Liferay 7.0-ce-b4

com.liferay.portal.kernel.sanitizer
Interface Sanitizer

All Known Implementing Classes:
BaseSanitizer

public interface Sanitizer

Provides an interface and constants for sanitizer component implementations. Commonly, sanitizers are implemented for stripping offensive vocabulary from content or for removing malicious HTML content, such as cross-site scripting (CSS). Multiple implementations can be deployed in a hook plugin and specified in a comma separated list of values for the sanitizer.impl portal property (see Sanitizer). All installed sanitizers are chained.


Field Summary
static String MODE_ALL
           
static String MODE_BAD_WORDS
           
static String MODE_XSS
           
 
Method Summary
 byte[] sanitize(long companyId, long groupId, long userId, String className, long classPK, String contentType, String[] modes, byte[] bytes, Map<String,Object> options)
          Deprecated. As of 7.0.0, replaced by sanitize(long, long, long, String, long, String, String[], String, Map)
 void sanitize(long companyId, long groupId, long userId, String className, long classPK, String contentType, String[] modes, InputStream inputStream, OutputStream outputStream, Map<String,Object> options)
          Deprecated. As of 7.0.0, replaced by sanitize(long, long, long, String, long, String, String[], String, Map)
 String sanitize(long companyId, long groupId, long userId, String className, long classPK, String contentType, String[] modes, String content, Map<String,Object> options)
          Returns the sanitized content as a string.
 

Field Detail

MODE_ALL

static final String MODE_ALL
See Also:
Constant Field Values

MODE_BAD_WORDS

static final String MODE_BAD_WORDS
See Also:
Constant Field Values

MODE_XSS

static final String MODE_XSS
See Also:
Constant Field Values
Method Detail

sanitize

@Deprecated
byte[] sanitize(long companyId,
                           long groupId,
                           long userId,
                           String className,
                           long classPK,
                           String contentType,
                           String[] modes,
                           byte[] bytes,
                           Map<String,Object> options)
                throws SanitizerException
Deprecated. As of 7.0.0, replaced by sanitize(long, long, long, String, long, String, String[], String, Map)

Returns the sanitized content as a byte array. Implementations may modify the input byte array.

Parameters:
companyId - the primary key of the portal instance
groupId - the primary key of the site's group
userId - the user who changed the content
className - the class name of the content model implementation
classPK - the primary key of the content to sanitize, 0 if not available
contentType - the content type. For more information, see ContentTypes.
modes - ways in which to run the sanitizer, such as MODE_ALL, MODE_BAD_WORDS, and/or MODE_XSS
bytes - the content to be sanitized
options - a map of options for the sanitizer
Returns:
the sanitized content
Throws:
SanitizerException - if a sanitizer exception occurred

sanitize

@Deprecated
void sanitize(long companyId,
                         long groupId,
                         long userId,
                         String className,
                         long classPK,
                         String contentType,
                         String[] modes,
                         InputStream inputStream,
                         OutputStream outputStream,
                         Map<String,Object> options)
              throws SanitizerException
Deprecated. As of 7.0.0, replaced by sanitize(long, long, long, String, long, String, String[], String, Map)

Sanitizes the input stream content, assigning the results to the output stream.

Parameters:
companyId - the primary key of the portal instance
groupId - the primary key of the site's group
userId - the user who changed the content
className - the class name of the content model implementation
classPK - the primary key of the content to sanitize, 0 if not available
contentType - the content type. For more information, see ContentTypes.
modes - ways in which to run the sanitizer, such as MODE_ALL, MODE_BAD_WORDS, and/or MODE_XSS
inputStream - the content to be sanitized
outputStream - the result of the sanitizing process
options - a map of options for the sanitizer
Throws:
SanitizerException - if a sanitizer exception occurred

sanitize

String sanitize(long companyId,
                long groupId,
                long userId,
                String className,
                long classPK,
                String contentType,
                String[] modes,
                String content,
                Map<String,Object> options)
                throws SanitizerException
Returns the sanitized content as a string.

Parameters:
companyId - the primary key of the portal instance
groupId - the primary key of the site's group
userId - the user who changed the content
className - the class name of the content model implementation
classPK - the primary key of the content to sanitize, 0 if not available
contentType - the content type. For more information, see ContentTypes.
modes - ways in which to run the sanitizer, such as MODE_ALL, MODE_BAD_WORDS, and/or MODE_XSS
content - the content to sanitize
options - the options map
Returns:
the sanitized content
Throws:
SanitizerException - if a sanitizer exception occurred

Liferay 7.0-ce-b4