org.apache.sling.xss

Interface XSSFilter

All Known Implementing Classes:

XSSFilterImpl

public interface XSSFilter

This service should be used to protect output against potential XSS attacks. The protection is context based.

Field Summary

Fields

Modifier and Type	Field and Description
static ProtectionContext	DEFAULT_CONTEXT Default context.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	check(ProtectionContext context, String src) Indicates whether or not a given source string contains XSS policy violations.
String	filter(ProtectionContext context, String src) Protects the given source string from containing XSS stuff.
String	filter(String src) Prevents the given source string from containing XSS stuff.

Field Detail

DEFAULT_CONTEXT

static final ProtectionContext DEFAULT_CONTEXT

Default context.

Method Detail

check

boolean check(ProtectionContext context,
            String src)

Indicates whether or not a given source string contains XSS policy violations.

Parameters:

context - context to use for checking

src - source string

Returns:

true if the source is violation-free

Throws:

NullPointerException - if context is null

filter

String filter(String src)

Prevents the given source string from containing XSS stuff.

The default protection context is used for checking.

Parameters:

src - source string

Returns:

string that does not contain XSS stuff

filter

String filter(ProtectionContext context,
            String src)

Protects the given source string from containing XSS stuff.

Parameters:

context - context to use for checking

src - source string

Returns:

string that does not contain XSS stuff

Throws:

NullPointerException - if context is null