Coverage Report - org.seasar.teeda.core.util.JavaScriptPermissionUtil
 
Classes in this File Line Coverage Branch Coverage Complexity
JavaScriptPermissionUtil
87%
20/23
95%
19/20
4
 
 1   
 /*
 2   
  * Copyright 2004-2011 the Seasar Foundation and the Others.
 3   
  *
 4   
  * Licensed under the Apache License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  *     http://www.apache.org/licenses/LICENSE-2.0
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 13   
  * either express or implied. See the License for the specific language
 14   
  * governing permissions and limitations under the License.
 15   
  */
 16   
 package org.seasar.teeda.core.util;
 17   
 
 18   
 import javax.faces.context.FacesContext;
 19   
 import javax.faces.internal.FacesConfigOptions;
 20   
 
 21   
 import org.seasar.framework.util.StringUtil;
 22   
 
 23   
 /**
 24   
  * @author shot
 25   
  *
 26   
  */
 27   
 public class JavaScriptPermissionUtil {
 28   
 
 29   
     public static final boolean JAVASCRIPT_DEFAULT_ALLOW = true;
 30   
 
 31  0 
     private JavaScriptPermissionUtil() {
 32  0 
     }
 33   
 
 34   
     public static boolean isJavaScriptPermitted(FacesContext context) {
 35  24 
         String requestServletPath = context.getExternalContext()
 36   
                 .getRequestPathInfo();
 37  24 
         if (requestServletPath == null) {
 38  17 
             requestServletPath = context.getViewRoot().getViewId();
 39   
         }
 40  24 
         final String[] javascriptNotAllowedPath = FacesConfigOptions
 41   
                 .getJavascriptNotPermittedPath();
 42  24 
         boolean javaScriptAllowed = JAVASCRIPT_DEFAULT_ALLOW;
 43  24 
         if (javascriptNotAllowedPath == null) {
 44  16 
             return javaScriptAllowed;
 45   
         }
 46  11 
         for (int i = 0; i < javascriptNotAllowedPath.length; i++) {
 47  8 
             String notAllowedPath = adjustNotAllowedPath(javascriptNotAllowedPath[i]);
 48  8 
             if (requestServletPath != null &&
 49   
                     StringUtil.startsWith(requestServletPath, notAllowedPath) ||
 50   
                     (requestServletPath == null && notAllowedPath.equals("/"))) {
 51  5 
                 javaScriptAllowed = false;
 52  5 
                 break;
 53   
             }
 54   
         }
 55  8 
         return javaScriptAllowed;
 56   
     }
 57   
 
 58   
     private static String adjustNotAllowedPath(String path) {
 59  8 
         if (path == null) {
 60  0 
             return null;
 61   
         }
 62  8 
         String notAllowedPath = path.trim();
 63  8 
         if (!notAllowedPath.startsWith("/")) {
 64  1 
             notAllowedPath = "/" + notAllowedPath;
 65   
         }
 66  8 
         if (!notAllowedPath.endsWith("/")) {
 67  6 
             notAllowedPath = notAllowedPath + "/";
 68   
         }
 69  8 
         return notAllowedPath;
 70   
     }
 71   
 }
Report generated by Cobertura 1.9 on 11/09/19 13:14.