/** * Protect a Map representing Form Errors. * * @param errors * @return */ protected final Map<String, String> getProtectedErrors(final Map<String, String> errors) { final Map<String, String> protectedErrors = new HashMap<String, String>(); // Protect data for HTML for (final Map.Entry<String, String> entry : errors.entrySet()) { protectedErrors.put(entry.getKey(), xss.encodeForHTML(entry.getValue())); } return protectedErrors; }
case COMMENT: case TEXT: return xssApi.encodeForHTML(text); case ATTRIBUTE_NAME: return escapeAttributeName(text);
/** * Protect a Map representing Form Errors. * * @param errors * @return */ protected final Map<String, String> getProtectedErrors(final Map<String, String> errors) { final Map<String, String> protectedErrors = new HashMap<String, String>(); // Protect data for HTML for (final Map.Entry<String, String> entry : errors.entrySet()) { protectedErrors.put(entry.getKey(), xss.encodeForHTML(entry.getValue())); } return protectedErrors; }
/** * Encode a string for HTML. * * @param xssAPI the XSSAPI * @param source the source string * @return the encoded string */ @Function public static CharSequence encodeForHTML(XSSAPI xssAPI, String source) { return xssAPI.encodeForHTML(source); }
/** * Use to encapsulate new-style (XSSAPI-based) encoding for HTML element content. * * @param source the string to be encoded * @return the encoded string */ public static String encodeForHTML(String source) { XSSAPI xssAPI = new XSSAPIImpl(); return xssAPI.encodeForHTML(source); }
private void printPropertyValue(final PrintWriter pw, final String name, final Object value) { pw.print(xssApi.encodeForHTML(name)); pw.print(": <b>"); if ( value.getClass().isArray() ) { Object[] values = (Object[])value; pw.print('['); for (int i = 0; i < values.length; i++) { if (i > 0) { pw.print(", "); } pw.print(xssApi.encodeForHTML(values[i].toString())); } pw.print(']'); } else { pw.print(xssApi.encodeForHTML(value.toString())); } pw.print("</b><br />"); }
private void printResourceInfo(final PrintWriter pw, final Resource r) { pw.print("<h1>Resource dumped by "); pw.print(xssApi.encodeForHTML(getClass().getSimpleName())); pw.println("</h1>"); pw.print("<p>Resource path: <b>"); pw.print(xssApi.encodeForHTML(r.getPath())); pw.println("</b></p>"); pw.print("<p>Resource metadata: <b>"); pw.print(xssApi.encodeForHTML(String.valueOf(r.getResourceMetadata()))); pw.println("</b></p>"); pw.print("<p>Resource type: <b>"); pw.print(xssApi.encodeForHTML(r.getResourceType())); pw.println("</b></p>"); String resourceSuperType = r.getResourceResolver().getParentResourceType(r); if (resourceSuperType == null) { resourceSuperType = "-"; } pw.print("<p>Resource super type: <b>"); pw.print(xssApi.encodeForHTML(resourceSuperType)); pw.println("</b></p>"); }