org.owasp.esapi.reference.validation
Class HTMLValidationRule
java.lang.Object
org.owasp.esapi.reference.validation.BaseValidationRule
org.owasp.esapi.reference.validation.StringValidationRule
org.owasp.esapi.reference.validation.HTMLValidationRule
- All Implemented Interfaces:
- ValidationRule
public class HTMLValidationRule
- extends StringValidationRule
A validator performs syntax and possibly semantic validation of a single
piece of data from an untrusted source.
- Since:
- June 1, 2007
- Author:
- Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security
- See Also:
Validator
Method Summary |
java.lang.String |
getValid(java.lang.String context,
java.lang.String input)
Parse the input, throw exceptions if validation fails |
java.lang.String |
sanitize(java.lang.String context,
java.lang.String input)
The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care). In most cases this should be the
same as the getSafe method only instead of throwing an exception, return
some default value. |
Methods inherited from class org.owasp.esapi.reference.validation.BaseValidationRule |
assertValid, charArrayToSet, getEncoder, getSafe, getTypeName, getValid, isAllowNull, isValid, setAllowNull, setEncoder, setTypeName, whitelist, whitelist |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
HTMLValidationRule
public HTMLValidationRule(java.lang.String typeName)
HTMLValidationRule
public HTMLValidationRule(java.lang.String typeName,
Encoder encoder)
HTMLValidationRule
public HTMLValidationRule(java.lang.String typeName,
Encoder encoder,
java.lang.String whitelistPattern)
getValid
public java.lang.String getValid(java.lang.String context,
java.lang.String input)
throws ValidationException
- Parse the input, throw exceptions if validation fails
- Specified by:
getValid
in interface ValidationRule
- Overrides:
getValid
in class StringValidationRule
- Parameters:
context
- for logginginput
- the value to be parsed
- Returns:
- a validated value
- Throws:
ValidationException
- if any validation rules fail
sanitize
public java.lang.String sanitize(java.lang.String context,
java.lang.String input)
- The method is similar to ValidationRuile.getSafe except that it returns a
harmless object that may or may not have any similarity to the original
input (in some cases you may not care). In most cases this should be the
same as the getSafe method only instead of throwing an exception, return
some default value.
- Overrides:
sanitize
in class StringValidationRule
- Returns:
- a parsed version of the input or a default value.
Copyright © 2010 The Open Web Application Security Project (OWASP). All Rights Reserved.