All Downloads are FREE. Search and download functionalities are using the official Maven repository.

zio.http.internal.OutputEncoder.scala Maven / Gradle / Ivy

/*
 * Copyright 2021 - 2023 Sporta Technologies PVT LTD & the ZIO HTTP contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package zio.http.internal

import scala.collection.mutable

private[http] object OutputEncoder {
  private val `&` = "&"
  private val `<` = "<"
  private val `>` = ">"
  private val `"` = """
  private val `'` = "'"

  /**
   * Encode HTML characters that can cause XSS, according to OWASP
   * specification:
   * https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary
   *
   * Specification: Convert & to &, Convert < to <, Convert > to >,
   * Convert " to ", Convert ' to '
   *
   * Only use this function to encode characters inside HTML context:
   * output `&`
    case '<'     => `<`
    case '>'     => `>`
    case '"'     => `"`
    case '\''    => `'`
    case _ @char => char.toString
  }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy