private void appendHiddenTag(StringBuilder html, String name, String value) { html.append("<input type=\"hidden\" name=\"").append(name).append("\" value=\"") .append(xss.encodeForHTMLAttr(value)).append("\"/>\n"); }
/** * Protect a Map representing Form Data. * * @param data * @return */ protected final Map<String, String> getProtectedData(final Map<String, String> data) { final Map<String, String> protectedData = new HashMap<String, String>(); // Protect data for HTML Attributes for (final Map.Entry<String, String> entry : data.entrySet()) { protectedData.put(entry.getKey(), xss.encodeForHTMLAttr(entry.getValue())); } return protectedData; }
/** * Protect a Map representing Form Data. * * @param data * @return */ protected final Map<String, String> getProtectedData(final Map<String, String> data) { final Map<String, String> protectedData = new HashMap<String, String>(); // Protect data for HTML Attributes for (final Map.Entry<String, String> entry : data.entrySet()) { protectedData.put(entry.getKey(), xss.encodeForHTMLAttr(entry.getValue())); } return protectedData; }
/** * Encode a string for an HTML attribute. * * @param xssAPI the XSSAPI * @param source the source string * @return the encoded string */ @Function public static CharSequence encodeForHTMLAttr(XSSAPI xssAPI, String source) { return xssAPI.encodeForHTMLAttr(source); }
/** * Use to encapsulate new-style (XSSAPI-based) encoding for HTML attribute values. * * @param source the string to be encoded * @return the encoded string */ public static String encodeForHTMLAttr(String source) { XSSAPI xssAPI = new XSSAPIImpl(); return xssAPI.encodeForHTMLAttr(source); }
public final String getFormInputsHTML(final Form form, final String... keys) { // The form objects data and errors should be xssProtected before being passed into this method StringBuffer html = new StringBuffer(); html.append("<input type=\"hidden\" name=\"").append(FormHelper.FORM_NAME_INPUT).append("\" value=\"") .append(xss.encodeForHTMLAttr(form.getName())).append("\"/>\n"); final String resourcePath = form.getResourcePath(); html.append("<input type=\"hidden\" name=\"").append(FormHelper.FORM_RESOURCE_INPUT).append("\" value=\"") .append(xss.encodeForHTMLAttr(resourcePath)).append("\"/>\n"); for (final String key : keys) { if (form.has(key)) { html.append("<input type=\"hidden\" name=\"").append(key).append("\" value=\"") .append(form.get(key)).append("\"/>\n"); } } return html.toString(); }
private String applyXSSFilter(String text, MarkupContext xssContext) { switch (xssContext) { case ATTRIBUTE: return xssApi.encodeForHTMLAttr(text); case COMMENT: case TEXT: