public class HTMLEscapingAggregationState extends AggregationState
AggregationState
created in order to escape all output to rendering.
See info.magnolia.rendering.renderer.AbstractRenderer#getAggregationStateSafely
.
Should you need the raw output, it can still be accessed from a template, with, for instance:
${state.unwrap().originalURI}
. However, be warned that this may expose your webapp to XSS attacks.
This class belongs to Magnolia's "private" API and it should NOT be extended/overridden, even though it is not marked as final.
Its API and/or implementation may change without notice. The class may also be removed altogether without notice.
Modifier | Constructor and Description |
---|---|
protected |
HTMLEscapingAggregationState(javax.inject.Provider<AggregationState> aggregationStateProvider) |
Modifier and Type | Method and Description |
---|---|
Channel |
getChannel() |
String |
getCharacterEncoding() |
javax.jcr.Node |
getCurrentContentNode() |
String |
getCurrentURI() |
String |
getExtension() |
File |
getFile() |
String |
getHandle() |
Locale |
getLocale()
If the aggregation state local is not set explicitly the contexts locale is returned.
|
javax.jcr.Node |
getMainContentNode() |
String |
getOriginalBrowserURI() |
String |
getOriginalBrowserURL() |
String |
getOriginalURI()
Returns the original request URI, decoded and without the context path.
|
String |
getOriginalURL() |
String |
getQueryString()
Returns the original request query string.
|
String |
getRepository() |
String |
getSelector()
A selector is the part between the first
SelectorUtil.SELECTOR_DELIMITER and the extension of an URI. |
String[] |
getSelectors() |
String |
getTemplateName() |
String |
getUriPrefix() |
boolean |
isPreviewMode() |
void |
setChannel(Channel channel) |
void |
setCharacterEncoding(String characterEncoding) |
void |
setCurrentContentNode(javax.jcr.Node currentContentNode) |
void |
setCurrentURI(String currentURI) |
void |
setExtension(String extension) |
void |
setFile(File file) |
void |
setHandle(String handle) |
void |
setLocale(Locale locale) |
void |
setMainContentNode(javax.jcr.Node mainContentNode) |
void |
setOriginalBrowserURI(String originalBrowserURI) |
void |
setOriginalBrowserURL(String originalBrowserURL) |
void |
setOriginalURI(String originalURI) |
void |
setOriginalURL(String originalURL) |
void |
setPreviewMode(boolean previewMode) |
void |
setQueryString(String queryString) |
void |
setRepository(String repository) |
void |
setSelector(String selector)
Warning - this might change in the future - see MAGNOLIA-2343 for details.
The provided selector value is decoded upon settings according to rules described in
URLDecoder.decode(java.lang.String, java.lang.String) |
void |
setTemplateName(String templateName) |
void |
setUriPrefix(String uriPrefix) |
protected String |
stripContextPathIfExists(String uri)
WARNING: If passing URI without context path but it starts with same text as the context path it will be stripped off as well!!!
|
AggregationState |
unwrap()
WARNING: doing for instance ${state.unwrap()} in a template and then calling any method on the raw
{@link AggregationState} will disable automatic HTML escaping provided by this wrapper thus potentially exposing
your webapp to XSS attacks.
|
resetURIs
@Inject protected HTMLEscapingAggregationState(javax.inject.Provider<AggregationState> aggregationStateProvider)
public AggregationState unwrap()
AggregationState
object.public String getCurrentURI()
getCurrentURI
in class AggregationState
public String getOriginalURI()
AggregationState
getOriginalURI
in class AggregationState
public String getOriginalURL()
getOriginalURL
in class AggregationState
public String getQueryString()
AggregationState
getQueryString
in class AggregationState
public String getCharacterEncoding()
getCharacterEncoding
in class AggregationState
public String getOriginalBrowserURI()
getOriginalBrowserURI
in class AggregationState
public String getOriginalBrowserURL()
getOriginalBrowserURL
in class AggregationState
public String getExtension()
getExtension
in class AggregationState
public String getUriPrefix()
getUriPrefix
in class AggregationState
public String getHandle()
getHandle
in class AggregationState
public String getRepository()
getRepository
in class AggregationState
public String getSelector()
AggregationState
SelectorUtil.SELECTOR_DELIMITER
and the extension of an URI.
