Package com.adobe.cq.testing.util
Class CQXSSUtils
- java.lang.Object
-
- org.apache.sling.testing.clients.util.XSSUtils
-
- com.adobe.cq.testing.util.CQXSSUtils
-
public class CQXSSUtils extends org.apache.sling.testing.clients.util.XSSUtils
Basic class for XSS Tests
-
-
Field Summary
Fields Modifier and Type Field Description static String
XSS_ATTACK_HERF_SIMPLE
static String
XSS_ATTACK_JS_CASE_INSENSITIVE
static String
XSS_ATTACK_JS_SIMPLE
static String
XSS_ATTACK_JS_SIMPLE2
static String
XSS_ATTACK_SIMPLE
-
Constructor Summary
Constructors Constructor Description CQXSSUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
assertTitleTagIsNotVulnerable(org.apache.sling.testing.clients.SlingHttpResponse response, String expectedTitle)
Assert title output is sanitized in headstatic String
escapeXmlJSTL(String xmlString)
Use to encapsulate escaping of XML with standard JSTL.static String
replaceSpecialCharsForRegexp(String regexp)
Replaces special chars to avoid breaking the regexp
-
-
-
Field Detail
-
XSS_ATTACK_SIMPLE
public static final String XSS_ATTACK_SIMPLE
- See Also:
- Constant Field Values
-
XSS_ATTACK_JS_SIMPLE
public static final String XSS_ATTACK_JS_SIMPLE
- See Also:
- Constant Field Values
-
XSS_ATTACK_JS_SIMPLE2
public static final String XSS_ATTACK_JS_SIMPLE2
- See Also:
- Constant Field Values
-
XSS_ATTACK_JS_CASE_INSENSITIVE
public static final String XSS_ATTACK_JS_CASE_INSENSITIVE
- See Also:
- Constant Field Values
-
XSS_ATTACK_HERF_SIMPLE
public static final String XSS_ATTACK_HERF_SIMPLE
- See Also:
- Constant Field Values
-
-
Method Detail
-
escapeXmlJSTL
public static String escapeXmlJSTL(String xmlString)
Use to encapsulate escaping of XML with standard JSTL. This is the old method of escaping in CQ5 and is beeing replaced by ESAPI. SeeXSSUtils.escapeXml(String)
- Parameters:
xmlString
- string to escape- Returns:
- the escaped string
-
replaceSpecialCharsForRegexp
public static String replaceSpecialCharsForRegexp(String regexp)
Replaces special chars to avoid breaking the regexp- Parameters:
regexp
- regular expression- Returns:
- the sanitized regular expression
-
assertTitleTagIsNotVulnerable
public static void assertTitleTagIsNotVulnerable(org.apache.sling.testing.clients.SlingHttpResponse response, String expectedTitle) throws IOException
Assert title output is sanitized in head- Parameters:
response
- Sling response containing the pageexpectedTitle
- expected title- Throws:
IOException
- never
-
-