Class XssFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.broadleafcommerce.common.web.filter.AbstractIgnorableOncePerRequestFilter
org.broadleafcommerce.core.web.security.XssFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.springframework.beans.factory.Aware,org.springframework.beans.factory.BeanNameAware,org.springframework.beans.factory.DisposableBean,org.springframework.beans.factory.InitializingBean,org.springframework.context.EnvironmentAware,org.springframework.core.env.EnvironmentCapable,org.springframework.core.Ordered,org.springframework.web.context.ServletContextAware
@ConditionalOnNotAdmin
@Component("blXssFilter")
public class XssFilter
extends org.broadleafcommerce.common.web.filter.AbstractIgnorableOncePerRequestFilter
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected org.springframework.core.env.Environmentprotected booleanprotected String[]protected String[]Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.springframework.web.filter.GenericFilterBean
loggerFields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()protected voiddoFilterInternalUnlessIgnored(jakarta.servlet.http.HttpServletRequest httpServletRequest, jakarta.servlet.http.HttpServletResponse httpServletResponse, jakarta.servlet.FilterChain filterChain) intgetOrder()voidinit()protected booleanisWhiteListUrl(String requestURI) protected XssRequestWrapperwrapRequest(jakarta.servlet.http.HttpServletRequest httpServletRequest) Methods inherited from class org.broadleafcommerce.common.web.filter.AbstractIgnorableOncePerRequestFilter
doFilterInternal, isIgnoredMethods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Field Details
-
environment
@Autowired protected org.springframework.core.env.Environment environment -
siteXssWrapperEnabled
@Value("${blc.site.enable.xssWrapper:false}") protected boolean siteXssWrapperEnabled -
whiteListUris
-
whiteListParamNames
-
-
Constructor Details
-
XssFilter
public XssFilter()
-
-
Method Details
-
destroy
public void destroy()- Specified by:
destroyin interfaceorg.springframework.beans.factory.DisposableBean- Specified by:
destroyin interfacejakarta.servlet.Filter- Overrides:
destroyin classorg.springframework.web.filter.GenericFilterBean
-
init
@PostConstruct public void init() -
doFilterInternalUnlessIgnored
protected void doFilterInternalUnlessIgnored(jakarta.servlet.http.HttpServletRequest httpServletRequest, jakarta.servlet.http.HttpServletResponse httpServletResponse, jakarta.servlet.FilterChain filterChain) throws IOException, jakarta.servlet.ServletException - Specified by:
doFilterInternalUnlessIgnoredin classorg.broadleafcommerce.common.web.filter.AbstractIgnorableOncePerRequestFilter- Throws:
IOExceptionjakarta.servlet.ServletException
-
wrapRequest
-
isWhiteListUrl
-
getOrder
public int getOrder()
-