|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.directwebremoting.Security
public class Security
Some simple replacement utilities to help people protect themselves from XSS attacks.
This class represents some simple filters which may protect from simple attacks in low risk environments. There is no replacement for a full security review which assesses the risks that you face.
Constructor Summary | |
---|---|
Security()
|
Method Summary | |
---|---|
static boolean |
containsXssRiskyCharacters(java.lang.String original)
Return true iff the input string contains any of the characters that are special to XML: &, <, >, ' or " |
static java.lang.String |
escapeHtml(java.lang.String original)
Perform the following replacements: & to & < to < > to > ' to ' " to " These replacements are useful when the original sense is important, but when we wish to reduce the risk of XSS attacks. |
static java.lang.String |
replaceXmlCharacters(java.lang.String original)
Perform the following replacements: & to + < to \\u2039 (?) (?) > to \\u203A (?) (?) ' to \\u2018 (?) (?) " to \\u201C (?) (?) These replacements are useful when readibility is more important than retaining the exact character string of the original. |
static java.lang.String |
unescapeHtml(java.lang.String original)
Perform the following replacements: & to & < to < > to > ' to ' " to " These replacements are useful to reverse the effects of escapeHtml(String) . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public Security()
Method Detail |
---|
public static java.lang.String escapeHtml(java.lang.String original)
original
- The string to perform entity replacement on
unescapeHtml(String)
public static java.lang.String unescapeHtml(java.lang.String original)
escapeHtml(String)
.
original
- The string to perform entity replacement on
escapeHtml(String)
public static java.lang.String replaceXmlCharacters(java.lang.String original)
original
- The string to perform entity replacement on
public static boolean containsXssRiskyCharacters(java.lang.String original)
original
- The string to test for XML special characters
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |