forked from danieldbower/grails-sanitizer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SanitizerGrailsPlugin.groovy
48 lines (41 loc) · 2.05 KB
/
SanitizerGrailsPlugin.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import org.codehaus.groovy.grails.validation.ApplicationContextAwareConstraintFactory
import org.codehaus.groovy.grails.validation.ConstrainedProperty
import org.grails.plugins.sanitizer.MarkupConstraint
import org.grails.plugins.sanitizer.MarkupSanitizerService
import org.springframework.core.io.ClassPathResource
class SanitizerGrailsPlugin {
def version = "0.12.0"
def grailsVersion = "2.4.0 > *"
def author = "Daniel Bower"
def authorEmail = "[email protected]"
def title = "Grails Markup Sanitizer Plugin"
def description = '''\
Plugin for Sanitizing Markup(HTML, XHTML, CSS) using OWASP AntiSamy.
Filters malicious content from User generated content (such as that entered through Rich Text boxes).
Features -
* Constraint "markup"
- can be added to domain/command classes to validate that a string is valid and safe markup
- important note: The constraint is for validation only, it does not sanitize the string
* Encoding-only Codec "myText.encodeAsSanitizedMarkup()"
- use the codec or the service to sanitize the string
- (the codec uses the service, too)
* MarkupSanitizerService
- use the codec or the service to sanitize the string
- access in your controllers/services via
def markupSanitizerService
- method MarkupSanitizerResult sanitize(String dirtyString)
- effectively a singleton, which means the ruleset only needs to be read once on startup
This module does not sanitize a string that does not contain valid markup. If it does not contain
valid markup, it will simply return an empty string.
'''
def documentation = "http://grails.org/plugin/sanitizer"
def doWithSpring = {
policyFileResource(ClassPathResource, application.config.sanitizer.config?:'does not exist')
markupSanitizerService(MarkupSanitizerService, ref('policyFileResource'))
}
def doWithApplicationContext = { applicationContext ->
def factory = new ApplicationContextAwareConstraintFactory(
applicationContext, MarkupConstraint, ["markupSanitizerService"])
ConstrainedProperty.registerNewConstraint(MarkupConstraint.MARKUP_CONSTRAINT, factory)
}
}