Package org.owasp.esapi.codecs
Class HTMLEntityCodec
- java.lang.Object
-
- org.owasp.esapi.codecs.AbstractCodec<java.lang.Integer>
-
- org.owasp.esapi.codecs.AbstractIntegerCodec
-
- org.owasp.esapi.codecs.HTMLEntityCodec
-
- All Implemented Interfaces:
Codec<java.lang.Integer>
public class HTMLEntityCodec extends AbstractIntegerCodec
Implementation of the Codec interface for HTML entity encoding.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Matt Seil (mseil .at. owasp.org) (mseil .at. owasp.org)
- See Also:
Encoder
-
-
Constructor Summary
Constructors Constructor Description HTMLEntityCodec()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Integer
decodeCharacter(PushbackSequence<java.lang.Integer> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.java.lang.String
encode(char[] immune, java.lang.String input)
Given an array ofchar
, scan the inputString
and encode unsafe codePoints, except for codePoints passed into thechar
array.java.lang.String
encodeCharacter(char[] immune, int codePoint)
Default codepoint implementation that should be overridden in specific codecs.-
Methods inherited from class org.owasp.esapi.codecs.AbstractIntegerCodec
decode
-
Methods inherited from class org.owasp.esapi.codecs.AbstractCodec
containsCharacter, encodeCharacter, encodeCharacter, getHexForNonAlphanumeric, getHexForNonAlphanumeric, toHex, toHex, toOctal
-
-
-
-
Method Detail
-
encode
public java.lang.String encode(char[] immune, java.lang.String input)
Given an array ofchar
, scan the inputString
and encode unsafe codePoints, except for codePoints passed into thechar
array.
WARNING: This method will silently discard any code point per the call toCharacter.isValidCodePoint( int )
method. WARNING!!Character
based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them tochar
s. If you are implementing anInteger
based codec, these will be silently discarded based on the return fromCharacter.isValidCodePoint( int )
. This is the preferred behavior moving forward. Encode a String so that it can be safely used in a specific context.- Specified by:
encode
in interfaceCodec<java.lang.Integer>
- Overrides:
encode
in classAbstractCodec<java.lang.Integer>
input
- the String to encode- Returns:
- the encoded String
-
encodeCharacter
public java.lang.String encodeCharacter(char[] immune, int codePoint)
Default codepoint implementation that should be overridden in specific codecs. Encodes a codePoint for safe use in an HTML entity field.- Specified by:
encodeCharacter
in interfaceCodec<java.lang.Integer>
- Overrides:
encodeCharacter
in classAbstractCodec<java.lang.Integer>
- Parameters:
immune
-codePoint
- the integer to encode- Returns:
- the encoded Character
-
decodeCharacter
public java.lang.Integer decodeCharacter(PushbackSequence<java.lang.Integer> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Formats all are legal both with and without semi-colon, upper/lower case: dddd; hhhh; &name;- Specified by:
decodeCharacter
in interfaceCodec<java.lang.Integer>
- Overrides:
decodeCharacter
in classAbstractCodec<java.lang.Integer>
- Parameters:
input
- the Character to decode- Returns:
- the decoded Character
-
-