Class XSSUtils

java.lang.Object
org.apache.sling.testing.clients.util.XSSUtils

public class XSSUtils extends Object
Basic class for XSS Testing The reliability of these methods are not critical
  • Constructor Details

    • XSSUtils

      public XSSUtils()
  • Method Details

    • encodeUrl

      public static String encodeUrl(String urlString)
      Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.
      Parameters:
      urlString - the string to be encoded
      Returns:
      the encoded string
    • escapeHtml

      public static String escapeHtml(String htmlString)
      Use to encapsulate old-style escaping of HTML (using StringEscapeUtils). NB: newer code uses XSSAPI (based on OWASP's ESAPI).
      Parameters:
      htmlString - the string to be escaped
      Returns:
      the escaped string
    • escapeXml

      public static String escapeXml(String xmlString)
      Use to encapsulate old-style escaping of XML (with JSTL encoding rules). NB: newer code uses XSSAPI (based on OWASP's ESAPI).
      Parameters:
      xmlString - the string to be escaped
      Returns:
      the escaped string
    • encodeForHTML

      public static String encodeForHTML(String source)
      Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.
      Parameters:
      source - the string to be encoded
      Returns:
      the encoded string
    • encodeForHTMLAttr

      public static String encodeForHTMLAttr(String source)
      Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.
      Parameters:
      source - the string to be encoded
      Returns:
      the encoded string
    • encodeForXML

      public static String encodeForXML(String source)
      Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.
      Parameters:
      source - the string to be encoded
      Returns:
      the encoded string
    • encodeForXMLAttr

      public static String encodeForXMLAttr(String source)
      Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.
      Parameters:
      source - the string to be encoded
      Returns:
      the encoded string
    • encodeForJSString

      public static String encodeForJSString(String source)
      Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.
      Parameters:
      source - the string to be encoded
      Returns:
      the encoded string