/** * Unquote the name and quote the value. */ @Override public String getParameter(String name) { return HtmlQuoting.quoteHtmlChars(rawRequest.getParameter (HtmlQuoting.unquoteHtmlChars(name))); }
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(StandardCharsets.UTF_8); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); return buffer.toString("UTF-8"); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream return null; } } else { return item; } }
@Override public void write(int b) throws IOException { data[0] = (byte) b; quoteHtmlChars(out, data, 0, 1); }
inputLine = HtmlQuoting.unquoteHtmlChars(inputLine);
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(StandardCharsets.UTF_8); return needsQuoting(bytes, 0 , bytes.length); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = new PrintWriter (HtmlQuoting.quoteOutputStream(response.getOutputStream())); ReflectionUtils.printThreadInfo(out, ""); out.close(); ReflectionUtils.logThreadInfo(LOG, "jsp requested", 1); } }
@Override public void write(byte[] data, int off, int len) throws IOException { quoteHtmlChars(out, data, off, len); }
inputLine = HtmlQuoting.unquoteHtmlChars(inputLine);
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(Charsets.UTF_8); return needsQuoting(bytes, 0 , bytes.length); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Do the authorization if (!HttpServer.isInstrumentationAccessAllowed(getServletContext(), request, response)) { return; } PrintWriter out = new PrintWriter (HtmlQuoting.quoteOutputStream(response.getOutputStream())); ReflectionUtils.printThreadInfo(out, ""); out.close(); ReflectionUtils.logThreadInfo(LOG, "jsp requested", 1); } }
@Override public String[] getParameterValues(String name) { String unquoteName = HtmlQuoting.unquoteHtmlChars(name); String[] unquoteValue = rawRequest.getParameterValues(unquoteName); if (unquoteValue == null) { return null; } String[] result = new String[unquoteValue.length]; for(int i=0; i < result.length; ++i) { result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]); } return result; }
@Override public String nextElement() { return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement()); } };
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream } return buffer.toString(); } else { return item; } }
@Override public String unquoteHtmlChars(String item) { return HtmlQuoting.unquoteHtmlChars(item); }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(StandardCharsets.UTF_8); return needsQuoting(bytes, 0 , bytes.length); }
public static void main(String[] args) throws Exception { for(String arg:args) { System.out.println("Original: " + arg); String quoted = quoteHtmlChars(arg); System.out.println("Quoted: "+ quoted); String unquoted = unquoteHtmlChars(quoted); System.out.println("Unquoted: " + unquoted); System.out.println(); } } }
/** * Quote the server name so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public String getServerName() { return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName()); } }
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(Charsets.UTF_8); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); return buffer.toString("UTF-8"); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream return null; } } else { return item; } }
@Override public String unquoteHtmlChars(String item) { return HtmlQuoting.unquoteHtmlChars(item); }
/** * Does the given string need to be quoted? * @param str the string to check * @return does the string contain any of the active html characters? */ public static boolean needsQuoting(String str) { if (str == null) { return false; } byte[] bytes = str.getBytes(Charsets.UTF_8); return needsQuoting(bytes, 0 , bytes.length); }