Package org.apache.sling.testing.clients.util

Class XSSUtils

java.lang.Object

org.apache.sling.testing.clients.util.XSSUtils

public class XSSUtils
extends Object

Basic class for XSS Testing The reliability of these methods are not critical

Constructor Summary

Constructors

Constructor	Description
XSSUtils()

Method Summary

Modifier and Type	Method	Description
static String	encodeForHTML(String source)	Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.
static String	encodeForHTMLAttr(String source)	Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.
static String	encodeForJSString(String source)	Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.
static String	encodeForXML(String source)	Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.
static String	encodeForXMLAttr(String source)	Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.
static String	encodeUrl(String urlString)	Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.
static String	escapeHtml(String htmlString)	Use to encapsulate old-style escaping of HTML (using StringEscapeUtils).
static String	escapeXml(String xmlString)	Use to encapsulate old-style escaping of XML (with JSTL encoding rules).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XSSUtils

public XSSUtils()

Method Details

encodeUrl

public static String encodeUrl(String urlString)

Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.

Parameters:

urlString - the string to be encoded

Returns:

the encoded string

escapeHtml

public static String escapeHtml(String htmlString)

Use to encapsulate old-style escaping of HTML (using StringEscapeUtils). NB: newer code uses XSSAPI (based on OWASP's ESAPI).

Parameters:

htmlString - the string to be escaped

Returns:

the escaped string

escapeXml

public static String escapeXml(String xmlString)

Use to encapsulate old-style escaping of XML (with JSTL encoding rules). NB: newer code uses XSSAPI (based on OWASP's ESAPI).

Parameters:

xmlString - the string to be escaped

Returns:

the escaped string

encodeForHTML

public static String encodeForHTML(String source)

Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.

Parameters:

source - the string to be encoded

Returns:

the encoded string

encodeForHTMLAttr

public static String encodeForHTMLAttr(String source)

Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.

Parameters:

source - the string to be encoded

Returns:

the encoded string

encodeForXML

public static String encodeForXML(String source)

Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.

Parameters:

source - the string to be encoded

Returns:

the encoded string

encodeForXMLAttr

public static String encodeForXMLAttr(String source)

Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.

Parameters:

source - the string to be encoded

Returns:

the encoded string

encodeForJSString

public static String encodeForJSString(String source)

Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.

Parameters:

source - the string to be encoded

Returns:

the encoded string