@Override public void configure(final Env env, final Config conf, final Binder binder) { // contribute CSL escape functions env.xss("html", Escape::html) .xss("htmlText", Escape::htmlText) .xss("js", Escape::jsString) .xss("jsRegex", Escape::jsRegex) .xss("css", Escape::cssString) .xss("uri", Escape::uri); }
private String xss(final String value, final String... xss) { return env.xss(xss).apply(value); } }
public String apply(final String value, final String... xss) { return env.xss(xss).apply(value); }
@Override public void configure(final Env env, final Config conf, final Binder binder) { env.xss("html", it -> HtmlEscape.escapeHtml(it, htmltype, htmllevel)) .xss("js", it -> JavaScriptEscape.escapeJavaScript(it, jstype, jslevel)) .xss("json", it -> JsonEscape.escapeJson(it, jsontype, jsonlevel)) .xss("css", it -> CssEscape.escapeCssString(it, csstype, csslevel)) .xss("uri", UriEscape::escapeUriPath) .xss("queryParam", UriEscape::escapeUriQueryParam) .xss("uriFragmentId", UriEscape::escapeUriFragmentId); }
@Override public Object execute(final Map<String, Object> args) { args.remove("_context"); args.remove("_self"); Object[] values = args.values().toArray(new Object[args.size()]); String[] xss = new String[values.length - 1]; System.arraycopy(values, 1, xss, 0, values.length - 1); return env.xss(xss).apply(values[0].toString()); } });
/** * Get or chain the required xss functions. * * @param xss XSS to combine. * @return Chain of required xss functions. */ @Nonnull default Function<String, String> xss(final String... xss) { Map<String, Function<String, String>> fn = xss(); BinaryOperator<Function<String, String>> reduce = Function::andThen; return Arrays.asList(xss) .stream() .map(fn::get) .filter(Objects::nonNull) .reduce(Function.identity(), reduce); }
private void xss(final Env env) { Escaper ufe = UrlEscapers.urlFragmentEscaper(); Escaper fpe = UrlEscapers.urlFormParameterEscaper(); Escaper pse = UrlEscapers.urlPathSegmentEscaper(); Escaper html = HtmlEscapers.htmlEscaper(); env.xss("urlFragment", ufe::escape) .xss("formParam", fpe::escape) .xss("pathSegment", pse::escape) .xss("html", html::escape); }
private Function<String, String> xss(final String... xss) { return require(Env.class).xss(xss); }
@SuppressWarnings({"rawtypes", "unchecked"}) @Override public Object exec(final List arguments) throws TemplateModelException { List<String> args = (List<String>) arguments.stream() .map(it -> Try.apply(() -> ((TemplateScalarModel) it).getAsString()).get()) .collect(Collectors.toList()); String[] xss = args.subList(1, args.size()) .toArray(new String[arguments.size() - 1]); return env.xss(xss).apply(args.get(0)); }
String[] xss = new String[opts.params.length]; System.arraycopy(opts.params, 0, xss, 0, opts.params.length); return new Handlebars.SafeString(env.xss(xss).apply(value.toString())); });
@Override public void configure(final Env env, final Config conf, final Binder binder) { // contribute CSL escape functions env.xss("html", Escape::html) .xss("htmlText", Escape::htmlText) .xss("js", Escape::jsString) .xss("jsRegex", Escape::jsRegex) .xss("css", Escape::cssString) .xss("uri", Escape::uri); }
private String xss(final String value, final String... xss) { return env.xss(xss).apply(value); } }
@Override public Object execute(final Map<String, Object> args) { args.remove("_context"); args.remove("_self"); Object[] values = args.values().toArray(new Object[args.size()]); String[] xss = new String[values.length - 1]; System.arraycopy(values, 1, xss, 0, values.length - 1); return env.xss(xss).apply(values[0].toString()); } });
private void xss(final Env env) { Escaper ufe = UrlEscapers.urlFragmentEscaper(); Escaper fpe = UrlEscapers.urlFormParameterEscaper(); Escaper pse = UrlEscapers.urlPathSegmentEscaper(); Escaper html = HtmlEscapers.htmlEscaper(); env.xss("urlFragment", ufe::escape) .xss("formParam", fpe::escape) .xss("pathSegment", pse::escape) .xss("html", html::escape); }
/** * Get or chain the required xss functions. * * @param xss XSS to combine. * @return Chain of required xss functions. */ @Nonnull default Function<String, String> xss(final String... xss) { Map<String, Function<String, String>> fn = xss(); BinaryOperator<Function<String, String>> reduce = Function::andThen; return Arrays.asList(xss) .stream() .map(fn::get) .filter(Objects::nonNull) .reduce(Function.identity(), reduce); }
private Function<String, String> xss(final String... xss) { return require(Env.class).xss(xss); }
@SuppressWarnings({"rawtypes", "unchecked"}) @Override public Object exec(final List arguments) throws TemplateModelException { List<String> args = (List<String>) arguments.stream() .map(it -> Try.apply(() -> ((TemplateScalarModel) it).getAsString()).get()) .collect(Collectors.toList()); String[] xss = args.subList(1, args.size()) .toArray(new String[arguments.size() - 1]); return env.xss(xss).apply(args.get(0)); }
String[] xss = new String[opts.params.length]; System.arraycopy(opts.params, 0, xss, 0, opts.params.length); return new Handlebars.SafeString(env.xss(xss).apply(value.toString())); });