Package org.owasp.esapi.codecs
Class JavaScriptCodec
- java.lang.Object
-
- org.owasp.esapi.codecs.AbstractCodec<java.lang.Character>
-
- org.owasp.esapi.codecs.AbstractCharacterCodec
-
- org.owasp.esapi.codecs.JavaScriptCodec
-
- All Implemented Interfaces:
Codec<java.lang.Character>
public class JavaScriptCodec extends AbstractCharacterCodec
Implementation of the Codec interface for backslash encoding in JavaScript.- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Encoder
-
-
Constructor Summary
Constructors Constructor Description JavaScriptCodec()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Character
decodeCharacter(PushbackSequence<java.lang.Character> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.java.lang.String
encodeCharacter(char[] immune, java.lang.Character c)
WARNING!!!! Passing a standard char to this method will resolve to the-
Methods inherited from class org.owasp.esapi.codecs.AbstractCharacterCodec
decode
-
Methods inherited from class org.owasp.esapi.codecs.AbstractCodec
containsCharacter, encode, encodeCharacter, encodeCharacter, getHexForNonAlphanumeric, getHexForNonAlphanumeric, toHex, toHex, toOctal
-
-
-
-
Method Detail
-
encodeCharacter
public java.lang.String encodeCharacter(char[] immune, java.lang.Character c)
WARNING!!!! Passing a standard char to this method will resolve to the Returns backslash encoded numeric format. Does not use backslash character escapes such as, \" or \' as these may cause parsing problems. For example, if a javascript attribute, such as onmouseover, contains a \" that will close the entire attribute and allow an attacker to inject another script attribute.- Specified by:
encodeCharacter
in interfaceCodec<java.lang.Character>
- Overrides:
encodeCharacter
in classAbstractCodec<java.lang.Character>
- Parameters:
immune
-c
- the Character to encode- Returns:
- the encoded Character
- See Also:
method instead of this one!!! YOU HAVE BEEN WARNED!!!!
-
decodeCharacter
public java.lang.Character decodeCharacter(PushbackSequence<java.lang.Character> input)
Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. See http://www.planetpdf.com/codecuts/pdfs/tutorial/jsspec.pdf Formats all are legal both upper/lower case: \\a - special characters \\xHH \\uHHHH \\OOO (1, 2, or 3 digits)- Specified by:
decodeCharacter
in interfaceCodec<java.lang.Character>
- Overrides:
decodeCharacter
in classAbstractCodec<java.lang.Character>
- Parameters:
input
- the Character to decode- Returns:
- the decoded Character
-
-