org.owasp.esapi.codecs

Class HTMLEntityCodec

java.lang.Object

org.owasp.esapi.codecs.AbstractCodec<Integer>

org.owasp.esapi.codecs.AbstractIntegerCodec

org.owasp.esapi.codecs.HTMLEntityCodec

All Implemented Interfaces:

Codec<Integer>

public class HTMLEntityCodec
extends AbstractIntegerCodec

Implementation of the Codec interface for HTML entity encoding.

Since:

June 1, 2007

Author:

Jeff Williams (jeff.williams .at. aspectsecurity.com) Aspect Security, Matt Seil (mseil .at. owasp.org) (mseil .at. owasp.org)

See Also:

Encoder

Constructor Summary

Constructors

Constructor and Description
HTMLEntityCodec()

Method Summary

Modifier and Type	Method and Description
Integer	decodeCharacter(PushbackSequence<Integer> input) Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence.
String	encode(char[] immune, String input) Given an array of char, scan the input String and encode unsafe codePoints, except for codePoints passed into the char array.
String	encodeCharacter(char[] immune, int codePoint) Default codepoint implementation that should be overridden in specific codecs.

Methods inherited from class org.owasp.esapi.codecs.AbstractIntegerCodec

decode

Methods inherited from class org.owasp.esapi.codecs.AbstractCodec

containsCharacter, encodeCharacter, encodeCharacter, getHexForNonAlphanumeric, getHexForNonAlphanumeric, toHex, toHex, toOctal

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HTMLEntityCodec

public HTMLEntityCodec()

Method Detail

encode

public String encode(char[] immune,
                     String input)

Given an array of char, scan the input String and encode unsafe codePoints, except for codePoints passed into the char array.

WARNING: This method will silently discard any code point per the call to Character.isValidCodePoint( int ) method. WARNING!! Character based Codecs will silently transform code points that are not legal UTF code points into garbage data as they will cast them to chars.

If you are implementing an Integer based codec, these will be silently discarded based on the return from Character.isValidCodePoint( int ). This is the preferred behavior moving forward. Encode a String so that it can be safely used in a specific context.

Specified by:

encode in interface Codec<Integer>

Overrides:

encode in class AbstractCodec<Integer>

input - the String to encode

Returns:

the encoded String

encodeCharacter

public String encodeCharacter(char[] immune,
                              int codePoint)

Default codepoint implementation that should be overridden in specific codecs. Encodes a codePoint for safe use in an HTML entity field.

Specified by:

encodeCharacter in interface Codec<Integer>

Overrides:

encodeCharacter in class AbstractCodec<Integer>

Parameters:

immune -

codePoint - the integer to encode

Returns:

the encoded Character

decodeCharacter

public Integer decodeCharacter(PushbackSequence<Integer> input)

Returns the decoded version of the next character from the input string and advances the current character in the PushbackSequence. If the current character is not encoded, this method MUST reset the PushbackString. Returns the decoded version of the character starting at index, or null if no decoding is possible. Formats all are legal both with and without semi-colon, upper/lower case: &#dddd; &#xhhhh; &name;

Specified by:

decodeCharacter in interface Codec<Integer>

Overrides:

decodeCharacter in class AbstractCodec<Integer>

Parameters:

input - the Character to decode

Returns:

the decoded Character