Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.owasp.esapi.codecs
Class JavaScriptCodec

java.lang.Object
  extended by org.owasp.esapi.codecs.Codec
      extended by org.owasp.esapi.codecs.JavaScriptCodec

public class JavaScriptCodec
extends Codec

Implementation of the Codec interface for backslash encoding in JavaScript.

Since:
June 1, 2007
Author:
Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
See Also:
Encoder

Constructor Summary
JavaScriptCodec()
           
 
Method Summary
 java.lang.Character decodeCharacter(PushbackString input)
          Returns the decoded version of the next character from the input string and advances the current character in the PushbackString.
 java.lang.String encodeCharacter(char[] immune, java.lang.Character c)
          Default implementation that should be overridden in specific codecs.
 
Methods inherited from class org.owasp.esapi.codecs.Codec
containsCharacter, decode, encode, getHexForNonAlphanumeric, toHex, toOctal
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JavaScriptCodec

public JavaScriptCodec()
Method Detail

encodeCharacter

public java.lang.String encodeCharacter(char[] immune,
                                        java.lang.Character c)
Default implementation that should be overridden in specific codecs. Returns backslash encoded numeric format. Does not use backslash character escapes such as, \" or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a \" that will close the entire attribute and allow an attacker to inject another script attribute.

Overrides:
encodeCharacter in class Codec
Parameters:
immune -
c - the Character to encode
Returns:
the encoded Character

decodeCharacter

public java.lang.Character decodeCharacter(PushbackString input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackString. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. See http://www.planetpdf.com/codecuts/pdfs/tutorial/jsspec.pdf Formats all are legal both upper/lower case: \\a - special characters \\xHH \\uHHHH \\OOO (1, 2, or 3 digits)

Overrides:
decodeCharacter in class Codec
Parameters:
input - the Character to decode
Returns:
the decoded Character
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 The Open Web Application Security Project (OWASP). All Rights Reserved.