Package org.apache.ofbiz.base.util
Class UtilCodec
java.lang.Object
org.apache.ofbiz.base.util.UtilCodec
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
static class
A simple Map wrapper class that will do HTML encoding.static class
static interface
static interface
static class
static class
static class
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
canonicalize
(String value) static String
canonicalize
(String value, boolean strict) static String
canonicalize
(String input, boolean restrictMultiple, boolean restrictMixed) static String
checkStringForHtmlSafe
(String valueName, String value, List<String> errorMessageList, Locale locale, boolean enableSanitizer) This method check if the input is safe HTML.static String
checkStringForHtmlStrictNone
(String valueName, String value, List<String> errorMessageList, Locale locale) Uses a black-list approach for necessary characters for HTML.static UtilCodec.SimpleDecoder
getDecoder
(String type) static UtilCodec.SimpleEncoder
getEncoder
(String type)
-
Constructor Details
-
UtilCodec
public UtilCodec()
-
-
Method Details
-
getEncoder
-
getDecoder
-
canonicalize
- Throws:
UtilCodec.IntrusionException
-
canonicalize
- Throws:
UtilCodec.IntrusionException
-
canonicalize
-
checkStringForHtmlStrictNone
public static String checkStringForHtmlStrictNone(String valueName, String value, List<String> errorMessageList, Locale locale) Uses a black-list approach for necessary characters for HTML. Does not allow various characters (after canonicalization), including "<", ">", "&" and "%" (if not followed by a space). Also does not allow js events as in OFBIZ-10054- Parameters:
valueName
- field name checkedvalue
- value checkederrorMessageList
- an empty list passed by and modified in case of issueslocale
-
-
checkStringForHtmlSafe
public static String checkStringForHtmlSafe(String valueName, String value, List<String> errorMessageList, Locale locale, boolean enableSanitizer) This method check if the input is safe HTML. It is possible to configure a safe policy using the properties "sanitizer.safe.policy" and "sanitizer.custom.safe.policy.class". The safe policy has to implementSanitizerCustomPolicy
.- Parameters:
valueName
- field name checkedvalue
- value checkederrorMessageList
- an empty list passed by and modified in case of issueslocale
-
-