org.owasp.encoder.Encode类的使用及代码示例

x33g5p2x  于2022-01-19 转载在 其他  
字(13.1k)|赞(0)|评价(0)|浏览(239)

本文整理了Java中org.owasp.encoder.Encode类的一些代码示例,展示了Encode类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Encode类的具体详情如下:
包路径:org.owasp.encoder.Encode
类名称:Encode

Encode介绍

[英]Encode -- fluent interface for contextual encoding. Example usage in a JSP:

<input value="<%=Encode.forHtml(value)%>" />

There are two versions of each contextual encoding method. The first takes a String argument and returns the encoded version as a String. The second version writes the encoded version directly to a Writer.

Please make sure to read and understand the context that the method encodes for. Encoding for the incorrect context will likely lead to exposing a cross-site scripting vulnerability.
[中]Encode——用于上下文编码的流畅接口。JSP中的示例用法:

<input value="<%=Encode.forHtml(value)%>" />

每个上下文编码方法有两个版本。第一个接受一个字符串参数,并以字符串形式返回编码版本。第二个版本将编码版本直接写入写入程序。
请确保阅读并理解该方法编码的上下文。对不正确的上下文进行编码可能会导致暴露跨站点脚本漏洞。

代码示例

代码示例来源:origin: pentaho/pentaho-kettle

@Test
@PrepareForTest( { Encode.class } )
public void testCleanupTransServletEscapesHtmlWhenTransNotFound() throws ServletException, IOException {
 HttpServletRequest mockHttpServletRequest = mock( HttpServletRequest.class );
 HttpServletResponse mockHttpServletResponse = mock( HttpServletResponse.class );
 StringWriter out = new StringWriter();
 PrintWriter printWriter = new PrintWriter( out );
 PowerMockito.spy( Encode.class );
 when( mockHttpServletRequest.getContextPath() ).thenReturn( CleanupTransServlet.CONTEXT_PATH );
 when( mockHttpServletRequest.getParameter( anyString() ) ).thenReturn( ServletTestUtils.BAD_STRING_TO_TEST );
 when( mockHttpServletResponse.getWriter() ).thenReturn( printWriter );
 cleanupTransServlet.doGet( mockHttpServletRequest, mockHttpServletResponse );
 assertFalse( ServletTestUtils.hasBadText( ServletTestUtils.getInsideOfTag( "H1", out.toString() ) ) );
 PowerMockito.verifyStatic( atLeastOnce() );
 Encode.forHtml( anyString() );
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forHtmlAttribute(String)
 */
public static String forHtmlAttribute(String input) {
  return Encode.forHtmlAttribute(input);
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forXml(String)
 */
public static String forXml(String input) {
  return Encode.forXml(input);
}

代码示例来源:origin: pentaho/pentaho-kettle

value.append( Encode.forXml( tag ) );
 value.append( " " ).append( Encode.forXml( attributes[i] ) ).append( "=\"" ).append(
  Encode.forXmlAttribute( attributes[i + 1] ) ).append( "\" " );
 value.append( Encode.forXml( val ) );
 value.append( Encode.forXml( tag ) );
 value.append( '>' );
} else {

代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.oauth.ui

throws ServletException, IOException {
String requestType = req.getPathInfo();
Parameters params = populateOauthConsumerData(req);
Parameters token = null;
    PrintWriter out = resp.getWriter();
    token = client.getOauthRequestToken(params);
    oauthToken = token.getOauthToken();
    oauthTokenSecret = token.getOauthTokenSecret();
    oauthCallbackConfirmed = "true";
    reqToken = OAuthConstants.OAUTH_TOKEN + "=" + Encode.forUriComponent(oauthToken) + "&"
        + OAuthConstants.OAUTH_TOKEN_SECRET + "=" + Encode.forUriComponent(oauthTokenSecret) + "&"
        + OAuthConstants.OAUTH_CALLBACK_CONFIRMED + "=" + Encode.forUriComponent(oauthCallbackConfirmed);
    out.write(reqToken);
    out.close();
    resp.setStatus(200);
  } else if (requestType.indexOf(OAuthConstants.OAuth10AEndpoints.AUTHORIZE_TOKEN_URL) > -1) {
    PrintWriter out = resp.getWriter();
    token = client.getAccessToken(params);
    accessToken = OAuthConstants.OAUTH_TOKEN + "=" + Encode.forUriComponent(token.getOauthToken()) + "&"
        + OAuthConstants.OAUTH_TOKEN_SECRET + "=" + Encode.forUriComponent(token.getOauthTokenSecret());
    out.write(accessToken);
    out.close();
    resp.setStatus(200);

