WebLogic Server 6.1 API Reference: Class Utils

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

BEA Systems, Inc.

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

WebLogic Server 6.1 API Reference

weblogic.servlet.security
Class Utils

java.lang.Object
  |
  +--weblogic.servlet.security.Utils

public class Utils
extends java.lang.Object

Author:: Copyright (c) 2003 by BEA Systems. All Rights Reserved.
Copyright © 2001 BEA Systems, Inc. All Rights Reserved.

Constructor Summary
`Utils()`

Method Summary
`static java.lang.String`	`encodeXSS(java.lang.String text)` This helper method can be used to help prevent Cross Site Scripting vulnerabilities.

Methods inherited from class java.lang.Object

clone, 
equals, 
finalize, 
getClass, 
hashCode, 
notify, 
notifyAll, 
toString, 
wait, 
wait, 
wait

Constructor Detail

Utils

public Utils()

Method Detail

encodeXSS

public static java.lang.String encodeXSS(java.lang.String text)

This helper method can be used to help prevent Cross Site Scripting vulnerabilities. Any Servlet or JSP which sends user input (eg. query parameters in HTTP requests) to be rendered into a user's browser needs to use this method to encode the user input. This ensures that any HTML in their input (either malicious or otherwise) is not executed by the browser. This is achieved by converting characters to their HTML escaped form. For example, '&' is converted to '&'.

A full description of Cross Site Scripting (XSS) vulnerabilities can be found at http://www.cert.org/tech_tips/malicious_code_mitigation.html.

Parameters:: text - This is the dynamic text which is going to be sent as html (eg. URL)
Returns:: encoded text