Class DefaultXSSFilterConfig
java.lang.Object
de.hybris.platform.servicelayer.web.DefaultXSSFilterConfig
- All Implemented Interfaces:
XSSFilter.XSSFilterConfig
Default
XSSFilter.XSSFilterConfig implementation backed by the platform ConfigIntf.
Please note that this requires a running platform to use.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionThe action to be performed whenever a value is encountered which matches a filtering pattern.In addition to matching patterns this method allows to specify a map of response headers to be injected into each response.RegExp patterns that host header whitelist is made of.All regExp patterns to scan for.booleanEnables/disables XSS logic.voidregisterForConfigChanges(XSSFilter toUpdateOnConfigChange) Called by the filter in case it wants to be notified on configuration changes ( any property matchingXSSFilter.CONFIG_RULE_PREFIX_REGEXP).booleanEnables sorting rules by their names in alphabetical order.voidCalled by the filter when it does no longer wants to be notified about configuration changes.
-
Constructor Details
-
DefaultXSSFilterConfig
public DefaultXSSFilterConfig(javax.servlet.FilterConfig filterConfig)
-
-
Method Details
-
registerForConfigChanges
Description copied from interface:XSSFilter.XSSFilterConfigCalled by the filter in case it wants to be notified on configuration changes ( any property matchingXSSFilter.CONFIG_RULE_PREFIX_REGEXP). Each time this happensXSSFilter.reloadOnConfigChange()is being called.- Specified by:
registerForConfigChangesin interfaceXSSFilter.XSSFilterConfig
-
unregisterConfigChangeListener
public void unregisterConfigChangeListener()Description copied from interface:XSSFilter.XSSFilterConfigCalled by the filter when it does no longer wants to be notified about configuration changes.- Specified by:
unregisterConfigChangeListenerin interfaceXSSFilter.XSSFilterConfig
-
isEnabled
public boolean isEnabled()Description copied from interface:XSSFilter.XSSFilterConfigEnables/disables XSS logic. When switched off the filter should have no effect.- Specified by:
isEnabledin interfaceXSSFilter.XSSFilterConfig
-
sortRules
public boolean sortRules()Description copied from interface:XSSFilter.XSSFilterConfigEnables sorting rules by their names in alphabetical order. This way the order or rules can be guaranteed.- Specified by:
sortRulesin interfaceXSSFilter.XSSFilterConfig
-
getActionOnMatch
Description copied from interface:XSSFilter.XSSFilterConfigThe action to be performed whenever a value is encountered which matches a filtering pattern. Default should beXSSMatchAction.STRIP.- Specified by:
getActionOnMatchin interfaceXSSFilter.XSSFilterConfig
-
getPatternDefinitions
Description copied from interface:XSSFilter.XSSFilterConfigAll regExp patterns to scan for. Note that the map keys just represent pattern names used for information purposes (e.g. when the pattern doesn't compile).- Specified by:
getPatternDefinitionsin interfaceXSSFilter.XSSFilterConfig
-
getHeadersToInject
Description copied from interface:XSSFilter.XSSFilterConfigIn addition to matching patterns this method allows to specify a map of response headers to be injected into each response.- Specified by:
getHeadersToInjectin interfaceXSSFilter.XSSFilterConfig
-
getHostHeaderWhiteList
Description copied from interface:XSSFilter.XSSFilterConfigRegExp patterns that host header whitelist is made of.- Specified by:
getHostHeaderWhiteListin interfaceXSSFilter.XSSFilterConfig
-