XSSAPI
instead.@Deprecated
public interface XSSAPI
A service providing validators and encoders for XSS protection during the composition of HTML pages.
Note: in general, validators are safer than encoders. Encoding only ensures that content within the encoded context cannot break out of said context. It requires that there be a context (for instance, a string context in Javascript), and that damage cannot be done from within the context (for instance, a javascript: URL within a href attribute.
When in doubt, use a validator.
Modifier and Type | Method and Description |
---|---|
java.lang.String |
encodeForHTML(java.lang.String source)
Deprecated.
Encodes a source string for HTML element content.
|
java.lang.String |
encodeForHTMLAttr(java.lang.String source)
Deprecated.
Encodes a source string for writing to an HTML attribute value.
|
java.lang.String |
encodeForJSString(java.lang.String source)
Deprecated.
Encodes a source string for writing to JavaScript string content.
|
java.lang.String |
encodeForXML(java.lang.String source)
Deprecated.
Encodes a source string for XML element content.
|
java.lang.String |
encodeForXMLAttr(java.lang.String source)
Deprecated.
Encodes a source string for writing to an XML attribute value.
|
java.lang.String |
filterHTML(java.lang.String source)
Deprecated.
Filters potentially user-contributed HTML to meet the AntiSamy policy rules currently in
effect for HTML output (see the XSSFilter service for details).
|
XSSAPI |
getRequestSpecificAPI(SlingHttpServletRequest request)
Deprecated.
Returns an XSSAPI instance capable of mapping resource URLs.
|
XSSAPI |
getResourceResolverSpecificAPI(ResourceResolver resourceResolver)
Deprecated.
Returns an XSSAPI instance capable of mapping resource URLs.
|
java.lang.String |
getValidCSSColor(java.lang.String color,
java.lang.String defaultColor)
Deprecated.
Validate a CSS color value.
|
java.lang.String |
getValidDimension(java.lang.String dimension,
java.lang.String defaultValue)
Deprecated.
Validate a string which should contain a dimension, returning a default value if the source is
empyt, can't be parsed, or contains XSS risks.
|
java.lang.String |
getValidHref(java.lang.String url)
Deprecated.
Sanitizes a URL for writing as an HTML href or src attribute value.
|
java.lang.String |
getValidHref(java.lang.String url,
boolean isPath)
Deprecated.
|
java.lang.Integer |
getValidInteger(java.lang.String integer,
int defaultValue)
Deprecated.
Validate a string which should contain an integer, returning a default value if the source is
empty, can't be parsed, or contains XSS risks.
|
java.lang.String |
getValidJSToken(java.lang.String token,
java.lang.String defaultValue)
Deprecated.
Validate a Javascript token.
|
java.lang.Long |
getValidLong(java.lang.String source,
long defaultValue)
Deprecated.
Validate a string which should contain a long, returning a default value if the source is
empty, can't be parsed, or contains XSS risks.
|
java.lang.Integer getValidInteger(java.lang.String integer, int defaultValue)
integer
- the source integerdefaultValue
- a default value if the source can't be usedjava.lang.Long getValidLong(java.lang.String source, long defaultValue)
source
- the source longdefaultValue
- a default value if the source can't be usedjava.lang.String getValidDimension(java.lang.String dimension, java.lang.String defaultValue)
dimension
- the source dimensiondefaultValue
- a default value if the source can't be usedjava.lang.String getValidHref(java.lang.String url)
url
- the source URL@Deprecated java.lang.String getValidHref(java.lang.String url, boolean isPath)
java.lang.String getValidJSToken(java.lang.String token, java.lang.String defaultValue)
token
- the source tokendefaultValue
- a default value to use if the source doesn't meet validity constraints.java.lang.String getValidCSSColor(java.lang.String color, java.lang.String defaultColor)
color
- the color value to be used.defaultColor
- a default value to use if the input color value doesn't meet validity constraints.java.lang.String encodeForHTML(java.lang.String source)
source
- the source string to encodejava.lang.String encodeForHTMLAttr(java.lang.String source)
source
- the source string to encodejava.lang.String encodeForXML(java.lang.String source)
source
- the source string to encodejava.lang.String encodeForXMLAttr(java.lang.String source)
source
- the source string to encodejava.lang.String encodeForJSString(java.lang.String source)
source
- the source string to encodejava.lang.String filterHTML(java.lang.String source)
source
- a string containing the source HTMLXSSAPI getRequestSpecificAPI(SlingHttpServletRequest request)
request
- the requestXSSAPI getResourceResolverSpecificAPI(ResourceResolver resourceResolver)
resourceResolver
- the resource resolverCopyright © 2010 - 2020 Adobe. All Rights Reserved