Package org.apache.sling.xss

Interface XSSFilter

  • @ProviderType
public interface XSSFilter
    This service should be used to protect output against potential XSS attacks. The protection is context based.

    • Field Detail

    • Method Detail

      • check

        boolean check​(ProtectionContext context,
              String src)
        Indicates whether or not a given source string contains XSS policy violations.
        Parameters:
        context - context to use for checking
        src - source string
        Returns:
        true if the source is violation-free
        Throws:
        NullPointerException - if context is null

      • filter

        String filter​(String src)
        Prevents the given source string from containing XSS stuff.

        The default protection context is used for checking.

        Parameters:
        src - source string
        Returns:
        string that does not contain XSS stuff

      • filter

        String filter​(ProtectionContext context,
              String src)
        Protects the given source string from containing XSS stuff.
        Parameters:
        context - context to use for checking
        src - source string
        Returns:
        string that does not contain XSS stuff
        Throws:
        NullPointerException - if context is null

      • isValidHref

        boolean isValidHref​(String url)
        Checks if the given URL is valid to be used for the href attribute in a a tag.

        The default protection context is used for checking.

        Parameters:
        url - the URL that should be validated
        Returns:
        true if the URL is violation-free