@Service(value=XSSAPI.class) public class XSSAPIImpl extends Object implements XSSAPI
Constructor and Description |
---|
XSSAPIImpl() |
Modifier and Type | Method and Description |
---|---|
protected void |
activate() |
protected void |
deactivate() |
String |
encodeForCSSString(String source)
Encodes a source string for writing to CSS string content.
|
String |
encodeForHTML(String source)
Encodes a source string for HTML element content.
|
String |
encodeForHTMLAttr(String source)
Encodes a source string for writing to an HTML attribute value.
|
String |
encodeForJSString(String source)
Encodes a source string for writing to JavaScript string content.
|
String |
encodeForXML(String source)
Encodes a source string for XML element content.
|
String |
encodeForXMLAttr(String source)
Encodes a source string for writing to an XML attribute value.
|
String |
filterHTML(String source)
Filters potentially user-contributed HTML to meet the AntiSamy policy rules currently in
effect for HTML output (see the XSSFilter service for details).
|
XSSAPI |
getRequestSpecificAPI(org.apache.sling.api.SlingHttpServletRequest request)
Returns an XSSAPI instance capable of mapping resource URLs.
|
XSSAPI |
getResourceResolverSpecificAPI(org.apache.sling.api.resource.ResourceResolver resourceResolver)
Returns an XSSAPI instance capable of mapping resource URLs.
|
String |
getValidCSSColor(String color,
String defaultColor)
Validate a CSS color value.
|
String |
getValidDimension(String dimension,
String defaultValue)
Validate a string which should contain a dimension, returning a default value if the source is
empty, can't be parsed, or contains XSS risks.
|
Double |
getValidDouble(String source,
double defaultValue)
Validate a string which should contain an double, returning a default value if the source is
null , empty, can't be parsed, or contains XSS risks. |
String |
getValidHref(String url)
Sanitizes a URL for writing as an HTML href or src attribute value.
|
Integer |
getValidInteger(String integer,
int defaultValue)
Validate a string which should contain an integer, returning a default value if the source is
null , empty, can't be parsed, or contains XSS risks. |
String |
getValidJSON(String json,
String defaultJson)
Validate a JSON string
|
String |
getValidJSToken(String token,
String defaultValue)
Validate a Javascript token.
|
Long |
getValidLong(String source,
long defaultValue)
Validate a string which should contain a long, returning a default value if the source is
null , empty, can't be parsed, or contains XSS risks. |
String |
getValidMultiLineComment(String comment,
String defaultComment)
Validate multi-line comment to be used inside a <script>...</script> or <style>...</style> block.
|
String |
getValidStyleToken(String token,
String defaultValue)
Validate a style/CSS token.
|
String |
getValidXML(String xml,
String defaultXml)
Validate an XML string
|
@Activate protected void activate()
@Deactivate protected void deactivate()
public Integer getValidInteger(String integer, int defaultValue)
XSSAPI
null
, empty, can't be parsed, or contains XSS risks.getValidInteger
in interface XSSAPI
integer
- the source integerdefaultValue
- a default value if the source can't be used, is null
or an empty stringXSSAPI.getValidInteger(String, int)
public Long getValidLong(String source, long defaultValue)
XSSAPI
null
, empty, can't be parsed, or contains XSS risks.getValidLong
in interface XSSAPI
source
- the source longdefaultValue
- a default value if the source can't be used, is null
or an empty stringXSSAPI.getValidLong(String, long)
public Double getValidDouble(String source, double defaultValue)
XSSAPI
null
, empty, can't be parsed, or contains XSS risks.getValidDouble
in interface XSSAPI
source
- the source doubledefaultValue
- a default value if the source can't be used, is null
