Package | Description |
---|---|
org.owasp.esapi |
The ESAPI interfaces and
Exception classes model the most
important security functions to enterprise web applications. |
org.owasp.esapi.reference |
This package contains reference implementations of the ESAPI interfaces.
|
org.owasp.esapi.reference.validation |
This package contains data format-specific validation rule functions.
|
org.owasp.esapi.tags |
This package contains sample JSP tags that demonstrate how to use the ESAPI functions
to protect an application from within a JSP page.
|
Modifier and Type | Method and Description |
---|---|
static Encoder |
ESAPI.encoder()
The ESAPI Encoder is primarilly used to provide output encoding to
prevent Cross-Site Scripting (XSS).
|
Modifier and Type | Method and Description |
---|---|
void |
ValidationRule.setEncoder(Encoder encoder) |
Modifier and Type | Class and Description |
---|---|
class |
DefaultEncoder
Reference implementation of the Encoder interface.
|
Modifier and Type | Method and Description |
---|---|
static Encoder |
DefaultEncoder.getInstance() |
Constructor and Description |
---|
DefaultValidator(Encoder encoder)
Construct a new DefaultValidator that will use the specified
Encoder for canonicalization. |
Modifier and Type | Field and Description |
---|---|
protected Encoder |
BaseValidationRule.encoder |
Modifier and Type | Method and Description |
---|---|
Encoder |
BaseValidationRule.getEncoder() |
Modifier and Type | Method and Description |
---|---|
void |
BaseValidationRule.setEncoder(Encoder encoder) |
Constructor and Description |
---|
BaseValidationRule(String typeName,
Encoder encoder) |
CreditCardValidationRule(String typeName,
Encoder encoder)
Creates a CreditCardValidator using the rule found in security configuration
|
CreditCardValidationRule(String typeName,
Encoder encoder,
StringValidationRule validationRule) |
DateValidationRule(String typeName,
Encoder encoder,
DateFormat newFormat) |
HTMLValidationRule(String typeName,
Encoder encoder) |
HTMLValidationRule(String typeName,
Encoder encoder,
String whitelistPattern) |
IntegerValidationRule(String typeName,
Encoder encoder) |
IntegerValidationRule(String typeName,
Encoder encoder,
int minValue,
int maxValue) |
NumberValidationRule(String typeName,
Encoder encoder) |
NumberValidationRule(String typeName,
Encoder encoder,
double minValue,
double maxValue) |
StringValidationRule(String typeName,
Encoder encoder) |
StringValidationRule(String typeName,
Encoder encoder,
String whitelistPattern) |
Modifier and Type | Method and Description |
---|---|
protected String |
EncodeForXPathTag.encode(String content,
Encoder enc)
Encode tag's content for usage in XPath.
|
protected String |
EncodeForXMLTag.encode(String content,
Encoder enc)
Encode tag's content for usage in XML.
|
protected String |
EncodeForXMLAttributeTag.encode(String content,
Encoder enc)
Encode tag's content for usage as a XML attribute.
|
protected String |
EncodeForVBScriptTag.encode(String content,
Encoder enc)
Encode tag's content for usage in VBScript.
|
protected String |
EncodeForURLTag.encode(String content,
Encoder enc)
Encode tag's content for usage in a URL.
|
protected String |
EncodeForJavaScriptTag.encode(String content,
Encoder enc)
Encode tag's content for usage in JavaScript
|
protected String |
EncodeForHTMLTag.encode(String content,
Encoder enc)
Encode tag's content for usage in HTML.
|
protected String |
EncodeForHTMLAttributeTag.encode(String content,
Encoder enc)
Encode tag's content for usage as a HTML attribute.
|
protected String |
EncodeForCSSTag.encode(String content,
Encoder enc)
Encode tag's content for usage in CSS.
|
protected String |
EncodeForBase64Tag.encode(String content,
Encoder enc)
Encode tag's content using Base64.
|
protected abstract String |
BaseEncodeTag.encode(String content,
Encoder enc)
Encode tag's content.
|
Copyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.