forked from tonyzampogna/XssSanitizer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathXssSanitizerGrailsPlugin.groovy
78 lines (63 loc) · 2.03 KB
/
XssSanitizerGrailsPlugin.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
import org.tonyzampogna.xss.sanitizer.filter.XssFilter
class XssSanitizerGrailsPlugin {
// the plugin version
def version = "0.2"
// the version or versions of Grails the plugin is designed for
def grailsVersion = "2.0 > *"
// the other plugins this plugin depends on
def dependsOn = [:]
// resources that are excluded from plugin packaging
def pluginExcludes = [
"grails-app/views/error.gsp"
]
def title = "Xss Sanitizer Plugin" // Headline display name of the plugin
def author = "Tony Zampogna"
def authorEmail = "[email protected]"
def description = '''\
Grails plugin for sanitizing XSS from the user input.
This plugin uses OWASP ESAPI library to sanitize request parameters. This reduces the risk of dangerous XSS request parameters possibly being rendered on the client.
'''
// URL to the plugin's documentation
def documentation = "http://grails.org/plugin/xss-sanitizer"
// License: one of 'APACHE', 'GPL2', 'GPL3'
def license = "APACHE"
// Any additional developers beyond the author specified above.
def developers = [ [ name: "Tony Zampogna", email: "[email protected]" ]]
// Location of the plugin's issue tracker.
def issueManagement = [ system: "JIRA", url: "http://jira.grails.org/browse/GPXSSSANITIZER" ]
// Online location of the plugin's browseable source code.
def scm = [ url: "https://github.com/tonyzampogna/XssSanitizer" ]
def doWithWebDescriptor = { xml ->
/**
* Add XssFilter
*/
def contextParam = xml.'context-param'
contextParam[contextParam.size() - 1] + {
'filter' {
'filter-name'('xssFilter')
'filter-class'(XssFilter.name)
}
}
// Add this to the beginning of the filters.
def filter = xml.'filter'
filter[filter.size() - 1] + {
'filter-mapping' {
'filter-name'('xssFilter')
'url-pattern'('/*')
}
}
//println(xml)
}
def doWithSpring = {
}
def doWithDynamicMethods = { ctx ->
}
def doWithApplicationContext = { applicationContext ->
}
def onChange = { event ->
}
def onConfigChange = { event ->
}
def onShutdown = { event ->
}
}