CppCMS
xss.h
1 //
3 // Copyright (C) 2008-2012 Artyom Beilis (Tonkikh) <artyomtnk@yahoo.com>
4 //
5 // See accompanying file COPYING.TXT file for licensing details.
6 //
8 #ifndef CPPCMS_XSS_H
9 #define CPPCMS_XSS_H
10 
11 #include <booster/copy_ptr.h>
12 #include <booster/regex.h>
13 #include <booster/function.h>
14 #include <cppcms/defs.h>
15 
16 #include <string.h>
17 #include <string>
18 #include <algorithm>
19 
20 namespace cppcms {
21  namespace json {
22  class value;
23  }
30  namespace xss {
31 
33  namespace details {
34  class c_string;
35  }
36  struct basic_rules_holder;
37 
39 
90  class CPPCMS_API rules {
91  public:
92  rules();
93  rules(rules const &);
94  rules(rules &&);
95  rules const &operator=(rules const &);
96  rules &operator=(rules &&);
97  ~rules();
98 
183  rules(json::value const &r);
184 
190  rules(std::string const &file_name);
191 
195  typedef enum {
197  html_input
198  } html_type;
199 
203  typedef enum {
204  invalid_tag = 0,
205  opening_and_closing = 1,
206  stand_alone = 2,
207  any_tag = 3,
208  } tag_type;
209 
213  html_type html() const;
218  void html(html_type t);
219 
226  void add_tag(std::string const &name,tag_type = any_tag);
227 
231  void add_entity(std::string const &name);
232 
233 
237  bool numeric_entities_allowed() const;
238 
242  void numeric_entities_allowed(bool v);
243 
247  typedef booster::function<bool(char const *begin,char const *end)> validator_type;
248 
256  void add_boolean_property(std::string const &tag_name,std::string const &property);
260  void add_property(std::string const &tag_name,std::string const &property,validator_type const &val);
264  void add_property(std::string const &tag_name,std::string const &property,booster::regex const &r);
269  void add_integer_property(std::string const &tag_name,std::string const &property);
270 
278  void add_uri_property(std::string const &tag_name,std::string const &property);
286  void add_uri_property(std::string const &tag_name,std::string const &property,std::string const &schema);
287 
296  CPPCMS_DEPRECATED static booster::regex uri_matcher();
311  CPPCMS_DEPRECATED static booster::regex uri_matcher(std::string const &schema);
312 
319  static validator_type uri_validator();
335  static validator_type uri_validator(std::string const &scheme,bool absolute_only = false);
336 
341  static validator_type relative_uri_validator();
342 
346  bool comments_allowed() const;
350  void comments_allowed(bool comments);
351 
367  void encoding(std::string const &enc);
368 
369 
371 
376  tag_type valid_tag(details::c_string const &tag) const;
377 
382  bool valid_boolean_property(details::c_string const &tag,details::c_string const &property) const;
388  bool valid_property(details::c_string const &tag,details::c_string const &property,details::c_string const &value) const;
389 
393  bool valid_entity(details::c_string const &val) const;
394 
399  std::string encoding() const;
400 
402 
403 
404  private:
405  basic_rules_holder &impl();
406  basic_rules_holder const &impl() const;
407 
408  struct data;
410 
411  };
412 
416  typedef enum {
420 
427  CPPCMS_API bool validate(char const *begin,char const *end,rules const &r);
435  CPPCMS_API bool validate_and_filter_if_invalid( char const *begin,
436  char const *end,
437  rules const &r,
438  std::string &filtered,
439  filtering_method_type method=remove_invalid,
440  char replacement_char = 0);
441 
446  CPPCMS_API std::string filter(char const *begin,
447  char const *end,
448  rules const &r,
449  filtering_method_type method=remove_invalid,
450  char replacement_char = 0);
454  CPPCMS_API std::string filter(std::string const &input,
455  rules const &r,
456  filtering_method_type method=remove_invalid,
457  char replacement_char = 0);
458 
459  } // xss
460 }
461 #endif
This is a simple wrapper of PCRE library.
Definition: perl_regex.h:35
This class is central representation of json objects.
Definition: json.h:140
CPPCMS_API std::string filter(char const *begin, char const *end, rules const &r, filtering_method_type method=remove_invalid, char replacement_char=0)
Filter the input in range [begin, end) according to the rules r using filtering method method...
tag_type
Definition: xss.h:203
CPPCMS_API bool validate(char const *begin, char const *end, rules const &r)
Check the input in range [begin, end) according to the rules r.
This is the namespace where all CppCMS functionality is placed.
Definition: application.h:19
The class that holds XSS filter rules.
Definition: xss.h:90
booster::function< bool(char const *begin, char const *end)> validator_type
Definition: xss.h:247
filtering_method_type
The enumerator that defines filtering invalid HTML method.
Definition: xss.h:416
CPPCMS_API bool validate_and_filter_if_invalid(char const *begin, char const *end, rules const &r, std::string &filtered, filtering_method_type method=remove_invalid, char replacement_char=0)
Validate the input in range [begin, end) according to the rules r and if it is not valid filter it an...
html_type
Definition: xss.h:195
Assume that the input is XHTML.
Definition: xss.h:196
Remove all invalid HTML form the input.
Definition: xss.h:417
Escape (convert to text) all invalid HTML in the input.
Definition: xss.h:418