info.magnolia.util
Class EscapeUtil

java.lang.Object
  extended by info.magnolia.util.EscapeUtil

public final class EscapeUtil
extends Object

Utilities to escaping characters for preventing XSS attack.

This class escapes only & (&), "("), <(<), >(>) and '(') characters. Others characters are left untouched. See rule #1 at XSS_Prevention_Rules.

Use when StringEscapeUtils cannot be used because of escaping more or less character entities.


Method Summary
static String escapeXss(String str)
           
static String[] escapeXss(String[] str)
           
static String unescapeXss(String str)
           
static String[] unescapeXss(String[] str)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

escapeXss

public static String escapeXss(String str)

unescapeXss

public static String unescapeXss(String str)

escapeXss

public static String[] escapeXss(String[] str)

unescapeXss

public static String[] unescapeXss(String[] str)


Copyright © 2003–2014 Magnolia International Ltd.. All rights reserved.