youssefguenoun · January 30, 2013 11:58
diff --git a/gistfile1.xml b/gistfile1.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:hdiv="http://www.hdiv.org/schema/hdiv"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 		http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd">

 		<!--
 			Placer le debugMode à true pour vos devs
 			Rebasculer en mode false pour parametrer la securite (token ...)
 		-->

 	<hdiv:config
 		errorPage="web/errors/500"
 		excludedExtensions="css,png,js,jpg,gif"
 		debugMode="false"
 		avoidCookiesConfidentiality="false"
 		avoidValidationInUrlsWithoutParams="false"
 		confidentiality="true"
 		strategy="memory"
 		maxPagesPerSession="5"
 		randomName="false"
 		>

 			<hdiv:startPages>/,/web,/web/login,/web/accueil,/web/pages/scenes/ouvrage/.*,/web/rest/ouvrage/*,/web/rest/ouvrage/.*,/j_spring_security_check</hdiv:startPages>

 			<hdiv:paramsWithoutValidation>
    			<hdiv:mapping url="/web/rest/ville/search" parameters="startsWith,maxSize"/>
    			<hdiv:mapping url="/web/commande/editeur/search" parameters="startsWith,maxSize"/>
    			<hdiv:mapping url="/web/commande/panier/addOuvrage" parameters="idOuvrage,titreOuvrage"/>
    			<hdiv:mapping url="/web/commande/ouvrage/search" parameters="idEditeur"/>
 			</hdiv:paramsWithoutValidation>

 	</hdiv:config>

 	<hdiv:validation id="safeText" componentType="text">
 		<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
 		<hdiv:rejectedPattern><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></hdiv:rejectedPattern>
 	</hdiv:validation>
 	<hdiv:validation id="unsafeText" componentType="text">
 		<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
 		<hdiv:rejectedPattern><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></hdiv:rejectedPattern>
 	</hdiv:validation>
 	<hdiv:validation id="area" componentType="textarea">
 		<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
 		<hdiv:rejectedPattern><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></hdiv:rejectedPattern>
 	</hdiv:validation>

 	<hdiv:editableValidations registerDefaults="true">
 		<hdiv:validationRule url="/web/.*" enableDefaults="true">safeText</hdiv:validationRule>
 	 	<hdiv:validationRule url="/web/editeur/.*"	enableDefaults="true">area,unsafeText</hdiv:validationRule>
 	</hdiv:editableValidations>

 	<bean id="outValidation" class="org.hdiv.validator.Validation">
 		<property name="componentType">
 	 	   <value>text</value>
 		</property>
 		<property name="acceptedPattern">
 		   <value><![CDATA[^[a-zA-Z0-9@.\-_ ]*$]]></value>
 		</property>
 		<property name="rejectedPattern">
 		   <value><![CDATA[(\s|\S)*((%3C)|<)((%2F)|/)*[a-z0-9%]+((%3E)|>)(\s|\S)*]]></value>
 		</property>
   </bean>

 	<bean id="urlValidation" class="org.hdiv.validator.Validation">
 		<property name="componentType">
 	 	   <value>text</value>
 		</property>
 		<property name="acceptedPattern">
 		   <value><![CDATA[^[a-zA-Z0-9()-=*.?%;,+/:&_ ]*$]]></value>
 		</property>
 		<property name="rejectedPattern">
 		   <value><![CDATA[(onmouseover|alert)]]></value>
 		</property>
   </bean>

 	<bean id="redirectValidation" class="org.hdiv.validator.Validation">
 		<property name="componentType">
 	 	   <value>text</value>
 		</property>
 		<property name="acceptedPattern">
 		   <value><![CDATA[^[a-zA-Z0-9()-=*.?%;,+/:&_ ]*$]]></value>
 	   </property>
 		<property name="rejectedPattern">
 		   <value><![CDATA[(onmouseover|alert)]]></value>
 		</property>
   </bean>

