001: /*
002: * Copyright (c) 1998-2003 Caucho Technology -- all rights reserved
003: *
004: * This file is part of Resin(R) Open Source
005: *
006: * Each copy or derived work must preserve the copyright notice and this
007: * notice unmodified.
008: *
009: * Resin Open Source is free software; you can redistribute it and/or modify
010: * it under the terms of the GNU General Public License as published by
011: * the Free Software Foundation; either version 2 of the License, or
012: * (at your option) any later version.
013: *
014: * Resin Open Source is distributed in the hope that it will be useful,
015: * but WITHOUT ANY WARRANTY; without even the implied warranty of
016: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
017: * of NON-INFRINGEMENT. See the GNU General Public License for more
018: * details.
019: *
020: * You should have received a copy of the GNU General Public License
021: * along with Resin Open Source; if not, write to the
022: * Free SoftwareFoundation, Inc.
023: * 59 Temple Place, Suite 330
024: * Boston, MA 02111-1307 USA
025: *
026: * @author Scott Ferguson
027: */
028:
029: package javax.servlet.jsp.jstl.tlv;
030:
031: import java.io.*;
032: import java.util.*;
033: import javax.servlet.jsp.tagext.*;
034: import javax.xml.parsers.*;
035: import org.xml.sax.*;
036: import org.xml.sax.helpers.*;
037:
038: public class ScriptFreeTLV extends TagLibraryValidator {
039: private boolean _isAllowDeclarations;
040: private boolean _isAllowScriptlets;
041: private boolean _isAllowExpressions;
042: private boolean _isAllowRTExpressions;
043:
044: public ValidationMessage[] validate(String prefix, String uri,
045: PageData data) {
046: Map init = getInitParameters();
047:
048: _isAllowDeclarations = "true".equals(init
049: .get("allowDeclarations"));
050: _isAllowScriptlets = "true".equals(init.get("allowScriptlets"));
051: _isAllowExpressions = "true".equals(init
052: .get("allowExpressions"));
053: _isAllowRTExpressions = "true".equals(init
054: .get("allowRTExpressions"));
055:
056: try {
057: InputStream is = data.getInputStream();
058:
059: SAXParserFactory factory = SAXParserFactory.newInstance();
060: SAXParser parser = factory.newSAXParser();
061:
062: DefaultHandler handler = new Handler();
063:
064: parser.parse(is, handler);
065: } catch (Exception e) {
066: return new ValidationMessage[] { new ValidationMessage("",
067: e.getMessage()) };
068: }
069:
070: return null;
071: }
072:
073: private class Handler extends DefaultHandler {
074: public void startElement(String uri, String localName,
075: String qName, Attributes attributes)
076: throws SAXException {
077: boolean isValid = true;
078:
079: if ("jsp:expression".equals(qName))
080: isValid = _isAllowExpressions;
081: else if ("jsp:declaration".equals(qName))
082: isValid = _isAllowDeclarations;
083: else if ("jsp:scriptlet".equals(qName))
084: isValid = _isAllowScriptlets;
085:
086: if (!isValid)
087: throw new SAXException(qName
088: + " is not allowed in a script-free JSP page");
089:
090: if (!_isAllowRTExpressions && attributes != null) {
091: for (int i = 0; i < attributes.getLength(); i++) {
092: String value = attributes.getValue(i);
093:
094: if (value != null && value.indexOf("<%=") >= 0)
095: throw new SAXException(
096: "Runtime expression "
097: + value
098: + " is not allowed in a script-free JSP page");
099:
100: }
101: }
102: }
103: }
104: }
|