@Override public void write(byte[] data, int off, int len) throws IOException { quoteHtmlChars(out, data, off, len); }
@Override public void write(int b) throws IOException { data[0] = (byte) b; quoteHtmlChars(out, data, 0, 1); }
@Override public String nextElement() { return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement()); } };
/** * Quote the server name so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public String getServerName() { return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName()); } }
/** * Quote the url so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public StringBuffer getRequestURL(){ String url = rawRequest.getRequestURL().toString(); return new StringBuffer(HtmlQuoting.quoteHtmlChars(url)); }
@Override public Map<String, String[]> getParameterMap() { Map<String, String[]> result = new HashMap<>(); Map<String, String[]> raw = rawRequest.getParameterMap(); for (Map.Entry<String,String[]> item: raw.entrySet()) { String[] rawValue = item.getValue(); String[] cookedValue = new String[rawValue.length]; for(int i=0; i< rawValue.length; ++i) { cookedValue[i] = HtmlQuoting.quoteHtmlChars(rawValue[i]); } result.put(HtmlQuoting.quoteHtmlChars(item.getKey()), cookedValue); } return result; }
/** * Unquote the name and quote the value. */ @Override public String getParameter(String name) { return HtmlQuoting.quoteHtmlChars(rawRequest.getParameter (HtmlQuoting.unquoteHtmlChars(name))); }
public static void main(String[] args) throws Exception { if (args.length == 0) { throw new IllegalArgumentException("Please provide some arguments"); } for(String arg:args) { System.out.println("Original: " + arg); String quoted = quoteHtmlChars(arg); System.out.println("Quoted: "+ quoted); String unquoted = unquoteHtmlChars(quoted); System.out.println("Unquoted: " + unquoted); System.out.println(); } }
@Override public String[] getParameterValues(String name) { String unquoteName = HtmlQuoting.unquoteHtmlChars(name); String[] unquoteValue = rawRequest.getParameterValues(unquoteName); if (unquoteValue == null) { return null; } String[] result = new String[unquoteValue.length]; for(int i=0; i < result.length; ++i) { result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]); } return result; }
/** * Quote the given item to make it html-safe. * @param item the string to quote * @return the quoted string */ public static String quoteHtmlChars(String item) { if (item == null) { return null; } byte[] bytes = item.getBytes(); if (needsQuoting(bytes, 0, bytes.length)) { ByteArrayOutputStream buffer = new ByteArrayOutputStream(); try { quoteHtmlChars(buffer, bytes, 0, bytes.length); } catch (IOException ioe) { // Won't happen, since it is a bytearrayoutputstream } return buffer.toString(); } else { return item; } }
@Test public void testQuoting() throws Exception { assertEquals("ab<cd", HtmlQuoting.quoteHtmlChars("ab<cd")); assertEquals("ab>", HtmlQuoting.quoteHtmlChars("ab>")); assertEquals("&&&", HtmlQuoting.quoteHtmlChars("&&&")); assertEquals(" '\n", HtmlQuoting.quoteHtmlChars(" '\n")); assertEquals(""", HtmlQuoting.quoteHtmlChars("\"")); assertEquals(null, HtmlQuoting.quoteHtmlChars(null)); }
private void runRoundTrip(String str) throws Exception { assertEquals(str, HtmlQuoting.unquoteHtmlChars(HtmlQuoting.quoteHtmlChars(str))); }
@Override public void write(int b) throws IOException { data[0] = (byte) b; quoteHtmlChars(out, data, 0, 1); }
@Override public void write(int b) throws IOException { data[0] = (byte) b; quoteHtmlChars(out, data, 0, 1); }
/** * Quote the server name so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public String getServerName() { return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName()); } }
@Override public String nextElement() { return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement()); } };
/** * Quote the server name so that users specifying the HOST HTTP header * can't inject attacks. */ @Override public String getServerName() { return HtmlQuoting.quoteHtmlChars(rawRequest.getServerName()); } }
@Override public String nextElement() { return HtmlQuoting.quoteHtmlChars(rawIterator.nextElement()); } };
@Override public String[] getParameterValues(String name) { String unquoteName = HtmlQuoting.unquoteHtmlChars(name); String[] unquoteValue = rawRequest.getParameterValues(unquoteName); if (unquoteValue == null) { return null; } String[] result = new String[unquoteValue.length]; for(int i=0; i < result.length; ++i) { result[i] = HtmlQuoting.quoteHtmlChars(unquoteValue[i]); } return result; }
/** * Unquote the name and quote the value. */ @Override public String getParameter(String name) { return HtmlQuoting.quoteHtmlChars(rawRequest.getParameter (HtmlQuoting.unquoteHtmlChars(name))); }