FckEditorCodeCleanerImpl.java

/**
 * ESUP-Portail Helpdesk - Copyright (c) 2004-2009 ESUP-Portail consortium.
 */
package org.esupportail.helpdesk.domain;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.esupportail.commons.services.logging.Logger;
import org.esupportail.commons.services.logging.LoggerImpl;
import org.esupportail.helpdesk.domain.beans.Action;
import org.esupportail.helpdesk.domain.beans.ArchivedAction;
import org.esupportail.helpdesk.domain.beans.DeprecatedFaqContainer;
import org.esupportail.helpdesk.domain.beans.DeprecatedFaqEntry;
import org.esupportail.helpdesk.domain.beans.Faq;


/**
 * Utilities to clean the code given by FCK editor.
 */
public class FckEditorCodeCleanerImpl implements FckEditorCodeCleaner {
	
	/** A logger. */
	private final Logger logger = new LoggerImpl(getClass());

	/**
	 * Constructor.
	 */
	public FckEditorCodeCleanerImpl() {
		super();
	}

	/**
	 * Remove a malicious tag from a String (before saving to the database).
	 * @param input
	 * @param tag
	 * @return the changed String.
	 */
	protected String removeMaliciousTag(
			final String input,
			final String tag) {
		String result = input;
		String thePattern = "</?" + tag + "[\\s\\S]*?>";
		Pattern pattern = Pattern.compile(thePattern, Pattern.CASE_INSENSITIVE);
		Matcher matcher = pattern.matcher(result);
		result = matcher.replaceAll("");
		return result;
	}
	
	/**
	 * Remove malicious tags such as script or iframe from a String (before saving to the database).
	 * @param input
	 * @return null if no malicious tags were found, the changed String if found.
	 */
	protected String removeMaliciousTags(final String input) {
		if (input == null) { 
			return null;
		}
		String result = input;
		result = removeMaliciousTag(result, "script");
		result = removeMaliciousTag(result, "iframe");
		result = removeMaliciousTag(result, "html");
		result = removeMaliciousTag(result, "body");
		return result;
	}
	
	/**
	 * @see org.esupportail.helpdesk.domain.FckEditorCodeCleaner#removeMaliciousTags(
	 * org.esupportail.helpdesk.domain.beans.DeprecatedFaqContainer)
	 */
	@Override
	@SuppressWarnings("deprecation")
	@Deprecated
	public boolean removeMaliciousTags(final DeprecatedFaqContainer faqContainer) {
		if (faqContainer.getContent() == null) {
			return false;
		}
		String content = removeMaliciousTags(faqContainer.getContent());
		if (content.equals(faqContainer.getContent())) {
			return false;
		}
		logger.warn(
				"removed malicious tags from FAQ container content.\ninput:\n"
				+ faqContainer.getContent()
				+ "\noutput:\n"
				+ content);
		faqContainer.setContent(content);
		return true;
	}
	
	/**
	 * @see org.esupportail.helpdesk.domain.FckEditorCodeCleaner#removeMaliciousTags(
	 * org.esupportail.helpdesk.domain.beans.DeprecatedFaqEntry)
	 */
	@Override
	@SuppressWarnings("deprecation")
	@Deprecated
	public boolean removeMaliciousTags(final DeprecatedFaqEntry faqEntry) {
		if (faqEntry.getContent() == null) {
			return false;
		}
		String content = removeMaliciousTags(faqEntry.getContent());
		if (content.equals(faqEntry.getContent())) {
			return false;
		}
		logger.warn(
				"removed malicious tags from FAQ entry content.\ninput:\n"
				+ faqEntry.getContent()
				+ "\noutput:\n"
				+ content);
		faqEntry.setContent(content);
		return true;
	}
	
	/**
	 * @see org.esupportail.helpdesk.domain.FckEditorCodeCleaner#removeMaliciousTags(
	 * org.esupportail.helpdesk.domain.beans.Faq)
	 */
	@Override
	public boolean removeMaliciousTags(final Faq faq) {
		if (faq.getContent() == null) {
			return false;
		}
		String content = removeMaliciousTags(faq.getContent());
		if (content.equals(faq.getContent())) {
			return false;
		}
		logger.warn(
				"removed malicious tags from FAQ content.\ninput:\n"
				+ faq.getContent()
				+ "\noutput:\n"
				+ content);
		faq.setContent(content);
		return true;
	}
	
	/**
	 * @see org.esupportail.helpdesk.domain.FckEditorCodeCleaner#removeMaliciousTags(
	 * org.esupportail.helpdesk.domain.beans.Action)
	 */
	@Override
	public boolean removeMaliciousTags(final Action action) {
		if (action.getMessage() == null) {
			return false;
		}
		String message = removeMaliciousTags(action.getMessage());
		if (message.equals(action.getMessage())) {
			return false;
		}
		logger.warn(
				"removed malicious tags from action message.\ninput:\n"
				+ action.getMessage()
				+ "\noutput:\n"
				+ message);
		action.setMessage(message);
		return true;
	}
	
	/**
	 * @see org.esupportail.helpdesk.domain.FckEditorCodeCleaner#removeMaliciousTags(
	 * org.esupportail.helpdesk.domain.beans.ArchivedAction)
	 */
	@Override
	public boolean removeMaliciousTags(final ArchivedAction archivedAction) {
		if (archivedAction.getMessage() == null) {
			return false;
		}
		String message = removeMaliciousTags(archivedAction.getMessage());
		if (message.equals(archivedAction.getMessage())) {
			return false;
		}
		logger.warn(
				"removed malicious tags from archived action message.\ninput:\n"
				+ archivedAction.getMessage()
				+ "\noutput:\n"
				+ message);
		archivedAction.setMessage(message);
		return true;
	}
	
}