Implement HTML policy and enhance context management in views

Modified view component configurations and context management by implementing an HTML policy for JTE templates and shifting from componentBean to ApplicationContext. The HTML policy includes directives to prevent uppercase tags and attributes, output in tags and attributes, unquoted attributes, and invalid attribute names. This enhancement improves HTML security and code's readability. Additionally, it enables potentially better context management by using applicationContext, which allows wider scope compared with the previously used componentBean.
tschuehly · May 24, 2024 · e6b5cec · e6b5cec
1 parent 9e0a915
commit e6b5cec
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 17 deletions.
diff --git a/core/src/main/kotlin/de/tschuehly/spring/viewcomponent/core/IViewContext.kt b/core/src/main/kotlin/de/tschuehly/spring/viewcomponent/core/IViewContext.kt
@@ -1,24 +1,17 @@
 package de.tschuehly.spring.viewcomponent.core
 
 import de.tschuehly.spring.viewcomponent.core.component.ViewComponentUtils
+import org.springframework.context.ApplicationContext
 
 interface IViewContext {
     companion object {
-        var componentBean: Any? = null
+        var applicationContext: ApplicationContext? = null
         var componentTemplate: String? = null
         var jteTemplateEngine: Any? = null
         var templateSuffx: String = ""
-        fun getAttributes(context: IViewContext): Map<String, Any> {
-            return context::class.java.declaredFields.map { field ->
-                context::class.java.getDeclaredField(field.name).let {
-                    it.isAccessible = true
-                    field.name to it[context]
-                }
-            }.toMap()
-        }
 
-        fun getViewComponentName(context: IViewContext): String {
-            return ViewComponentUtils.getName(context.javaClass)
+        fun <T> server(clazz: Class<T>): T{
+            return applicationContext?.getBean(clazz) ?: throw RuntimeException(clazz.simpleName)
         }
 
         fun getViewComponentTemplate(context: IViewContext): String {

diff --git a/core/src/main/kotlin/de/tschuehly/spring/viewcomponent/core/component/ViewComponentAspect.kt b/core/src/main/kotlin/de/tschuehly/spring/viewcomponent/core/component/ViewComponentAspect.kt
@@ -6,11 +6,13 @@ import org.aspectj.lang.annotation.AfterReturning
 import org.aspectj.lang.annotation.Around
 import org.aspectj.lang.annotation.Aspect
 import org.aspectj.lang.annotation.Pointcut
+import org.springframework.context.ApplicationContext
 import org.springframework.stereotype.Component
 
 @Aspect
 @Component
-class ViewComponentAspect {
+class ViewComponentAspect(val applicationContext: ApplicationContext) {
+
     @Pointcut("@within(de.tschuehly.spring.viewcomponent.core.component.ViewComponent)")
     fun isViewComponent() {
         //
@@ -24,7 +26,7 @@ class ViewComponentAspect {
         } else {
             throw ViewComponentException("${returnValue.javaClass} needs to implement ViewContext abstract class")
         }
-        IViewContext.componentBean = joinPoint.target
+        IViewContext.applicationContext = applicationContext
         IViewContext.componentTemplate = IViewContext.getViewComponentTemplateWithoutSuffix(viewContext)
         return viewContext
     }

diff --git a/...ompiler/src/main/kotlin/de/tschuehly/spring/viewcomponent/jte/JteViewComponentCompiler.kt b/...ompiler/src/main/kotlin/de/tschuehly/spring/viewcomponent/jte/JteViewComponentCompiler.kt
@@ -3,17 +3,19 @@ package de.tschuehly.spring.viewcomponent.jte
 import gg.jte.ContentType
 import gg.jte.TemplateConfig
 import gg.jte.compiler.TemplateCompiler
+import gg.jte.html.policy.*
 import gg.jte.resolve.DirectoryCodeResolver
 import gg.jte.runtime.Constants
 import java.nio.file.Path
 
 
-class JteViewComponentCompiler() {
-    fun generate(rootDir: Path, classDirectory: List<String>,packageName: String): String {
+class JteViewComponentCompiler {
+    fun generate(rootDir: Path, classDirectory: List<String>, packageName: String): String {
         val config = TemplateConfig(
             ContentType.Html,
-            Constants.PACKAGE_NAME_PRECOMPILED + packageName
+            Constants.PACKAGE_NAME_PRECOMPILED + packageName,
         )
+        config.htmlPolicy = JtePolicy()
         config.classPath = null
         val compiler = TemplateCompiler(
             /* config = */ config,
@@ -23,4 +25,12 @@ class JteViewComponentCompiler() {
         )
         return compiler.generateAll().first()
     }
+    class JtePolicy internal constructor() : PolicyGroup() {
+        init {
+            addPolicy(PreventUppercaseTagsAndAttributes())
+            addPolicy(PreventOutputInTagsAndAttributes(false))
+            addPolicy(PreventUnquotedAttributes())
+            addPolicy(PreventInvalidAttributeNames())
+        }
+    }
 }
diff --git a/...rc/main/kotlin/de/tschuehly/spring/viewcomponent/jte/JteViewComponentAutoConfiguration.kt b/...rc/main/kotlin/de/tschuehly/spring/viewcomponent/jte/JteViewComponentAutoConfiguration.kt
@@ -5,6 +5,7 @@ import de.tschuehly.spring.viewcomponent.core.component.ViewComponentException
 import de.tschuehly.spring.viewcomponent.core.component.ViewComponentProperties
 import gg.jte.ContentType
 import gg.jte.TemplateEngine
+import gg.jte.html.policy.*
 import gg.jte.springframework.boot.autoconfigure.JteViewResolver
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.ApplicationContext
@@ -37,7 +38,7 @@ class JteViewComponentAutoConfiguration(
     @Bean
     fun jteTemplateEngine(applicationContext: ApplicationContext): TemplateEngine {
         if (viewComponentProperties.localDevelopment) {
-            return TemplateEngine.create(
+            val templateEngine = TemplateEngine.create(
                 ViewComponentCodeResolver(
                     applicationContext,
                     viewComponentProperties.jteTemplateDirectories
@@ -46,12 +47,23 @@ class JteViewComponentAutoConfiguration(
                 ContentType.Html,
                 applicationContext.classLoader
             )
+            templateEngine.setHtmlPolicy(JtePolicy())
+            return templateEngine
         }
         return TemplateEngine.createPrecompiled(
             ContentType.Html
         );
 
     }
 
+    class JtePolicy internal constructor() : PolicyGroup() {
+        init {
+            addPolicy(PreventUppercaseTagsAndAttributes())
+            addPolicy(PreventOutputInTagsAndAttributes(false))
+            addPolicy(PreventUnquotedAttributes())
+            addPolicy(PreventInvalidAttributeNames())
+        }
+    }
+
 
 }