java.lang.Object
- org.apache.sling.testing.clients.util.XSSUtils
- - com.adobe.cq.testing.util.CQXSSUtils

public class CQXSSUtils
extends org.apache.sling.testing.clients.util.XSSUtils

Basic class for XSS Tests

Field Summary

Fields
Modifier and Type	Field	Description
`static String`	`XSS_ATTACK_HERF_SIMPLE`
`static String`	`XSS_ATTACK_JS_CASE_INSENSITIVE`
`static String`	`XSS_ATTACK_JS_SIMPLE`
`static String`	`XSS_ATTACK_JS_SIMPLE2`
`static String`	`XSS_ATTACK_SIMPLE`

Constructor Summary

Constructors
Constructor Description

CQXSSUtils()

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static void`	`assertTitleTagIsNotVulnerable(org.apache.sling.testing.clients.SlingHttpResponse response, String expectedTitle)`	Assert title output is sanitized in head
`static String`	`escapeXmlJSTL(String xmlString)`	Use to encapsulate escaping of XML with standard JSTL.
`static String`	`replaceSpecialCharsForRegexp(String regexp)`	Replaces special chars to avoid breaking the regexp

Methods inherited from class org.apache.sling.testing.clients.util.XSSUtils
encodeForHTML, encodeForHTMLAttr, encodeForJSString, encodeForXML, encodeForXMLAttr, encodeUrl, escapeHtml, escapeXml

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - XSS_ATTACK_SIMPLE
```
public static final String XSS_ATTACK_SIMPLE
```
    See Also:
    
    Constant Field Values
  - XSS_ATTACK_JS_SIMPLE
```
public static final String XSS_ATTACK_JS_SIMPLE
```
    See Also:
    
    Constant Field Values
  - XSS_ATTACK_JS_SIMPLE2
```
public static final String XSS_ATTACK_JS_SIMPLE2
```
    See Also:
    
    Constant Field Values
  - XSS_ATTACK_JS_CASE_INSENSITIVE
```
public static final String XSS_ATTACK_JS_CASE_INSENSITIVE
```
    See Also:
    
    Constant Field Values
  - XSS_ATTACK_HERF_SIMPLE
```
public static final String XSS_ATTACK_HERF_SIMPLE
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - CQXSSUtils
```
public CQXSSUtils()
```
- Method Detail
  - escapeXmlJSTL
```
public static String escapeXmlJSTL(String xmlString)
```
    Use to encapsulate escaping of XML with standard JSTL. This is the old method of escaping in CQ5 and is beeing replaced by ESAPI. See XSSUtils.escapeXml(String)
    
    Parameters:
    
    xmlString - string to escape
    
    Returns:
    
    the escaped string
  - replaceSpecialCharsForRegexp
```
public static String replaceSpecialCharsForRegexp(String regexp)
```
    Replaces special chars to avoid breaking the regexp
    
    Parameters:
    
    regexp - regular expression
    
    Returns:
    
    the sanitized regular expression
  - assertTitleTagIsNotVulnerable
```
public static void assertTitleTagIsNotVulnerable(org.apache.sling.testing.clients.SlingHttpResponse response,
                                                 String expectedTitle)
                                          throws IOException
```
    Assert title output is sanitized in head
    
    Parameters:
    
    response - Sling response containing the page
    
    expectedTitle - expected title
    
    Throws:
    
    IOException - never

Class CQXSSUtils

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.sling.testing.clients.util.XSSUtils

Methods inherited from class java.lang.Object

Field Detail

XSS_ATTACK_SIMPLE

XSS_ATTACK_JS_SIMPLE

XSS_ATTACK_JS_SIMPLE2

XSS_ATTACK_JS_CASE_INSENSITIVE

XSS_ATTACK_HERF_SIMPLE

Constructor Detail

CQXSSUtils

Method Detail

escapeXmlJSTL

replaceSpecialCharsForRegexp

assertTitleTagIsNotVulnerable