or an empty stringXSSAPI.getValidDouble(String, double)
public String getValidDimension(String dimension, String defaultValue)
XSSAPI
getValidDimension
in interface XSSAPI
dimension
- the source dimensiondefaultValue
- a default value if the source can't be used, is null
or an empty stringXSSAPI.getValidDimension(String, String)
@Nonnull public String getValidHref(String url)
XSSAPI
getValidHref
in interface XSSAPI
url
- the source URLXSSAPI.getValidHref(String)
public String getValidJSToken(String token, String defaultValue)
XSSAPI
getValidJSToken
in interface XSSAPI
token
- the source tokendefaultValue
- a default value to use if the source is null
, an empty string, or doesn't meet validity constraints.XSSAPI.getValidJSToken(String, String)
public String getValidStyleToken(String token, String defaultValue)
XSSAPI
getValidStyleToken
in interface XSSAPI
token
- the source tokendefaultValue
- a default value to use if the source is null
, an empty string, or doesn't meet validity constraints.XSSAPI.getValidStyleToken(String, String)
public String getValidCSSColor(String color, String defaultColor)
XSSAPI
getValidCSSColor
in interface XSSAPI
color
- the color value to be used.defaultColor
- a default value to use if the input color value is null
, an empty string, doesn't meet validity constraints.XSSAPI.getValidCSSColor(String, String)
public String getValidMultiLineComment(String comment, String defaultComment)
XSSAPI
getValidMultiLineComment
in interface XSSAPI
comment
- the comment to be useddefaultComment
- a default value to use if the comment is null
or not valid.XSSAPI.getValidMultiLineComment(String, String)
public String getValidJSON(String json, String defaultJson)
XSSAPI
getValidJSON
in interface XSSAPI
json
- the JSON string to validatedefaultJson
- the default value to use if json
is null
or not validXSSAPI.getValidJSON(String, String)
public String getValidXML(String xml, String defaultXml)
XSSAPI
getValidXML
in interface XSSAPI
xml
- the XML string to validatedefaultXml
- the default value to use if xml
is null
or not validXSSAPI.getValidXML(String, String)
public String encodeForHTML(String source)
XSSAPI
encodeForHTML
in interface XSSAPI
source
- the input to encodeXSSAPI.encodeForHTML(String)
public String encodeForHTMLAttr(String source)
XSSAPI
encodeForHTMLAttr
in interface XSSAPI
source
- the input to encodeXSSAPI.encodeForHTMLAttr(String)
public String encodeForXML(String source)
XSSAPI
encodeForXML
in interface XSSAPI
source
- the input to encodeXSSAPI.encodeForXML(String)
public String encodeForXMLAttr(String source)
XSSAPI
encodeForXMLAttr
in interface XSSAPI
source
- the input to encodeXSSAPI.encodeForXMLAttr(String)
public String encodeForJSString(String source)
XSSAPI
encodeForJSString
in interface XSSAPI
source
- the input to encodeXSSAPI.encodeForJSString(String)
public String encodeForCSSString(String source)
XSSAPI
encodeForCSSString
in interface XSSAPI
source
- the input to encodeXSSAPI.encodeForCSSString(String)
@Nonnull public String filterHTML(String source)
XSSAPI
filterHTML
in interface XSSAPI
source
- a string containing the source HTMLsource
is null
or emptyXSSAPI.filterHTML(String)
public XSSAPI getRequestSpecificAPI(org.apache.sling.api.SlingHttpServletRequest request)
XSSAPI
getRequestSpecificAPI
in interface XSSAPI
request
- the request from which to obtain the XSSAPI
XSSAPI.getRequestSpecificAPI(org.apache.sling.api.SlingHttpServletRequest)
public XSSAPI getResourceResolverSpecificAPI(org.apache.sling.api.resource.ResourceResolver resourceResolver)
XSSAPI
getResourceResolverSpecificAPI
in interface XSSAPI
resourceResolver
- the resolver from which to obtain the XSSAPI
XSSAPI.getResourceResolverSpecificAPI(org.apache.sling.api.resource.ResourceResolver)
Copyright © 2007–2017 The Apache Software Foundation. All rights reserved.