org.owasp.esapi.reference.validation
Class HTMLValidationRule

java.lang.Object
  extended by org.owasp.esapi.reference.validation.BaseValidationRule
      extended by org.owasp.esapi.reference.validation.StringValidationRule
          extended by org.owasp.esapi.reference.validation.HTMLValidationRule
All Implemented Interfaces:
ValidationRule

public class HTMLValidationRule
extends StringValidationRule

A validator performs syntax and possibly semantic validation of a single piece of data from an untrusted source.

Since:
June 1, 2007
Author:
Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
See Also:
Validator

Field Summary
 
Fields inherited from class org.owasp.esapi.reference.validation.StringValidationRule
blacklistPatterns, maxLength, minLength, validateInputAndCanonical, whitelistPatterns
 
Fields inherited from class org.owasp.esapi.reference.validation.BaseValidationRule
allowNull, encoder
 
Constructor Summary
HTMLValidationRule(java.lang.String typeName)
           
HTMLValidationRule(java.lang.String typeName, Encoder encoder)
           
HTMLValidationRule(java.lang.String typeName, Encoder encoder, java.lang.String whitelistPattern)
           
 
Method Summary
 java.lang.String getValid(java.lang.String context, java.lang.String input)
          Parse the input, throw exceptions if validation fails
 java.lang.String sanitize(java.lang.String context, java.lang.String input)
          The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care).
 
Methods inherited from class org.owasp.esapi.reference.validation.StringValidationRule
addBlacklistPattern, addBlacklistPattern, addWhitelistPattern, addWhitelistPattern, setMaximumLength, setMinimumLength, setValidateInputAndCanonical
 
Methods inherited from class org.owasp.esapi.reference.validation.BaseValidationRule
assertValid, charArrayToSet, getEncoder, getSafe, getTypeName, getValid, isAllowNull, isValid, setAllowNull, setEncoder, setTypeName, whitelist, whitelist
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

HTMLValidationRule

public HTMLValidationRule(java.lang.String typeName)

HTMLValidationRule

public HTMLValidationRule(java.lang.String typeName,
                          Encoder encoder)

HTMLValidationRule

public HTMLValidationRule(java.lang.String typeName,
                          Encoder encoder,
                          java.lang.String whitelistPattern)
Method Detail

getValid

public java.lang.String getValid(java.lang.String context,
                                 java.lang.String input)
                          throws ValidationException
Parse the input, throw exceptions if validation fails

Specified by:
getValid in interface ValidationRule
Overrides:
getValid in class StringValidationRule
Parameters:
context - for logging
input - the value to be parsed
Returns:
a validated value
Throws:
ValidationException - if any validation rules fail

sanitize

public java.lang.String sanitize(java.lang.String context,
                                 java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a harmless object that may or may not have any similarity to the original input (in some cases you may not care). In most cases this should be the same as the getSafe method only instead of throwing an exception, return some default value.

Overrides:
sanitize in class StringValidationRule
Returns:
a parsed version of the input or a default value.


Copyright © 2011 The Open Web Application Security Project (OWASP). All Rights Reserved.