Class ScriptFreeTLV.MyContentHandler

  • All Implemented Interfaces:
    org.xml.sax.ContentHandler, org.xml.sax.DTDHandler, org.xml.sax.EntityResolver, org.xml.sax.ErrorHandler
    Enclosing class:
    ScriptFreeTLV

    private class ScriptFreeTLV.MyContentHandler
    extends org.xml.sax.helpers.DefaultHandler
    Handler for SAX events. Four counters are provided as instance variables, for counting occurrences of prohibited scripting elements.
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private MyContentHandler()  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private void countRTExpressions​(org.xml.sax.Attributes atts)
      Auxiliary method for checking attribute values to see if are specified via request-time attribute values.
      javax.servlet.jsp.tagext.ValidationMessage[] reportResults()
      Constructs a String reporting the number(s) of prohibited scripting elements that were detected, if any.
      void startElement​(java.lang.String namespaceUri, java.lang.String localName, java.lang.String qualifiedName, org.xml.sax.Attributes atts)
      This event is received whenever a new element is encountered.
      • Methods inherited from class org.xml.sax.helpers.DefaultHandler

        characters, endDocument, endElement, endPrefixMapping, error, fatalError, ignorableWhitespace, notationDecl, processingInstruction, resolveEntity, setDocumentLocator, skippedEntity, startDocument, startPrefixMapping, unparsedEntityDecl, warning
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • declarationCount

        private int declarationCount
      • scriptletCount

        private int scriptletCount
      • expressionCount

        private int expressionCount
      • rtExpressionCount

        private int rtExpressionCount
    • Constructor Detail

      • MyContentHandler

        private MyContentHandler()
    • Method Detail

      • startElement

        public void startElement​(java.lang.String namespaceUri,
                                 java.lang.String localName,
                                 java.lang.String qualifiedName,
                                 org.xml.sax.Attributes atts)
        This event is received whenever a new element is encountered. The qualified name of each such element is compared against the names of any prohibited scripting elements. When found, the corresponding counter is incremented. If expressions representing request-time attribute values are prohibited, it is also necessary to check the values of all attributes specified by the element. (Trying to figure out which attributes actually support request-time attribute values and checking only those is far more trouble than it's worth.)
        Specified by:
        startElement in interface org.xml.sax.ContentHandler
        Overrides:
        startElement in class org.xml.sax.helpers.DefaultHandler
      • countRTExpressions

        private void countRTExpressions​(org.xml.sax.Attributes atts)
        Auxiliary method for checking attribute values to see if are specified via request-time attribute values. Expressions representing request-time attribute values are recognized by their "%=" and "%" delimiters. When found, the corresponding counter is incremented.
      • reportResults

        public javax.servlet.jsp.tagext.ValidationMessage[] reportResults()
        Constructs a String reporting the number(s) of prohibited scripting elements that were detected, if any. Returns null if no violations were found, making the result of this method suitable for the return value of the TagLibraryValidator.validate() method.

        TODO: The update from 7/13/2001 merely makes this validator compliant with the new TLV API, but does not fully take advantage of this API. In the future, we should do so... but because of the possibility that anti-script checking will be incorporated into the base TLV, I've held off for now and just changed this class to use the new API. -- SB.