Package com.avoka.core.util

Class XssUtils

java.lang.Object

com.avoka.core.util.XssUtils

public class XssUtils
extends Object

Provides XSS utilities.

Since:

4.2.2

Constructor Summary

Constructors

Constructor	Description
XssUtils()

Method Summary

Modifier and Type	Method	Description
static String	isXmlDocumentSafe(Document document)	Checks if is XML document does not contain any XSS characters.
static boolean	isXmlSafe(Document document)	Checks if is XML document does not contain any XSS characters.
static boolean	isXmlTextSafe(String xmlText)	Return true if the XML text does not contain any XSS characters, or false otherwise.
static boolean	isXssSafe(String value)	Checks if the value is XSS safe.
static boolean	isXssSafeFilename(String value)	Checks if the filename value is XSS safe.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XssUtils

public XssUtils()

Method Details

isXssSafe

public static boolean isXssSafe(String value)

Checks if the value is XSS safe.

Please see dangerous characters: XSS Filter Evasion Cheat Sheet

Parameters:

value - the value to test

Returns:

true, if is XSS safe or is null

isXssSafeFilename

public static boolean isXssSafeFilename(String value)

Checks if the filename value is XSS safe. This applies the standard XSS checks except 'document.' and 'window.' values.

Please see dangerous characters: XSS Filter Evasion Cheat Sheet

Parameters:

value - the value to test

Returns:

true, if is XSS safe or is null

Since:

4.3.3

isXmlSafe

public static boolean isXmlSafe(Document document)

Checks if is XML document does not contain any XSS characters. Note the XML document < character is ignored.

Please see dangerous characters: XSS Filter Evasion Cheat Sheet

Parameters:

document - the XML document to test (required)

Returns:

true, if is XSS safe or is null

Since:

4.2.5

isXmlDocumentSafe

public static String isXmlDocumentSafe(Document document)

Checks if is XML document does not contain any XSS characters.

Please see dangerous characters: XSS Filter Evasion Cheat Sheet

Parameters:

document - the XML document to test (required)

Returns:

null if is XSS safe or the offending token

Since:

4.3.4

isXmlTextSafe

public static boolean isXmlTextSafe(String xmlText)

Return true if the XML text does not contain any XSS characters, or false otherwise.

Please see dangerous characters: XSS Filter Evasion Cheat Sheet

Parameters:

xmlText - the XML text to test (required)

Returns:

true, if is XSS safe or false otherwise

Since:

5.0.0