ProtectionContext.java

/*******************************************************************************
 * Licensed to the Apache Software Foundation (ASF) under one or
 * more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to you under the
 * Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain
 * a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0 Unless required by
 * applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 ******************************************************************************/
package org.apache.sling.xss;


/**
 * This enumeration defines the context for executing XSS protection.
 * <p>
 * The specified rules refer to
 * http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
 */
public enum ProtectionContext {
    /**
     * Escape HTML for use inside element content (rules #6 and - to some degree - #1),
     * using a policy to remove potentially malicous HTML
     */
    HTML_HTML_CONTENT("htmlToHtmlContent"),

    /**
     * Escape plain text for use inside HTML content (rule #1)
     */
    PLAIN_HTML_CONTENT("plainToHtmlContent");

    /**
     * The name of the protection context
     */
    private final String name;

    private ProtectionContext(String name) {
        this.name = name;
    }

    /**
     * Gets the name of the protection context.
     *
     * @return The name of the protection context
     */
    public String getName() {
        return this.name;
    }

    /**
     * Gets a protection context from the specified name.
     *
     * @param name The name to get the protection context from
     * @return The protection context; <code>null</code> if an invalid protection context
     * has been specified
     */
    public static ProtectionContext fromName(String name) {
        ProtectionContext[] values = values();
        for (ProtectionContext contextToCheck : values) {
            if (contextToCheck.getName().equals(name)) {
                return contextToCheck;
            }
        }
        return null;
    }
}