com.bea.p13n.util.encoding
Class EncodingUtil
java.lang.Object
com.bea.p13n.util.encoding.EncodingUtil
public class EncodingUtil
- extends Object
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
EncodingUtil
public EncodingUtil()
encodeXSS
public static String encodeXSS(String text)
- This helper method can be used to help prevent Cross Site Scripting
vulnerabilities. Any Servlet or JSP which sends user input (eg. query
parameters in HTTP requests) to be rendered into a user's browser needs to
use this method to encode the user input. This ensures that any HTML in
their input (either malicious or otherwise) is not executed by the browser.
This is achieved by converting characters to their HTML escaped form. For
example, '&' is converted to '&'.
A full description of Cross Site Scripting (XSS) vulnerabilities can be
found at
http://www.cert.org/tech_tips/malicious_code_mitigation.html. Dictates the
following character encoding:
| Character | Encoding |
| " | " |
| % | % |
| & | & |
| ' | ' |
| ( | ( |
| ) | ) |
| + | + |
| ; | ; |
| < | < |
| > | > |
| ? | ? |
Taken from Utils.
- Parameters
text - dynamic text which is going to be encoded and sent as html (eg. URL)
- Returns
- encoded text - returns null for null text param
decodeXSS
public static String decodeXSS(String text)
- This helper method can be used to reverse the encoding done in
encodeXSS(java.lang.String).
- Parameters
text - dynamic text which is going to be decoded
- Returns
- encoded text - returns null for null text param
Copyright © 2000, 2009, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates.
Other names may be trademarks of their respective owners.