Class HTMLEncoder
java.lang.Object
net.shibboleth.utilities.java.support.codec.HTMLEncoder
An HTML encoder derived from the OWASP ESAPI project. The encoded output will be safe for an HTML interpreter as
unsafe characters are translated into their safe equivalent.
- See Also:
-
- OSJ-69
org.owasp.esapi.Encoder
org.owasp.esapi.reference.DefaultEncoder
org.owasp.esapi.codecs.HTMLEntityCodec
-
Field Summary
Modifier and TypeFieldDescriptionMap from entity character to name.private static final String[]
Initialize an array to mark which characters are to be encoded.static final char[]
Character set immune from HTML encoding.static final char[]
Character set immune from HTML attribute encoding.static final char
Character to replace illegal characters.static final String
Hex to replace illegal characters. -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprivate static boolean
containsCharacter
(char c, char[] array) Utility to search a char[] for a specific char.private static String
Encode a string for safe use in an HTML entity field.private static String
encodeCharacter
(char[] immune, char toEncode) Encodes a character for safe use in an HTML entity field.static String
encodeForHTML
(String input) Encode data for use in HTML using HTML entity encodingstatic String
encodeForHTMLAttribute
(String input) Encode data for use in HTML attributes.private static String
getHexForNonAlphanumeric
(char c) Lookup the hex value of any character that is not alphanumeric.Build an unmodifiable map from entity character to name.
-
Field Details
-
IMMUNE_HTML
@Nonnull public static final char[] IMMUNE_HTMLCharacter set immune from HTML encoding. -
IMMUNE_HTMLATTR
@Nonnull public static final char[] IMMUNE_HTMLATTRCharacter set immune from HTML attribute encoding. -
REPLACEMENT_CHAR
public static final char REPLACEMENT_CHARCharacter to replace illegal characters.- See Also:
-
REPLACEMENT_HEX
Hex to replace illegal characters.- See Also:
-
CHARACTER_TO_ENTITY_MAP
Map from entity character to name. -
HEX
Initialize an array to mark which characters are to be encoded. Store the hex string for that character to save time later. If the character shouldn't be encoded, then store null.
-
-
Constructor Details
-
HTMLEncoder
private HTMLEncoder()Constructor.
-
-
Method Details
-
encodeForHTML
Encode data for use in HTML using HTML entity encodingNote that the following characters: 00-08, 0B-0C, 0E-1F, and 7F-9F
cannot be used in HTML.
- Parameters:
input
- the text to encode for HTML- Returns:
- input encoded for HTML
- See Also:
-
encodeForHTMLAttribute
Encode data for use in HTML attributes.- Parameters:
input
- the text to encode for an HTML attribute- Returns:
- input encoded for use as an HTML attribute
-
encode
Encode a string for safe use in an HTML entity field.- Parameters:
immune
- characters immune from encodinginput
- the string to encode- Returns:
- the encoded input
-
encodeCharacter
Encodes a character for safe use in an HTML entity field.- Parameters:
immune
- characters immune from encodingtoEncode
- the character to encode- Returns:
- the encoded character
-
getHexForNonAlphanumeric
Lookup the hex value of any character that is not alphanumeric.- Parameters:
c
- the character to lookup.- Returns:
- null if alphanumeric or the character code in hex.
-
containsCharacter
private static boolean containsCharacter(char c, @Nonnull char[] array) Utility to search a char[] for a specific char.- Parameters:
c
- the chararray
- the array- Returns:
- whether or not the array contains the char
-
mkCharacterToEntityMap
Build an unmodifiable map from entity character to name.- Returns:
- unmodifiable map from entity character to name
-