Class XSSUtils
- java.lang.Object
-
- org.apache.sling.testing.clients.util.XSSUtils
-
public class XSSUtils extends Object
Basic class for XSS Testing The reliability of these methods are not critical
-
-
Constructor Summary
Constructors Constructor Description XSSUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static String
encodeForHTML(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.static String
encodeForHTMLAttr(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.static String
encodeForJSString(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.static String
encodeForXML(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.static String
encodeForXMLAttr(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.static String
encodeUrl(String urlString)
Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.static String
escapeHtml(String htmlString)
Use to encapsulate old-style escaping of HTML (using StringEscapeUtils).static String
escapeXml(String xmlString)
Use to encapsulate old-style escaping of XML (with JSTL encoding rules).
-
-
-
Method Detail
-
encodeUrl
public static String encodeUrl(String urlString)
Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.- Parameters:
urlString
- the string to be encoded- Returns:
- the encoded string
-
escapeHtml
public static String escapeHtml(String htmlString)
Use to encapsulate old-style escaping of HTML (using StringEscapeUtils). NB: newer code uses XSSAPI (based on OWASP's ESAPI).- Parameters:
htmlString
- the string to be escaped- Returns:
- the escaped string
-
escapeXml
public static String escapeXml(String xmlString)
Use to encapsulate old-style escaping of XML (with JSTL encoding rules). NB: newer code uses XSSAPI (based on OWASP's ESAPI).- Parameters:
xmlString
- the string to be escaped- Returns:
- the escaped string
-
encodeForHTML
public static String encodeForHTML(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForHTMLAttr
public static String encodeForHTMLAttr(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForXML
public static String encodeForXML(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForXMLAttr
public static String encodeForXMLAttr(String source)
Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
-