代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.sso.saml

resp.setContentType("text/html; charset=UTF-8");
if (IdentitySAMLSSOServiceComponent.getSsoRedirectHtml() != null) {
  String htmlPage = IdentitySAMLSSOServiceComponent.getSsoRedirectHtml();
  String pageWithAcs = htmlPage.replace("$acUrl", acUrl);
  String pageWithAcsResponse = pageWithAcs.replace("<!--$params-->", "<!--$params-->\n" + "<input type='hidden' name='SAMLResponse' value='" + Encode.forHtmlAttribute(response) + "'>");
  String pageWithAcsResponseRelay = pageWithAcsResponse;
    pageWithAcsResponseRelay = pageWithAcsResponse.replace("<!--$params-->", "<!--$params-->\n" + "<input type='hidden' name='RelayState' value='" + Encode.forHtmlAttribute(relayState)+ "'>");
        "<!--$additionalParams-->",
        "<input type='hidden' name='AuthenticatedIdPs' value='"
            + Encode.forHtmlAttribute(authenticatedIdPs) + "'>");
  PrintWriter out = resp.getWriter();
  out.println("<html>");
  out.println("<body>");
  out.println("<p>You are now redirected back to " + Encode.forHtmlContent(acUrl));
  out.println(" If the redirection fails, please click the post button.</p>");
  out.println("<form method='post' action='" + Encode.forHtmlAttribute(acUrl) + "'>");
  out.println("<p>");
  out.println("<input type='hidden' name='SAMLResponse' value='" + Encode.forHtmlAttribute(response) + "'>");
    out.println("<input type='hidden' name='RelayState' value='" + Encode.forHtmlAttribute(relayState) + "'>");
    out.println("<input type='hidden' name='AuthenticatedIdPs' value='" +
        Encode.forHtmlAttribute(authenticatedIdPs) + "'>");

代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.sts/org.wso2.carbon.identity.sts.passive.ui

String pageWithReply = htmlPage.replace("$url", String.valueOf(respToken.getReplyTo()));
String pageWithReplyAction = pageWithReply.replace("$action", Encode.forHtmlAttribute(String.valueOf(action)));
String pageWithReplyActionResult = pageWithReplyAction.replace("$result",
    Encode.forHtmlAttribute(String.valueOf(respToken.getResults())));
String pageWithReplyActionResultContext;
if (respToken.getContext() != null) {
      PassiveRequestorConstants.PASSIVE_ADDITIONAL_PARAMETER,
      PassiveRequestorConstants.PASSIVE_ADDITIONAL_PARAMETER + "<input type='hidden' name='wctx' value='"
          + Encode.forHtmlAttribute(respToken.getContext()) + "'>");
} else {
  pageWithReplyActionResultContext = pageWithReplyActionResult;
  finalPage = pageWithReplyActionResultContext.replace(PassiveRequestorConstants.PASSIVE_ADDITIONAL_PARAMETER,
      "<input type='hidden' name='AuthenticatedIdPs' value='" +
          Encode.forHtmlAttribute(authenticatedIdPs) + "'>");
httpResp.setContentType("text/html; charset=UTF-8");
PrintWriter out = httpResp.getWriter();
out.print(finalPage);

代码示例来源:origin: pentaho/pentaho-kettle

protected void beginHtml( HttpServletResponse response, PrintWriter out ) throws IOException {
 response.setContentType( "text/html;charset=UTF-8" );
 out.println( "<HTML>" );
 out.println( "<HEAD>" );
 out.println( "<TITLE>" );
 out.println( Encode.forHtml( getTitle() ) );
 out.println( "</TITLE>" );
 out.println( "<META http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">" );
 out.println( "</HEAD>" );
 out.println( "<BODY>" );
}

代码示例来源:origin: org.wso2.carbon.registry/org.wso2.carbon.registry.resource.ui

public static String process(
      HttpServletRequest request, HttpServletResponse response, ServletConfig config)
      throws Exception {

    String resourcePath = request.getParameter("resourcePath");
    String description = request.getParameter("description");
    description = Encode.forHtmlContent(description);

    description = description.replaceAll("<br>", "\n");
    String cookie = (String) request.
        getSession().getAttribute(ServerConstants.ADMIN_SERVICE_COOKIE);

    ResourceServiceClient client =
        new ResourceServiceClient(cookie, config, request.getSession());
    client.setDescription(resourcePath, description);

