@Service(value=XSSAPI.class) public class XSSAPIImpl extends Object implements XSSAPI
| Constructor and Description |
|---|
XSSAPIImpl() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
activate() |
protected void |
deactivate() |
String |
encodeForCSSString(String source)
Encodes a source string for writing to CSS string content.
|
String |
encodeForHTML(String source)
Encodes a source string for HTML element content.
|
String |
encodeForHTMLAttr(String source)
Encodes a source string for writing to an HTML attribute value.
|
String |
encodeForJSString(String source)
Encodes a source string for writing to JavaScript string content.
|
String |
encodeForXML(String source)
Encodes a source string for XML element content.
|
String |
encodeForXMLAttr(String source)
Encodes a source string for writing to an XML attribute value.
|
String |
filterHTML(String source)
Filters potentially user-contributed HTML to meet the AntiSamy policy rules currently in
effect for HTML output (see the XSSFilter service for details).
|
XSSAPI |
getRequestSpecificAPI(org.apache.sling.api.SlingHttpServletRequest request)
Returns an XSSAPI instance capable of mapping resource URLs.
|
XSSAPI |
getResourceResolverSpecificAPI(org.apache.sling.api.resource.ResourceResolver resourceResolver)
Returns an XSSAPI instance capable of mapping resource URLs.
|
String |
getValidCSSColor(String color,
String defaultColor)
Validate a CSS color value.
|
String |
getValidDimension(String dimension,
String defaultValue)
Validate a string which should contain a dimension, returning a default value if the source is
empty, can't be parsed, or contains XSS risks.
|
Double |
getValidDouble(String source,
double defaultValue)
Validate a string which should contain an double, returning a default value if the source is
null, empty, can't be parsed, or contains XSS risks. |
String |
getValidHref(String url)
Sanitizes a URL for writing as an HTML href or src attribute value.
|
Integer |
getValidInteger(String integer,
int defaultValue)
Validate a string which should contain an integer, returning a default value if the source is
null, empty, can't be parsed, or contains XSS risks. |
String |
getValidJSON(String json,
String defaultJson)
Validate a JSON string
|
String |
getValidJSToken(String token,
String defaultValue)
Validate a Javascript token.
|
Long |
getValidLong(String source,
long defaultValue)
Validate a string which should contain a long, returning a default value if the source is
null, empty, can't be parsed, or contains XSS risks. |
String |
getValidMultiLineComment(String comment,
String defaultComment)
Validate multi-line comment to be used inside a <script>...</script> or <style>...</style> block.
|
String |
getValidStyleToken(String token,
String defaultValue)
Validate a style/CSS token.
|
String |
getValidXML(String xml,
String defaultXml)
Validate an XML string
|
@Activate protected void activate()
@Deactivate protected void deactivate()
public Integer getValidInteger(String integer, int defaultValue)
XSSAPInull, empty, can't be parsed, or contains XSS risks.getValidInteger in interface XSSAPIinteger - the source integerdefaultValue - a default value if the source can't be used, is null or an empty stringXSSAPI.getValidInteger(String, int)public Long getValidLong(String source, long defaultValue)
XSSAPInull, empty, can't be parsed, or contains XSS risks.getValidLong in interface XSSAPIsource - the source longdefaultValue - a default value if the source can't be used, is null or an empty stringXSSAPI.getValidLong(String, long)public Double getValidDouble(String source, double defaultValue)
XSSAPInull, empty, can't be parsed, or contains XSS risks.getValidDouble in interface XSSAPIsource - the source doubledefaultValue - a default value if the source can't be used, is null or an empty stringXSSAPI.getValidDouble(String, double)public String getValidDimension(String dimension, String defaultValue)
XSSAPIgetValidDimension in interface XSSAPIdimension - the source dimensiondefaultValue - a default value if the source can't be used, is null or an empty stringXSSAPI.getValidDimension(String, String)@Nonnull public String getValidHref(String url)
XSSAPIgetValidHref in interface XSSAPIurl - the source URLXSSAPI.getValidHref(String)public String getValidJSToken(String token, String defaultValue)
XSSAPIgetValidJSToken in interface XSSAPItoken - the source tokendefaultValue - a default value to use if the source is null, an empty string, or doesn't meet validity constraints.XSSAPI.getValidJSToken(String, String)public String getValidStyleToken(String token, String defaultValue)
XSSAPIgetValidStyleToken in interface XSSAPItoken - the source tokendefaultValue - a default value to use if the source is null, an empty string, or doesn't meet validity constraints.XSSAPI.getValidStyleToken(String, String)public String getValidCSSColor(String color, String defaultColor)
XSSAPIgetValidCSSColor in interface XSSAPIcolor - the color value to be used.defaultColor - a default value to use if the input color value is null, an empty string, doesn't meet validity constraints.XSSAPI.getValidCSSColor(String, String)public String getValidMultiLineComment(String comment, String defaultComment)
XSSAPIgetValidMultiLineComment in interface XSSAPIcomment - the comment to be useddefaultComment - a default value to use if the comment is null or not valid.XSSAPI.getValidMultiLineComment(String, String)public String getValidJSON(String json, String defaultJson)
XSSAPIgetValidJSON in interface XSSAPIjson - the JSON string to validatedefaultJson - the default value to use if json is null or not validXSSAPI.getValidJSON(String, String)public String getValidXML(String xml, String defaultXml)
XSSAPIgetValidXML in interface XSSAPIxml - the XML string to validatedefaultXml - the default value to use if xml is null or not validXSSAPI.getValidXML(String, String)public String encodeForHTML(String source)
XSSAPIencodeForHTML in interface XSSAPIsource - the input to encodeXSSAPI.encodeForHTML(String)public String encodeForHTMLAttr(String source)
XSSAPIencodeForHTMLAttr in interface XSSAPIsource - the input to encodeXSSAPI.encodeForHTMLAttr(String)public String encodeForXML(String source)
XSSAPIencodeForXML in interface XSSAPIsource - the input to encodeXSSAPI.encodeForXML(String)public String encodeForXMLAttr(String source)
XSSAPIencodeForXMLAttr in interface XSSAPIsource - the input to encodeXSSAPI.encodeForXMLAttr(String)public String encodeForJSString(String source)
XSSAPIencodeForJSString in interface XSSAPIsource - the input to encodeXSSAPI.encodeForJSString(String)public String encodeForCSSString(String source)
XSSAPIencodeForCSSString in interface XSSAPIsource - the input to encodeXSSAPI.encodeForCSSString(String)@Nonnull public String filterHTML(String source)
XSSAPIfilterHTML in interface XSSAPIsource - a string containing the source HTMLsource is null or emptyXSSAPI.filterHTML(String)public XSSAPI getRequestSpecificAPI(org.apache.sling.api.SlingHttpServletRequest request)
XSSAPIgetRequestSpecificAPI in interface XSSAPIrequest - the request from which to obtain the XSSAPIXSSAPI.getRequestSpecificAPI(org.apache.sling.api.SlingHttpServletRequest)public XSSAPI getResourceResolverSpecificAPI(org.apache.sling.api.resource.ResourceResolver resourceResolver)
XSSAPIgetResourceResolverSpecificAPI in interface XSSAPIresourceResolver - the resolver from which to obtain the XSSAPIXSSAPI.getResourceResolverSpecificAPI(org.apache.sling.api.resource.ResourceResolver)Copyright © 2007–2017 The Apache Software Foundation. All rights reserved.