I.e. given a URI like http://myserver/mypage~x~foo=bar~.html
the entire selector is ~x~foo=bar~
. A selector can be split in turn into several
selectors separated from each other by the SelectorUtil.SELECTOR_DELIMITER
. In the above example, single selectors are x and foo=bar.
The latter is a name=value
selector which is set in the MgnlContext as an attribute with scope Context.LOCAL_SCOPE
. You can retrieve its value via MgnlContext.getAttribute("foo")
.
You can get and iterate over a full selector with the AggregationState.getSelectors()
method.
Warning - this might change in the future - see MAGNOLIA-2343 for details.
getSelector
in class AggregationState
public String getTemplateName()
getTemplateName
in class AggregationState
protected String stripContextPathIfExists(String uri)
AggregationState
stripContextPathIfExists
in class AggregationState
uri
- with contextPath (maybe)public String[] getSelectors()
getSelectors
in class AggregationState
http://www.magnolia-cms.com/node~value1~value2~.html?someparam=booo
, the entire selector is ~value1~value2~
, whereas the
single selectors are value1
and value2
. Selectors are delimited by SelectorUtil.SELECTOR_DELIMITER
.
Warning - this might change in the future - see MAGNOLIA-2343 for details.
public void setOriginalURI(String originalURI)
setOriginalURI
in class AggregationState
public void setOriginalBrowserURI(String originalBrowserURI)
setOriginalBrowserURI
in class AggregationState
public void setCurrentURI(String currentURI)
setCurrentURI
in class AggregationState
public void setQueryString(String queryString)
setQueryString
in class AggregationState
public void setOriginalURL(String originalURL)
setOriginalURL
in class AggregationState
public void setOriginalBrowserURL(String originalBrowserURL)
setOriginalBrowserURL
in class AggregationState
public void setCharacterEncoding(String characterEncoding)
setCharacterEncoding
in class AggregationState
public void setExtension(String extension)
setExtension
in class AggregationState
public void setFile(File file)
setFile
in class AggregationState
public void setUriPrefix(String uriPrefix)
setUriPrefix
in class AggregationState
public void setHandle(String handle)
setHandle
in class AggregationState
public void setMainContentNode(javax.jcr.Node mainContentNode)
setMainContentNode
in class AggregationState
public void setRepository(String repository)
setRepository
in class AggregationState
public void setSelector(String selector)
AggregationState
URLDecoder.decode(java.lang.String, java.lang.String)
setSelector
in class AggregationState
public void setTemplateName(String templateName)
setTemplateName
in class AggregationState
public void setLocale(Locale locale)
setLocale
in class AggregationState
locale
- The aggregation state level locale, i.e. the locale that should be used for contentspublic void setPreviewMode(boolean previewMode)
setPreviewMode
in class AggregationState
public void setChannel(Channel channel)
setChannel
in class AggregationState
public void setCurrentContentNode(javax.jcr.Node currentContentNode)
setCurrentContentNode
in class AggregationState
public File getFile()
getFile
in class AggregationState
public javax.jcr.Node getMainContentNode()
getMainContentNode
in class AggregationState
public javax.jcr.Node getCurrentContentNode()
getCurrentContentNode
in class AggregationState
public Locale getLocale()
AggregationState
getLocale
in class AggregationState
public boolean isPreviewMode()
isPreviewMode
in class AggregationState
public Channel getChannel()
getChannel
in class AggregationState
Copyright © 2003–2018 Magnolia International Ltd.. All rights reserved.