Package com.aquima.interactions.project.impl

Class XssSafeValueFormatter

java.lang.Object

com.aquima.interactions.project.impl.XssSafeValueFormatter

All Implemented Interfaces:

IValueFormatter, Serializable

public class XssSafeValueFormatter
extends Object
implements IValueFormatter

ValueFormatter wrapper that filters the HTML encodes string values.

Since:

9.6

Author:

Radu Batori, MihaiBob

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
XssSafeValueFormatter(IValueFormatter delegate)	Constructs the ValueFormatter with the formatter that should be made XSS safe.

Method Summary

Modifier and Type	Method	Description
String	format(IPrimitiveValue valueObject)	Nothing to do, delegate to the underlying formatter.
static XssSafeValueFormatter	getDefaultInstance()	The default XssSafeValueFormatter instance can be used for general XSS-escaping where actual formatting is not important.
static boolean	isValid(String input)
IPrimitiveValue	parse(String text, DataType type)	This method parses the text to a IPrimitiveValue of the type specified by the data type argument.
static IXssBlacklist	register(IXssBlacklist newBlacklist)	Registers a new blacklist implementation.
static IXssWhitelist	register(IXssWhitelist newWhitelist)	Registers a new whitelist implementation.
static String	sanitize(String input)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

XssSafeValueFormatter

public XssSafeValueFormatter(IValueFormatter delegate)

Constructs the ValueFormatter with the formatter that should be made XSS safe.

Parameters:

delegate - The formatter that should be wrapped.

Method Details

getDefaultInstance

public static XssSafeValueFormatter getDefaultInstance()

The default XssSafeValueFormatter instance can be used for general XSS-escaping where actual formatting is not important. Safe to use on Strings only.

Returns:

the general-purpose default instance for XSS-escaping strings

register

public static IXssBlacklist register(IXssBlacklist newBlacklist)

Registers a new blacklist implementation.

Parameters:

newBlacklist - the new blacklist implementation

Returns:

the old blacklist that was replaced.

register

public static IXssWhitelist register(IXssWhitelist newWhitelist)

Registers a new whitelist implementation.

Parameters:

newWhitelist - the new whitelist implementation

Returns:

the old whitelist that was replaced.

format

public String format(IPrimitiveValue valueObject)

Nothing to do, delegate to the underlying formatter.

Specified by:

format in interface IValueFormatter

Parameters:

valueObject - The primitive value whose string representation is requested.

Returns:

String representation of the primitive value.

parse

public IPrimitiveValue parse(String text,
 DataType type)

Description copied from interface: IValueFormatter

This method parses the text to a IPrimitiveValue of the type specified by the data type argument.

Specified by:

parse in interface IValueFormatter

Parameters:

text - The input text which should be parsed. Preferably String. However some primitive object handling is included.

type - The data type to which the string should be converted.

Returns:

The primitive value for the specified data type and text.

isValid

public static boolean isValid(String input)

sanitize

public static String sanitize(String input)