@ProviderType public interface XSSAPI
Note: in general, validators are safer than encoders. Encoding only ensures that content within the encoded context cannot break out of said context. It requires that there be a context (for instance, a string context in Javascript), and that damage cannot be done from within the context (for instance, a javascript: URL within a href attribute.
When in doubt, use a validator.
Modifier and Type | Method and Description |
---|---|
@Nullable java.lang.String |
encodeForCSSString(@Nullable java.lang.String source)
Encodes a source string for writing to CSS string content.
|
@Nullable java.lang.String |
encodeForHTML(@Nullable java.lang.String source)
Encodes a source string for HTML element content.
|
@Nullable java.lang.String |
encodeForHTMLAttr(@Nullable java.lang.String source)
Encodes a source string for writing to an HTML attribute value.
|
@Nullable java.lang.String |
encodeForJSString(@Nullable java.lang.String source)
Encodes a source string for writing to JavaScript string content.
|
@Nullable java.lang.String |
encodeForXML(@Nullable java.lang.String source)
Encodes a source string for XML element content.
|
@Nullable java.lang.String |
encodeForXMLAttr(@Nullable java.lang.String source)
Encodes a source string for writing to an XML attribute value.
|
@NotNull java.lang.String |
filterHTML(@Nullable java.lang.String source)
Filters potentially user-contributed HTML to meet the AntiSamy policy rules currently in
effect for HTML output (see the XSSFilter service for details).
|
@Nullable java.lang.String |
getValidCSSColor(@Nullable java.lang.String color,
@Nullable java.lang.String defaultColor)
Validate a CSS color value.
|
@Nullable java.lang.String |
getValidDimension(@Nullable java.lang.String dimension,
@Nullable java.lang.String defaultValue)
Validate a string which should contain a dimension, returning a default value if the source is
empty, can't be parsed, or contains XSS risks.
|
@Nullable java.lang.Double |
getValidDouble(@Nullable java.lang.String source,
double defaultValue)
Validate a string which should contain an double, returning a default value if the source is
null , empty, can't be parsed, or contains XSS risks. |
@NotNull java.lang.String |
getValidHref(@Nullable java.lang.String url)
Sanitizes a URL for writing as an HTML href or src attribute value.
|
@Nullable java.lang.Integer |
getValidInteger(@Nullable java.lang.String integer,
int defaultValue)
Validate a string which should contain an integer, returning a default value if the source is
null , empty, can't be parsed, or contains XSS risks. |
java.lang.String |
getValidJSON(@Nullable java.lang.String json,
@Nullable java.lang.String defaultJson)
Validate a JSON string
|
@Nullable java.lang.String |
getValidJSToken(@Nullable java.lang.String token,
@Nullable java.lang.String defaultValue)
Validate a Javascript token.
|
@Nullable java.lang.Long |
getValidLong(@Nullable java.lang.String source,
long defaultValue)
Validate a string which should contain a long, returning a default value if the source is
null , empty, can't be parsed, or contains XSS risks. |
java.lang.String |
getValidMultiLineComment(@Nullable java.lang.String comment,
@Nullable java.lang.String defaultComment)
Validate multi-line comment to be used inside a <script>...</script> or <style>...</style> block.
|
@Nullable java.lang.String |
getValidStyleToken(@Nullable java.lang.String token,
@Nullable java.lang.String defaultValue)
Validate a style/CSS token.
|
java.lang.String |
getValidXML(@Nullable java.lang.String xml,
@Nullable java.lang.String defaultXml)
Validate an XML string
|
@Nullable @Nullable java.lang.Integer getValidInteger(@Nullable @Nullable java.lang.String integer, int defaultValue)
null
, empty, can't be parsed, or contains XSS risks.integer
- the source integerdefaultValue
- a default value if the source can't be used, is null
or an empty string@Nullable @Nullable java.lang.Long getValidLong(@Nullable @Nullable java.lang.String source, long defaultValue)
null
, empty, can't be parsed, or contains XSS risks.source
- the source longdefaultValue
- a default value if the source can't be used, is null
or an empty string@Nullable @Nullable java.lang.Double getValidDouble(@Nullable @Nullable java.lang.String source, double defaultValue)
null
, empty, can't be parsed, or contains XSS risks.source
- the source doubledefaultValue
- a default value if the source can't be used, is null
or an empty string@Nullable @Nullable java.lang.String getValidDimension(@Nullable @Nullable java.lang.String dimension, @Nullable @Nullable java.lang.String defaultValue)
dimension
- the source dimensiondefaultValue
- a default value if the source can't be used, is null
or an empty string@NotNull @NotNull java.lang.String getValidHref(@Nullable @Nullable java.lang.String url)
url
- the source URL@Nullable @Nullable java.lang.String getValidJSToken(@Nullable @Nullable java.lang.String token, @Nullable @Nullable java.lang.String defaultValue)
token
- the source tokendefaultValue
- a default value to use if the source is null
, an empty string, or doesn't meet validity constraints.@Nullable @Nullable java.lang.String getValidStyleToken(@Nullable @Nullable java.lang.String token, @Nullable @Nullable java.lang.String defaultValue)
token
- the source tokendefaultValue
- a default value to use if the source is null
, an empty string, or doesn't meet validity constraints.@Nullable @Nullable java.lang.String getValidCSSColor(@Nullable @Nullable java.lang.String color, @Nullable @Nullable java.lang.String defaultColor)
color
- the color value to be used.defaultColor
- a default value to use if the input color value is null
, an empty string, doesn't meet validity constraints.java.lang.String getValidMultiLineComment(@Nullable @Nullable java.lang.String comment, @Nullable @Nullable java.lang.String defaultComment)
comment
- the comment to be useddefaultComment
- a default value to use if the comment is null
or not valid.java.lang.String getValidJSON(@Nullable @Nullable java.lang.String json, @Nullable @Nullable java.lang.String defaultJson)
json
- the JSON string to validatedefaultJson
- the default value to use if json
is null
or not validjava.lang.String getValidXML(@Nullable @Nullable java.lang.String xml, @Nullable @Nullable java.lang.String defaultXml)
xml
- the XML string to validatedefaultXml
- the default value to use if xml
is null
or not valid@Nullable @Nullable java.lang.String encodeForHTML(@Nullable @Nullable java.lang.String source)
source
- the input to encode@Nullable @Nullable java.lang.String encodeForHTMLAttr(@Nullable @Nullable java.lang.String source)
source
- the input to encode@Nullable @Nullable java.lang.String encodeForXML(@Nullable @Nullable java.lang.String source)
source
- the input to encode@Nullable @Nullable java.lang.String encodeForXMLAttr(@Nullable @Nullable java.lang.String source)
source
- the input to encode@Nullable @Nullable java.lang.String encodeForJSString(@Nullable @Nullable java.lang.String source)
source
- the input to encode@Nullable @Nullable java.lang.String encodeForCSSString(@Nullable @Nullable java.lang.String source)
source
- the input to encode@NotNull @NotNull java.lang.String filterHTML(@Nullable @Nullable java.lang.String source)
source
- a string containing the source HTMLsource
is null
or emptyCopyright © 2010 - 2020 Adobe. All Rights Reserved