    return description;
  }
}

代码示例来源:origin: org.wso2.carbon.registry/org.wso2.carbon.registry.resource.ui

public static String process(HttpServletRequest request, HttpServletResponse response,
               ServletConfig config, String resourcePath, String parentId)
    throws UIException {
  String cookie = (String) request.
      getSession().getAttribute(ServerConstants.ADMIN_SERVICE_COOKIE);
  ResourceServiceClient client;
  try {
    client = new ResourceServiceClient(cookie, config, request.getSession());
  } catch (Exception e) {
    String msg = "Failed to initialize the resource service client " +
        "to get resource tree data. " + e.getMessage();
    log.error(msg, e);
    throw new UIException(msg, e);
  }
  String textBoxId = Encode.forJavaScript(request.getParameter("textBoxId"));
  try {
    ResourceTreeData resourceTreeData = new ResourceTreeData();
    fillSubResourceTree(resourcePath, resourceTreeData, client,textBoxId, parentId,
        request.getParameter("hideResources") != null);
    String displayHTML = "";
    displayHTML += resourceTreeData.getResourceTree();
    return displayHTML;
  } catch (RegistryException e) {
    String msg = "Failed to generate the resource tree for the resource " +
        resourcePath + ". " + e.getMessage();
    log.error(msg, e);
    throw new UIException(msg, e);
  }
}

代码示例来源:origin: com.strategicgains/Syntaxe

@Override
  public String encode(String input)
  {
    return Encode.forHtml(Encode.forJavaScript(input));
  }
}

代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.saml.cloud/org.wso2.carbon.identity.sso.saml.cloud

private String getPostHtml(String acUrl, String relayState, SAMLLogoutResponse logoutResponse) {
  StringBuilder out = new StringBuilder();
  out.append("<html>");
  out.append("<body>");
  out.append("<p>You are now redirected back to " + Encode.forHtmlContent(acUrl));
  out.append(" If the redirection fails, please click the post button.</p>");
  out.append("<form method='post' action='" + Encode.forHtmlAttribute(acUrl) + "'>");
  out.append("<p>");
  out.append("<input type='hidden' name='SAMLResponse' value='" +
        Encode.forHtmlAttribute(logoutResponse.getRespString()) + "'>");
  if (relayState != null) {
    out.append("<input type='hidden' name='RelayState' value='" + Encode.forHtmlAttribute(relayState) +
          "'>");
  }
  out.append("<button type='submit'>POST</button>");
  out.append("</p>");
  out.append("</form>");
  out.append("<script type='text/javascript'>");
  out.append("document.forms[0].submit();");
  out.append("</script>");
  out.append("</body>");
  out.append("</html>");
  return out.toString();
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forXmlAttribute(String)
 */
public static String forXmlAttribute(String input) {
  return Encode.forXmlAttribute(input);
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forJava(String)
 */
public static String forJava(String input) {
  return Encode.forJava(input);
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forJavaScript(String)
 */
public static String forJavaScript(String input) {
  return Encode.forJavaScript(input);
}

代码示例来源:origin: networknt/light

eventData.putAll((Map<String, Object>) inputMap.get("data"));
if(eventData.get("title") != null) {
  eventData.put("title", Encode.forJavaScriptSource((String)eventData.get("title")));
  eventData.put("originalAuthor", Encode.forJavaScriptSource((String)eventData.get("originalAuthor")));
  eventData.put("originalSite", Encode.forJavaScriptSource((String)eventData.get("originalSite")));
  eventData.put("originalUrl", Encode.forUriComponent((String)eventData.get("originalUrl")));

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forJavaScriptSource(String)
 */
public static String forJavaScriptSource(String input) {
  return Encode.forJavaScriptSource(input);
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forHtmlContent(String)
 */
public static String forHtmlContent(String input) {
  return Encode.forHtmlContent(input);
}

代码示例来源:origin: primefaces/primefaces

/**
 * @see Encode#forUriComponent(String)
 */
public static String forUriComponent(String input) {
  return Encode.forUriComponent(input);
}

代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.sts.passive.ui

String pageWithReply = htmlPage.replace("$url", String.valueOf(respToken.getReplyTo()));
String pageWithReplyAction = pageWithReply.replace("$action", Encode.forHtmlAttribute(String.valueOf(action)));
String pageWithReplyActionResult = pageWithReplyAction.replace("$result",
    Encode.forHtmlAttribute(String.valueOf(respToken.getResults())));
String pageWithReplyActionResultContext;
if (respToken.getContext() != null) {
      PassiveRequestorConstants.PASSIVE_ADDITIONAL_PARAMETER,
      PassiveRequestorConstants.PASSIVE_ADDITIONAL_PARAMETER + "<input type='hidden' name='wctx' value='"
          + Encode.forHtmlAttribute(respToken.getContext()) + "'>");
} else {
  pageWithReplyActionResultContext = pageWithReplyActionResult;
  finalPage = pageWithReplyActionResultContext.replace(PassiveRequestorConstants.PASSIVE_ADDITIONAL_PARAMETER,
      "<input type='hidden' name='AuthenticatedIdPs' value='" +
          Encode.forHtmlAttribute(authenticatedIdPs) + "'>");
httpResp.setContentType("text/html; charset=UTF-8");
PrintWriter out = httpResp.getWriter();
out.print(finalPage);

内容来源于网络,如有侵权,请联系作者删除!

Encode

相关文章

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com