Docs
- Home
-
Quick Index
- Introduction
- ColdBox Overview
- My First Application
- Directory Layout & Conventions
- Request Life Cycles
- ColdBox Major Classes
- Configuring
- Application Configuration
- Using configuration settings
- Fun Logging with LogBox
- Models
- ColdBox Models
- Built-in ORM Services
- ORM Event Handling
- Dependency Injection via WireBox
- Views
- Layouts and Rendering in ColdBox
- Controllers
- Event Handlers
- ColdBox SES URL Mappings
- ColdBox Modules & Architecture
- Request Context
- Request Context
- Extending the Request Context
- Tumble Down The Rabbit Hole...
- Flash RAM & Webflows
- ColdBox URL Actions
- Integrating with Ajax
- Powering Flex/Air/Remote Apps
- Application.cfc Bootstrapper
- Caching with CacheBox
- ColdBox Recipes
- Localization & i18n
- Securing your apps
- Aspect Oriented Programming
- Extending ColdBox
- ColdBox Plugins
- Core Plugins Browser
- ColdBox Interceptors
- Core Interceptors Browser
- Testing
- Testing ColdBox Applications
- Mocking-Stubbing with MockBox
- Tools, IDE Extras
- ColdBox Platform Utilities
- IDE Syntax Dictionaries
- Standalone Projects
- ColdBox Cheatsheet
- API Docs
- Directory
SideBar
User Login 
Plugins:AntiSamy
last edited by
lmajano
on 19-Apr-2011
lmajano
on 19-Apr-2011
|
Exploring the AntiSamy Plugin
Overview
OWASP AntiSamy Project that provides XSS cleanup operations to ColdBox applications
Custom Policies
The AntiSamy plugin comes with several boilerplate policies that you can use, but we recommend creating your own policy to match your requirements. Once you do this, you can easily integrate it into the plugin in three steps:
- Create a policy file based on the ones shipped and store it wherever you like in your application.
- Create a custom setting in your application with the path to this custom file: AntiSamy_Custom_Policy
// custom settings settings = { AntiSamy_Custom_Policy = expandPath("/#appMapping#/includes/MyAntiSamy.xml") };
3. You can now call the AntiSamy's HTMLSanitizer() method with custom as the policy to use.
clean = getPlugin("AntiSamy").HTMLSanitizer(rc.text,"custom");
HtmlSanitizer
clean HTML from XSS scripts using the AntiSamy project. The available policies are antisamy, ebay,myspace or slashdot
Returns
- This function returns Any
Arguments
| Key | Type | Required | Default | Description |
|---|---|---|---|---|
| HtmlData | string | Yes | --- | The html text to sanitize |
| PolicyFile | string | No | myspace | Provide policy file to scan html. Available options are: antisamy, ebay, myspace, slashdot, custom |
| resultsObject | boolean | false | false | Return the cleaned HTML or the results object. By default it is the cleaned HTML |
Examples
// Clean a single variable rc.cleanData = getPlugin("AntiSamy").HtmlSanitizer(rc.comments); rc.cleanData = getPlugin("AntiSamy").HtmlSanitizer(rc.comments,"ebay"); // Clean the entire request collection for(key in rc){ if( isSimpleValue(rc[key]) ){ rc[key] = getPlugin("AntiSamy").HtmlSanitizer(rc[key]); } } clean = getPlugin("AntiSamy").HTMLSanitizer(rc.text,"custom");
Policies
The policies that we offer are all the policies offered by the OWASP Antisamy project:
- Ebay
- SlashDot
- AntiSamy
- MySpace
- Custom (Only if you declare the AntiSamy_Custom_Policy setting)
Comments (