Package org.appng.forms

Class XSSUtil

java.lang.Object

org.appng.forms.XSSUtil

public class XSSUtil
extends Object

A utility class helping with XSS prevention.
Uses ESAPI and JSOUP.

Author:

Matthias Müller

Constructor Summary

Constructors

Constructor	Description
XSSUtil(org.owasp.esapi.Encoder encoder)
XSSUtil(org.owasp.esapi.Encoder encoder, org.jsoup.safety.Safelist safelist, String... exceptions)

Method Summary

Modifier and Type	Method	Description
boolean	doProcess(javax.servlet.http.HttpServletRequest request)
boolean	doProcess(javax.servlet.http.HttpServletRequest request, String... exceptions)
void	setProcessed(javax.servlet.http.HttpServletRequest request, boolean processed)
String	stripXss(String parameter)
String[]	stripXss(String[] values)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XSSUtil

public XSSUtil(org.owasp.esapi.Encoder encoder)

XSSUtil

public XSSUtil(org.owasp.esapi.Encoder encoder,
               org.jsoup.safety.Safelist safelist,
               String... exceptions)

Method Detail

stripXss

public String stripXss(String parameter)

stripXss

public String[] stripXss(String[] values)

doProcess

public boolean doProcess(javax.servlet.http.HttpServletRequest request)

doProcess

public boolean doProcess(javax.servlet.http.HttpServletRequest request,
                         String... exceptions)

setProcessed

public void setProcessed(javax.servlet.http.HttpServletRequest request,
                         boolean processed)