com.googlecode.fascinator.portal.services

Class OwaspSanitizer

java.lang.Object

com.googlecode.fascinator.portal.services.OwaspSanitizer

public class OwaspSanitizer
extends java.lang.Object

Author:

Matt Mulholland

Field Summary

Fields

Modifier and Type	Field and Description
static org.json.simple.JSONArray	whitelist

Constructor Summary

Constructors

Constructor and Description
OwaspSanitizer()

Method Summary

Methods

Modifier and Type	Method and Description
static java.lang.String	escapeHtml(java.lang.String value)
static org.owasp.html.PolicyFactory	getDefaultPolicy() convenience method for building on default policy
static java.lang.String	sanitizeCustomHtml(java.lang.String value, org.owasp.html.PolicyFactory sanitizer)
static java.lang.String	sanitizeHtml(java.lang.String field, java.lang.String value) a basic sanitizer with default whitelist sanitizers
static void	sanitizeMapNumberedField(java.util.Map<java.lang.String,java.lang.Object> map, java.lang.String subKey)
static void	sanitizeTfPackage(com.googlecode.fascinator.common.JsonSimple tfpackage)
static void	sanitizeTfPackageField(com.googlecode.fascinator.common.JsonSimple tfpackage, java.lang.String baseKey)
static void	sanitizeTfPackageNumberedField(com.googlecode.fascinator.common.JsonSimple tfpackage, java.lang.String baseKey, java.lang.String suffixKey)
static void	sanitizeTfPackageNumberedFieldAndShadow(com.googlecode.fascinator.common.JsonSimple tfpackage, java.lang.String baseKey, java.lang.String suffixKey, java.lang.String suffixShadowKey) tfpackage numbered description text also has escaped value: shadow that needs to be handled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

whitelist

public static final org.json.simple.JSONArray whitelist

Constructor Detail

OwaspSanitizer

public OwaspSanitizer()

Method Detail

sanitizeTfPackage

public static void sanitizeTfPackage(com.googlecode.fascinator.common.JsonSimple tfpackage)

sanitizeTfPackageField

public static void sanitizeTfPackageField(com.googlecode.fascinator.common.JsonSimple tfpackage,
                          java.lang.String baseKey)

sanitizeTfPackageNumberedFieldAndShadow

public static void sanitizeTfPackageNumberedFieldAndShadow(com.googlecode.fascinator.common.JsonSimple tfpackage,
                                           java.lang.String baseKey,
                                           java.lang.String suffixKey,
                                           java.lang.String suffixShadowKey)

tfpackage numbered description text also has escaped value: shadow that needs to be handled

sanitizeTfPackageNumberedField

public static void sanitizeTfPackageNumberedField(com.googlecode.fascinator.common.JsonSimple tfpackage,
                                  java.lang.String baseKey,
                                  java.lang.String suffixKey)

sanitizeMapNumberedField

public static void sanitizeMapNumberedField(java.util.Map<java.lang.String,java.lang.Object> map,
                            java.lang.String subKey)

escapeHtml

public static java.lang.String escapeHtml(java.lang.String value)

sanitizeHtml

public static java.lang.String sanitizeHtml(java.lang.String field,
                            java.lang.String value)

a basic sanitizer with default whitelist sanitizers

sanitizeCustomHtml

public static java.lang.String sanitizeCustomHtml(java.lang.String value,
                                  org.owasp.html.PolicyFactory sanitizer)

getDefaultPolicy

public static org.owasp.html.PolicyFactory getDefaultPolicy()

convenience method for building on default policy