Package net.shibboleth.utilities.java.support.codec

Class HTMLEncoder

  • public final class HTMLEncoder
extends Object
    An HTML encoder derived from the OWASP ESAPI project. The encoded output will be safe for an HTML interpreter as unsafe characters are translated into their safe equivalent.
    See Also:
    OSJ-69, org.owasp.esapi.Encoder, org.owasp.esapi.reference.DefaultEncoder, org.owasp.esapi.codecs.HTMLEntityCodec

    • Field Detail

      • IMMUNE_HTML

        @Nonnull
public static final char[] IMMUNE_HTML
        Character set immune from HTML encoding.

      • IMMUNE_HTMLATTR

        @Nonnull
public static final char[] IMMUNE_HTMLATTR
        Character set immune from HTML attribute encoding.

      • REPLACEMENT_CHAR

        public static final char REPLACEMENT_CHAR
        Character to replace illegal characters.
        See Also:
        Constant Field Values

      • REPLACEMENT_HEX

        @Nonnull
public static final String REPLACEMENT_HEX
        Hex to replace illegal characters.
        See Also:
        Constant Field Values

      • CHARACTER_TO_ENTITY_MAP

        @Nonnull
private static final Map<Character,​String> CHARACTER_TO_ENTITY_MAP
        Map from entity character to name.

      • HEX

        @Nonnull
private static final String[] HEX
        Initialize an array to mark which characters are to be encoded. Store the hex string for that character to save time later. If the character shouldn't be encoded, then store null.

    • Constructor Detail

      • HTMLEncoder

        private HTMLEncoder()
        Constructor.

    • Method Detail

      • encodeForHTMLAttribute

        @Nullable
public static String encodeForHTMLAttribute​(@Nullable
                                            String input)
        Encode data for use in HTML attributes.
        Parameters:
        input - the text to encode for an HTML attribute
        Returns:
        input encoded for use as an HTML attribute

      • encode

        @Nonnull
private static String encode​(@Nonnull
                             char[] immune,
                             @Nonnull
                             String input)
        Encode a string for safe use in an HTML entity field.
        Parameters:
        immune - characters immune from encoding
        input - the string to encode
        Returns:
        the encoded input

      • encodeCharacter

        @Nonnull
private static String encodeCharacter​(@Nonnull
                                      char[] immune,
                                      char toEncode)
        Encodes a character for safe use in an HTML entity field.
        Parameters:
        immune - characters immune from encoding
        toEncode - the character to encode
        Returns:
        the encoded character

      • getHexForNonAlphanumeric

        @Nullable
private static String getHexForNonAlphanumeric​(char c)
        Lookup the hex value of any character that is not alphanumeric.
        Parameters:
        c - the character to lookup.
        Returns:
        null if alphanumeric or the character code in hex.

      • containsCharacter

        private static boolean containsCharacter​(char c,
                                         @Nonnull
                                         char[] array)
        Utility to search a char[] for a specific char.
        Parameters:
        c - the char
        array - the array
        Returns:
        whether or not the array contains the char

      • mkCharacterToEntityMap

        @Nonnull
private static Map<Character,​String> mkCharacterToEntityMap()
        Build an unmodifiable map from entity character to name.
        Returns:
        unmodifiable map from entity character to name