Package net.shibboleth.utilities.java.support.codec

Class HTMLEncoder

java.lang.Object
net.shibboleth.utilities.java.support.codec.HTMLEncoder
public final class HTMLEncoder extends Object
An HTML encoder derived from the OWASP ESAPI project. The encoded output will be safe for an HTML interpreter as unsafe characters are translated into their safe equivalent.
See Also:
  • OSJ-69
  • org.owasp.esapi.Encoder
  • org.owasp.esapi.reference.DefaultEncoder
  • org.owasp.esapi.codecs.HTMLEntityCodec

  • Field Details

    • IMMUNE_HTML

      @Nonnull public static final char[] IMMUNE_HTML
      Character set immune from HTML encoding.

    • IMMUNE_HTMLATTR

      @Nonnull public static final char[] IMMUNE_HTMLATTR
      Character set immune from HTML attribute encoding.

    • REPLACEMENT_CHAR

      public static final char REPLACEMENT_CHAR
      Character to replace illegal characters.
      See Also:

    • REPLACEMENT_HEX

      @Nonnull public static final String REPLACEMENT_HEX
      Hex to replace illegal characters.
      See Also:

    • CHARACTER_TO_ENTITY_MAP

      @Nonnull private static final Map<Character,String> CHARACTER_TO_ENTITY_MAP
      Map from entity character to name.

    • HEX

      @Nonnull private static final String[] HEX
      Initialize an array to mark which characters are to be encoded. Store the hex string for that character to save time later. If the character shouldn't be encoded, then store null.

  • Constructor Details

    • HTMLEncoder

      private HTMLEncoder()
      Constructor.

  • Method Details

    • encodeForHTML

      @Nullable public static String encodeForHTML(@Nullable String input)
      Encode data for use in HTML using HTML entity encoding

      Note that the following characters: 00-08, 0B-0C, 0E-1F, and 7F-9F

      cannot be used in HTML.

      Parameters:
      input - the text to encode for HTML
      Returns:
      input encoded for HTML
      See Also:

    • encodeForHTMLAttribute

      @Nullable public static String encodeForHTMLAttribute(@Nullable String input)
      Encode data for use in HTML attributes.
      Parameters:
      input - the text to encode for an HTML attribute
      Returns:
      input encoded for use as an HTML attribute

    • encode

      @Nonnull private static String encode(@Nonnull char[] immune, @Nonnull String input)
      Encode a string for safe use in an HTML entity field.
      Parameters:
      immune - characters immune from encoding
      input - the string to encode
      Returns:
      the encoded input

    • encodeCharacter

      @Nonnull private static String encodeCharacter(@Nonnull char[] immune, char toEncode)
      Encodes a character for safe use in an HTML entity field.
      Parameters:
      immune - characters immune from encoding
      toEncode - the character to encode
      Returns:
      the encoded character

    • getHexForNonAlphanumeric

      @Nullable private static String getHexForNonAlphanumeric(char c)
      Lookup the hex value of any character that is not alphanumeric.
      Parameters:
      c - the character to lookup.
      Returns:
      null if alphanumeric or the character code in hex.

    • containsCharacter

      private static boolean containsCharacter(char c, @Nonnull char[] array)
      Utility to search a char[] for a specific char.
      Parameters:
      c - the char
      array - the array
      Returns:
      whether or not the array contains the char

    • mkCharacterToEntityMap

      @Nonnull private static Map<Character,String> mkCharacterToEntityMap()
      Build an unmodifiable map from entity character to name.
      Returns:
      unmodifiable map from entity character to name