Package org.owasp.esapi.codecs

Class HTMLEntityCodec

  • All Implemented Interfaces:
    Codec<java.lang.Integer>
    public class HTMLEntityCodec
extends AbstractIntegerCodec
    Implementation of the Codec interface for HTML entity encoding.
    Since:
    June 1, 2007
    Author:
    Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Matt Seil (mseil .at. owasp.org) (mseil .at. owasp.org)
    See Also:
    Encoder

    • Constructor Detail

      • HTMLEntityCodec

        public HTMLEntityCodec()

    • Method Detail

      • encode

        public java.lang.String encode​(char[] immune,
                               java.lang.String input)
        Given an array of char, scan the input String and encode unsafe codePoints, except for codePoints passed into the char array.

        WARNING: This method will silently discard any code point per the call to Character.isValidCodePoint( int ) method. WARNING!! Character based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them to chars.

        If you are implementing an Integer based codec, these will be silently discarded based on the return from Character.isValidCodePoint( int ). This is the preferred behavior moving forward. Encode a String so that it can be safely used in a specific context.
        Specified by:
        encode in interface Codec<java.lang.Integer>
        Overrides:
        encode in class AbstractCodec<java.lang.Integer>
        input - the String to encode
        Returns:
        the encoded String

      • encodeCharacter

        public java.lang.String encodeCharacter​(char[] immune,
                                        int codePoint)
        Default codepoint implementation that should be overridden in specific codecs. Encodes a codePoint for safe use in an HTML entity field.
        Specified by:
        encodeCharacter in interface Codec<java.lang.Integer>
        Overrides:
        encodeCharacter in class AbstractCodec<java.lang.Integer>
        Parameters:
        immune -
        codePoint - the integer to encode
        Returns:
        the encoded Character

      • decodeCharacter

        public java.lang.Integer decodeCharacter​(PushbackSequence<java.lang.Integer> input)
        Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Formats all are legal both with and without semi-colon, upper/lower case: &#dddd; &#xhhhh; &name;
        Specified by:
        decodeCharacter in interface Codec<java.lang.Integer>
        Overrides:
        decodeCharacter in class AbstractCodec<java.lang.Integer>
        Parameters:
        input - the Character to decode
        Returns:
        the decoded Character