org.owasp.esapi.codecs
Class XMLEntityCodec
java.lang.Object
org.owasp.esapi.codecs.Codec
org.owasp.esapi.codecs.XMLEntityCodec
public class XMLEntityCodec
- extends Codec
Implementation of the Codec interface for XML entity encoding.
This differes from HTML entity encoding in that only the following
named entities are predefined:
However, the XML Specification 1.0 states in section 4.6 "Predefined
Entities" that these should still be declared for interoperability
purposes. As such, encoding in this class will not use them.
It's also worth noting that unlike the HTMLEntityCodec, a trailing
semicolon is required and all valid codepoints are accepted.
Note that it is a REALLY bad idea to use this for decoding as an XML
document can declare arbitrary entities that this Codec has no way
of knowing about. Decoding is included for completeness but it's use
is not recommended. Use a XML parser instead!
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
XMLEntityCodec
public XMLEntityCodec()
encodeCharacter
public String encodeCharacter(char[] immune,
Character c)
- Default implementation that should be overridden in specific codecs.
Encodes a Character using XML entities as necessary.
- Overrides:
encodeCharacter
in class Codec
- Parameters:
immune
- characters that should not be encoded as entitiesc
- the Character to encode
- Returns:
- the encoded Character
decodeCharacter
public Character decodeCharacter(PushbackString input)
- Returns the decoded version of the next character from the input string and advances the
current character in the PushbackString. If the current character is not encoded, this
method MUST reset the PushbackString.
Returns the decoded version of the character starting at index, or
null if no decoding is possible.
Legal formats:
- Overrides:
decodeCharacter
in class Codec
- Parameters:
input
- the Character to decode
- Returns:
- the decoded Character
Copyright © 2013 The Open Web Application Security Project (OWASP). All Rights Reserved.