Package org.apache.ofbiz.base.util
Class UtilCodec
java.lang.Object
org.apache.ofbiz.base.util.UtilCodec
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
static class
A simple Map wrapper class that will do HTML encoding.static class
static interface
static interface
static class
static class
static class
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
canonicalize
(String value) static String
checkStringForHtmlSafe
(String valueName, String value, List<String> errorMessageList, Locale locale, boolean enableSanitizer) This method check if the input is safe HTML.static String
checkStringForHtmlStrictNone
(String valueName, String value, List<String> errorMessageList, Locale locale) Uses a black-list approach for necessary characters for HTML.static UtilCodec.SimpleDecoder
getDecoder
(String type) static UtilCodec.SimpleEncoder
getEncoder
(String type)
-
Constructor Details
-
UtilCodec
public UtilCodec()
-
-
Method Details
-
getEncoder
-
getDecoder
-
canonicalize
- Throws:
UtilCodec.IntrusionException
-
checkStringForHtmlStrictNone
public static String checkStringForHtmlStrictNone(String valueName, String value, List<String> errorMessageList, Locale locale) Uses a black-list approach for necessary characters for HTML. Does not allow various characters (after canonicalization), including "<", ">", "&" and "%" (if not followed by a space). Also does not allow js events as in OFBIZ-10054- Parameters:
valueName
- field name checkedvalue
- value checkederrorMessageList
- an empty list passed by and modified in case of issueslocale
-
-
checkStringForHtmlSafe
public static String checkStringForHtmlSafe(String valueName, String value, List<String> errorMessageList, Locale locale, boolean enableSanitizer) This method check if the input is safe HTML. It is possible to configure a safe policy using the properties "sanitizer.safe.policy" and "sanitizer.custom.safe.policy.class". The safe policy has to implementSanitizerCustomPolicy
.- Parameters:
valueName
- field name checkedvalue
- value checkederrorMessageList
- an empty list passed by and modified in case of issueslocale
-
-