org.owasp.validator.css

Class CssScanner

java.lang.Object

org.owasp.validator.css.CssScanner

public class CssScanner
extends Object

Encapsulates the parsing and validation of a CSS stylesheet or inline declaration. To make use of this class, instantiate the scanner with the desired policy and call either scanInlineSheet() or scanStyleSheet as appropriate.

Author:

Jason Li

See Also:

scanInlineStyle(String, String, int), scanStyleSheet(String, int)

Field Summary

Fields

Modifier and Type	Field and Description
protected static int	DEFAULT_TIMEOUT

Constructor Summary

Constructors

Constructor and Description
CssScanner(InternalPolicy policy, ResourceBundle messages) Constructs a scanner based on the given policy.
CssScanner(InternalPolicy policy, ResourceBundle messages, boolean shouldParseImportedStyles) Constructs a scanner based on the given policy.

Method Summary

Modifier and Type	Method and Description
CleanResults	scanInlineStyle(String taintedCss, String tagName, int sizeLimit) Scans the contents of an inline style declaration (ex.
CleanResults	scanStyleSheet(String taintedCss, int sizeLimit) Scans the contents of a full stylesheet (ex.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_TIMEOUT

protected static final int DEFAULT_TIMEOUT

See Also:

Constant Field Values

Constructor Detail

CssScanner

public CssScanner(InternalPolicy policy,
                  ResourceBundle messages)

Constructs a scanner based on the given policy. This version of the constructor defaults shouldParseImportedStyles to false. Look at the other constructor for a description of that parameter.

Parameters:

policy - the policy to follow when scanning

messages - the error message bundle to pull from

CssScanner

public CssScanner(InternalPolicy policy,
                  ResourceBundle messages,
                  boolean shouldParseImportedStyles)

Constructs a scanner based on the given policy.

Parameters:

policy - the policy to follow when scanning

messages - the error message bundle to pull from

shouldParseImportedStyles - Flag to indicate if styles within @import directives should be imported and parsed in the resulting style sheet. This boolean determines if URLs should be recognized when parsing styles (i.e., to fetch them or ignore them).

Method Detail

scanStyleSheet

public CleanResults scanStyleSheet(String taintedCss,
                                   int sizeLimit)
                            throws ScanException

Scans the contents of a full stylesheet (ex. a file based stylesheet or the complete stylesheet contents as declared within <style> tags)

Parameters:

taintedCss - a String containing the contents of the CSS stylesheet to validate

sizeLimit - the limit on the total size in bytes of any imported stylesheets

Returns:

a CleanResuts object containing the results of the scan

Throws:

ScanException - if an error occurs during scanning

scanInlineStyle

public CleanResults scanInlineStyle(String taintedCss,
                                    String tagName,
                                    int sizeLimit)
                             throws ScanException

Scans the contents of an inline style declaration (ex. in the style attribute of an HTML tag) and validates the style sheet according to this CssScanner's policy file.

Parameters:

taintedCss - a String containing the contents of the CSS stylesheet to validate

tagName - the name of the tag for which this inline style was declared

sizeLimit - the limit on the total size in bites of any imported stylesheets

Returns:

a CleanResuts object containing the results of the scan

Throws:

ScanException - if an error occurs during scanning