Class XSSUtils
java.lang.Object
org.apache.sling.testing.clients.util.XSSUtils
Basic class for XSS Testing
The reliability of these methods are not critical
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic String
encodeForHTML
(String source) Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.static String
encodeForHTMLAttr
(String source) Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.static String
encodeForJSString
(String source) Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.static String
encodeForXML
(String source) Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.static String
encodeForXMLAttr
(String source) Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.static String
Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.static String
escapeHtml
(String htmlString) Use to encapsulate old-style escaping of HTML (using StringEscapeUtils).static String
Use to encapsulate old-style escaping of XML (with JSTL encoding rules).
-
Constructor Details
-
XSSUtils
public XSSUtils()
-
-
Method Details
-
encodeUrl
Use to ensure that HTTP query strings are in proper form, by escaping special characters such as spaces.- Parameters:
urlString
- the string to be encoded- Returns:
- the encoded string
-
escapeHtml
Use to encapsulate old-style escaping of HTML (using StringEscapeUtils). NB: newer code uses XSSAPI (based on OWASP's ESAPI).- Parameters:
htmlString
- the string to be escaped- Returns:
- the escaped string
-
escapeXml
Use to encapsulate old-style escaping of XML (with JSTL encoding rules). NB: newer code uses XSSAPI (based on OWASP's ESAPI).- Parameters:
xmlString
- the string to be escaped- Returns:
- the escaped string
-
encodeForHTML
Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForHTMLAttr
Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForXML
Use to encapsulate new-style (XSSAPI-based) encoding for XML element content.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForXMLAttr
Use to encapsulate new-style (XSSAPI-based) encoding for XML attribute values.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-
encodeForJSString
Use to encapsulate new-style (XSSAPI-based) encoding for JavaScript strings.- Parameters:
source
- the string to be encoded- Returns:
- the encoded string
-