_type method=remove_invalid, 00455 char replacement_char = 0); 00456 00457 } // xss 00458 } 00459 #endif
1.7.6.1