| java.lang.Object org.directwebremoting.Security
Security | public class Security (Code) | | Some simple replacement utilities to help people protect themselves from
XSS attacks.
This class represents some simple filters which may protect from
simple attacks in low risk environments. There is no replacement for a full
security review which assesses the risks that you face.
author: Joe Walker [joe at getahead dot ltd dot uk] |
Method Summary | |
public static boolean | containsXssRiskyCharacters(String original) | public static String | escapeHtml(String original) Perform the following replacements:
- & to &
- < to <
- > to >
- ' to '
- " to "
These replacements are useful when the original sense is important, but
when we wish to reduce the risk of XSS attacks. | public static String | replaceXmlCharacters(String original) Perform the following replacements:
- & to +
- < to \\u2039 (\u2039)
- > to \\u203A (\u203A)
- ' to \\u2018 (\u2018)
- " to \\u201C (\u201C)
These replacements are useful when readability is more important than
retaining the exact character string of the original. | public static String | unescapeHtml(String original) Perform the following replacements:
- & to &
- < to <
- > to >
- ' to '
- " to "
These replacements are useful to reverse the effects of
Security.escapeHtml(String) . |
containsXssRiskyCharacters | public static boolean containsXssRiskyCharacters(String original)(Code) | | Return true iff the input string contains any of the characters that
are special to XML: &, <, >, ' or "
Parameters: original - The string to test for XML special characters True if the characters are found, false otherwise |
escapeHtml | public static String escapeHtml(String original)(Code) | | Perform the following replacements:
- & to &
- < to <
- > to >
- ' to '
- " to "
These replacements are useful when the original sense is important, but
when we wish to reduce the risk of XSS attacks.
Parameters: original - The string to perform entity replacement on The original string with &, <, >, ' and " escaped. See Also: Security.unescapeHtml(String) |
replaceXmlCharacters | public static String replaceXmlCharacters(String original)(Code) | | Perform the following replacements:
- & to +
- < to \\u2039 (\u2039)
- > to \\u203A (\u203A)
- ' to \\u2018 (\u2018)
- " to \\u201C (\u201C)
These replacements are useful when readability is more important than
retaining the exact character string of the original.
Parameters: original - The string to perform entity replacement on The original string with &, <, >, ' and " escaped. |
unescapeHtml | public static String unescapeHtml(String original)(Code) | | Perform the following replacements:
- & to &
- < to <
- > to >
- ' to '
- " to "
These replacements are useful to reverse the effects of
Security.escapeHtml(String) .
Parameters: original - The string to perform entity replacement on The original string with &, <, >, ' and " replaced. See Also: Security.escapeHtml(String) |
|
|