XMLEntityCodec (ESAPI 2.0.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.codecs
Class XMLEntityCodec

java.lang.Object
  org.owasp.esapi.codecs.Codec
      org.owasp.esapi.codecs.XMLEntityCodec

public class XMLEntityCodec
extends Codec
extends Codec

Implementation of the Codec interface for XML entity encoding. This differes from HTML entity encoding in that only the following named entities are predefined:

lt
gt
amp
apos
quot

However, the XML Specification 1.0 states in section 4.6 "Predefined Entities" that these should still be declared for interoperability purposes. As such, encoding in this class will not use them. It's also worth noting that unlike the HTMLEntityCodec, a trailing semicolon is required and all valid codepoints are accepted. Note that it is a REALLY bad idea to use this for decoding as an XML document can declare arbitrary entities that this Codec has no way of knowing about. Decoding is included for completeness but it's use is not recommended. Use a XML parser instead!

Constructor Summary
`XMLEntityCodec()`

Method Summary
`java.lang.Character`	`decodeCharacter(PushbackString input)` Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
`java.lang.String`	`encodeCharacter(char[] immune, java.lang.Character c)` Default implementation that should be overridden in specific codecs.

Methods inherited from class org.owasp.esapi.codecs.Codec
`containsCharacter, decode, encode, getHexForNonAlphanumeric, toHex, toOctal`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

XMLEntityCodec

public XMLEntityCodec()

Method Detail

encodeCharacter

public java.lang.String encodeCharacter(char[] immune,
                                        java.lang.Character c)

Default implementation that should be overridden in specific codecs. Encodes a Character using XML entities as necessary.

Overrides:: encodeCharacter in class Codec

Parameters:: immune - characters that should not be encoded as entities; c - the Character to encode
Returns:: the encoded Character

decodeCharacter

public java.lang.Character decodeCharacter(PushbackString input)

Returns the decoded version of the next character from the input string and advances the current character in the PushbackString. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Legal formats:

&#dddd;
&#xhhhh;
&name;

Overrides:: decodeCharacter in class Codec

Parameters:: input - the Character to decode
Returns:: the decoded Character