Package org.apache.ofbiz.base.util
Class UtilCodec
java.lang.Object
org.apache.ofbiz.base.util.UtilCodec
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
static class
A simple Map wrapper class that will do HTML encoding.static class
static interface
static interface
static class
static class
static class
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
canonicalize
(String value) static String
checkStringForHtmlSafe
(String valueName, String value, List<String> errorMessageList, Locale locale, boolean enableSanitizer) This method check if the input is safe HTML.static String
checkStringForHtmlStrictNone
(String valueName, String value, List<String> errorMessageList, Locale locale) Uses a black-list approach for necessary characters for HTML.static String
Generic function to easily call url encoding with OFBiz rulesstatic String
Check if an escapeUrlEncode is present in the context, to escape url encoding in a specific case This is necessary if the url is sent to another encoding tool.static UtilCodec.SimpleDecoder
getDecoder
(String type) static UtilCodec.SimpleEncoder
getEncoder
(String type)
-
Constructor Details
-
UtilCodec
public UtilCodec()
-
-
Method Details
-
getEncoder
-
getDecoder
-
canonicalize
- Throws:
UtilCodec.IntrusionException
-
encodeUrl
Generic function to easily call url encoding with OFBiz rules- Parameters:
queryString
-- Returns:
- encoding url with OFBiz rule
-
encodeUrl
Check if an escapeUrlEncode is present in the context, to escape url encoding in a specific case This is necessary if the url is sent to another encoding tool.- Parameters:
queryString
-context
-- Returns:
- encoding url with OFBiz rule
-
checkStringForHtmlStrictNone
public static String checkStringForHtmlStrictNone(String valueName, String value, List<String> errorMessageList, Locale locale) Uses a black-list approach for necessary characters for HTML. Does not allow various characters (after canonicalization), including "<", ">", "&" and "%" (if not followed by a space). Also does not allow js events as in OFBIZ-10054- Parameters:
valueName
- field name checkedvalue
- value checkederrorMessageList
- an empty list passed by and modified in case of issueslocale
-
-
checkStringForHtmlSafe
public static String checkStringForHtmlSafe(String valueName, String value, List<String> errorMessageList, Locale locale, boolean enableSanitizer) This method check if the input is safe HTML. It is possible to configure a safe policy using the properties "sanitizer.safe.policy" and "sanitizer.custom.safe.policy.class". The safe policy has to implementSanitizerCustomPolicy
.- Parameters:
valueName
- field name checkedvalue
- value checkederrorMessageList
- an empty list passed by and modified in case of issueslocale
-
-