 	<!-- TODO - affiner l'expression par Hossein -->
 	<bean id="jsonValidation" class="org.hdiv.validator.Validation">
 		<property name="componentType">
 	 	   <value>text</value>
 		</property>
 		<property name="acceptedPattern">
 		   <value><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû'@.\-_ ]*$]]></value>
 		</property>
 		<property name="rejectedPattern">
 		   <value><![CDATA[(\s|\S)*((%65)|e)(\s)*((%76)|v)(\s)*((%61)|a)(\s)*((%6C)|l)(\s|\S)*]]></value>
 		</property>
   </bean>
 </beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:hdiv="http://www.hdiv.org/schema/hdiv"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.hdiv.org/schema/hdiv http://www.hdiv.org/schema/hdiv/hdiv.xsd">

	<!--
	Placer le debugMode à true pour vos devs
	Rebasculer en mode false pour parametrer la securite (token ...)
	-->

	<hdiv:config
	errorPage="web/errors/500"
	excludedExtensions="css,png,js,jpg,gif"
	debugMode="false"
	avoidCookiesConfidentiality="false"
	avoidValidationInUrlsWithoutParams="false"
	confidentiality="true"
	strategy="memory"
	maxPagesPerSession="5"
	randomName="false"
	>

	<hdiv:startPages>/,/web,/web/login,/web/accueil,/web/pages/scenes/ouvrage/.,/web/rest/ouvrage/,/web/rest/ouvrage/.*,/j_spring_security_check</hdiv:startPages>

	<hdiv:paramsWithoutValidation>
	<hdiv:mapping url="/web/rest/ville/search" parameters="startsWith,maxSize"/>
	<hdiv:mapping url="/web/commande/editeur/search" parameters="startsWith,maxSize"/>
	<hdiv:mapping url="/web/commande/panier/addOuvrage" parameters="idOuvrage,titreOuvrage"/>
	<hdiv:mapping url="/web/commande/ouvrage/search" parameters="idEditeur"/>
	</hdiv:paramsWithoutValidation>

	</hdiv:config>

	<hdiv:validation id="safeText" componentType="text">
	<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
	<hdiv:rejectedPattern><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>
	<hdiv:validation id="unsafeText" componentType="text">
	<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
	<hdiv:rejectedPattern><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>
	<hdiv:validation id="area" componentType="textarea">
	<hdiv:acceptedPattern><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû@.\-_ ]*$]]></hdiv:acceptedPattern>
	<hdiv:rejectedPattern><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></hdiv:rejectedPattern>
	</hdiv:validation>

	<hdiv:editableValidations registerDefaults="true">
	<hdiv:validationRule url="/web/.*" enableDefaults="true">safeText</hdiv:validationRule>
	<hdiv:validationRule url="/web/editeur/.*" enableDefaults="true">area,unsafeText</hdiv:validationRule>
	</hdiv:editableValidations>

	<bean id="outValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9@.\-_ ]*$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(\s\|\S)((%3C)\|<)((%2F)\|/)[a-z0-9%]+((%3E)\|>)(\s\|\S)*]]></value>
	</property>
	</bean>

	<bean id="urlValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9()-=.?%;,+/:&_ ]$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(onmouseover\|alert)]]></value>
	</property>
	</bean>

	<bean id="redirectValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9()-=.?%;,+/:&_ ]$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(onmouseover\|alert)]]></value>
	</property>
	</bean>

	<!-- TODO - affiner l'expression par Hossein -->
	<bean id="jsonValidation" class="org.hdiv.validator.Validation">
	<property name="componentType">
	<value>text</value>
	</property>
	<property name="acceptedPattern">
	<value><![CDATA[^[a-zA-Z0-9ÀÂÇÈÉÊËÎÔÙÛàâçèéêëîôùû'@.\-_ ]*$]]></value>
	</property>
	<property name="rejectedPattern">
	<value><![CDATA[(\s\|\S)((%65)\|e)(\s)((%76)\|v)(\s)((%61)\|a)(\s)((%6C)\|l)(\s\|\S)*]]></value>
	</property>
	</bean>
	</beans>