zio.http.internal.OutputEncoder.scala Maven / Gradle / Ivy
/*
* Copyright 2021 - 2023 Sporta Technologies PVT LTD & the ZIO HTTP contributors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package zio.http.internal
import scala.collection.mutable
private[http] object OutputEncoder {
private val `&` = "&"
private val `<` = "<"
private val `>` = ">"
private val `"` = """
private val `'` = "'"
/**
* Encode HTML characters that can cause XSS, according to OWASP
* specification:
* https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#output-encoding-rules-summary
*
* Specification: Convert & to &, Convert < to <, Convert > to >,
* Convert " to ", Convert ' to '
*
* Only use this function to encode characters inside HTML context:
* output `&`
case '<' => `<`
case '>' => `>`
case '"' => `"`
case '\'' => `'`
case _ @char => char.toString
}
}