CppCMS
xss.h
1 //
3 // Copyright (C) 2008-2012 Artyom Beilis (Tonkikh) <artyomtnk@yahoo.com>
4 //
5 // See accompanying file COPYING.TXT file for licensing details.
6 //
8 #ifndef CPPCMS_XSS_H
9 #define CPPCMS_XSS_H
10 
11 #include <booster/copy_ptr.h>
12 #include <booster/regex.h>
13 #include <booster/function.h>
14 #include <cppcms/defs.h>
15 
16 #include <string.h>
17 #include <string>
18 #include <algorithm>
19 
20 namespace cppcms {
21  namespace json {
22  class value;
23  }
30  namespace xss {
31 
33  namespace details {
34  class c_string;
35  }
36  struct basic_rules_holder;
37 
39 
90  class CPPCMS_API rules {
91  public:
92  rules();
93  rules(rules const &);
94  rules const &operator=(rules const &);
95  ~rules();
96 
181  rules(json::value const &r);
182 
188  rules(std::string const &file_name);
189 
193  typedef enum {
195  html_input
196  } html_type;
197 
201  typedef enum {
202  invalid_tag = 0,
203  opening_and_closing = 1,
204  stand_alone = 2,
205  any_tag = 3,
206  } tag_type;
207 
211  html_type html() const;
216  void html(html_type t);
217 
224  void add_tag(std::string const &name,tag_type = any_tag);
225 
229  void add_entity(std::string const &name);
230 
231 
235  bool numeric_entities_allowed() const;
236 
240  void numeric_entities_allowed(bool v);
241 
246 
254  void add_boolean_property(std::string const &tag_name,std::string const &property);
258  void add_property(std::string const &tag_name,std::string const &property,validator_type const &val);
262  void add_property(std::string const &tag_name,std::string const &property,booster::regex const &r);
267  void add_integer_property(std::string const &tag_name,std::string const &property);
268 
276  void add_uri_property(std::string const &tag_name,std::string const &property);
284  void add_uri_property(std::string const &tag_name,std::string const &property,std::string const &schema);
285 
294  CPPCMS_DEPRECATED static booster::regex uri_matcher();
309  CPPCMS_DEPRECATED static booster::regex uri_matcher(std::string const &schema);
310 
317  static validator_type uri_validator();
333  static validator_type uri_validator(std::string const &scheme,bool absolute_only = false);
334 
339  static validator_type relative_uri_validator();
340 
344  bool comments_allowed() const;
348  void comments_allowed(bool comments);
349 
365  void encoding(std::string const &enc);
366 
367 
369 
374  tag_type valid_tag(details::c_string const &tag) const;
375 
380  bool valid_boolean_property(details::c_string const &tag,details::c_string const &property) const;
386  bool valid_property(details::c_string const &tag,details::c_string const &property,details::c_string const &value) const;
387 
391  bool valid_entity(details::c_string const &val) const;
392 
397  std::string encoding() const;
398 
400 
401 
402  private:
403  basic_rules_holder &impl();
404  basic_rules_holder const &impl() const;
405 
406  struct data;
408 
409  };
410 
414  typedef enum {
418 
425  CPPCMS_API bool validate(char const *begin,char const *end,rules const &r);
433  CPPCMS_API bool validate_and_filter_if_invalid( char const *begin,
434  char const *end,
435  rules const &r,
436  std::string &filtered,
437  filtering_method_type method=remove_invalid,
438  char replacement_char = 0);
439 
444  CPPCMS_API std::string filter(char const *begin,
445  char const *end,
446  rules const &r,
447  filtering_method_type method=remove_invalid,
448  char replacement_char = 0);
452  CPPCMS_API std::string filter(std::string const &input,
453  rules const &r,
454  filtering_method_type method=remove_invalid,
455  char replacement_char = 0);
456 
457  } // xss
458 }
459 #endif
This is a simple wrapper of PCRE library.
Definition: perl_regex.h:35
This class is central representation of json objects.
Definition: json.h:140
CPPCMS_API std::string filter(char const *begin, char const *end, rules const &r, filtering_method_type method=remove_invalid, char replacement_char=0)
Filter the input in range [begin, end) according to the rules r using filtering method method...
tag_type
Definition: xss.h:201
CPPCMS_API bool validate(char const *begin, char const *end, rules const &r)
Check the input in range [begin, end) according to the rules r.
This is the namespace where all CppCMS functionality is placed.
Definition: application.h:19
The class that holds XSS filter rules.
Definition: xss.h:90
booster::function< bool(char const *begin, char const *end)> validator_type
Definition: xss.h:245
filtering_method_type
The enumerator that defines filtering invalid HTML method.
Definition: xss.h:414
Definition: function.h:16
CPPCMS_API bool validate_and_filter_if_invalid(char const *begin, char const *end, rules const &r, std::string &filtered, filtering_method_type method=remove_invalid, char replacement_char=0)
Validate the input in range [begin, end) according to the rules r and if it is not valid filter it an...
html_type
Definition: xss.h:193
Assume that the input is XHTML.
Definition: xss.h:194
Remove all invalid HTML form the input.
Definition: xss.h:415
Escape (convert to text) all invalid HTML in the input.
Definition: xss.h:416