public class JavaScriptCodec extends AbstractCharacterCodec
Encoder
Constructor and Description |
---|
JavaScriptCodec() |
Modifier and Type | Method and Description |
---|---|
Character |
decodeCharacter(PushbackSequence<Character> input)
Returns the decoded version of the next character from the input string and advances the
current character in the
PushbackSequence . |
String |
encodeCharacter(char[] immune,
Character c)
Default implementation that should be overridden in specific codecs.
|
decode
containsCharacter, encode, encodeCharacter, encodeCharacter, getHexForNonAlphanumeric, getHexForNonAlphanumeric, toHex, toHex, toOctal
public String encodeCharacter(char[] immune, Character c)
WARNING!!!! Passing a standard char
rather than Character
to this method will resolve to the
AbstractCodec.encodeCharacter( char[], char )
method, which will throw an IllegalArgumentException
instead.
YOU HAVE BEEN WARNED!!!!
Returns backslash encoded numeric format. Does not use backslash character escapes
such as, \" or \' as these may cause parsing problems. For example, if a javascript
attribute, such as onmouseover, contains a \" that will close the entire attribute and
allow an attacker to inject another script attribute.
encodeCharacter
in interface Codec<Character>
encodeCharacter
in class AbstractCodec<Character>
immune
- c
- the Character to encodepublic Character decodeCharacter(PushbackSequence<Character> input)
PushbackSequence
. If the current character is not encoded, this
method MUST reset the PushbackString
.
Returns the decoded version of the character starting at index, or
null if no decoding is possible.
Formats all are legal both upper/lower case:
\\a - special characters \\xHH \\uHHHH \\OOO (1, 2, or 3 digits)
decodeCharacter
in interface Codec<Character>
decodeCharacter
in class AbstractCodec<Character>
input
- the Character to decodeCopyright © 2022 The Open Web Application Security Project (OWASP). All rights reserved.