Interface XSSFilter.XSSFilterConfig

All Known Implementing Classes:
DefaultXSSFilterConfig
Enclosing class:
XSSFilter

public static interface XSSFilter.XSSFilterConfig
Interface to inject configuration parameters into XSSFilter without exposing the actual implementation of how these parameters are obtained.
  • Method Details

    • isEnabled

      boolean isEnabled()
      Enables/disables XSS logic. When switched off the filter should have no effect.
    • sortRules

      default boolean sortRules()
      Enables sorting rules by their names in alphabetical order. This way the order or rules can be guaranteed.
    • getActionOnMatch

      XSSMatchAction getActionOnMatch()
      The action to be performed whenever a value is encountered which matches a filtering pattern. Default should be XSSMatchAction.STRIP.
    • getPatternDefinitions

      Map<String,String> getPatternDefinitions()
      All regExp patterns to scan for. Note that the map keys just represent pattern names used for information purposes (e.g. when the pattern doesn't compile).
    • getHeadersToInject

      Map<String,String> getHeadersToInject()
      In addition to matching patterns this method allows to specify a map of response headers to be injected into each response.
    • getHostHeaderWhiteList

      Map<String,String> getHostHeaderWhiteList()
      RegExp patterns that host header whitelist is made of.
    • registerForConfigChanges

      void registerForConfigChanges(XSSFilter toUpdateOnConfigChange)
      Called by the filter in case it wants to be notified on configuration changes ( any property matching XSSFilter.CONFIG_RULE_PREFIX_REGEXP ). Each time this happens XSSFilter.reloadOnConfigChange() is being called.
    • unregisterConfigChangeListener

      void unregisterConfigChangeListener()
      Called by the filter when it does no longer wants to be notified about configuration changes.