All Downloads are FREE. Search and download functionalities are using the official Maven repository.

META-INF.java-encoder-advanced.tld Maven / Gradle / Ivy

Go to download

The OWASP Encoder JSP package contains JSP tag definitions and TLDs to allow easy use of the OWASP Encoder Project's core API. The TLDs contain both tag definitions and JSP EL functions.

The newest version!


    OWASP Java Encoder Project
    1.0
    java-encoder
    https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#advanced
    
        
            Encodes data for an XML CDATA section.  On the chance that the input
            contains a terminating
            "]]>", it will be replaced by
            "]]>]]<![CDATA[>".
            As with all XML contexts, characters that are invalid according to the
            XML specification will be replaced by a space character.  Caller must
            provide the CDATA section boundaries.
        
        forCDATA
        forCDATA
        org.owasp.encoder.tag.ForCDATATag
        empty
        
            The value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			This method encodes for HTML text content.  It does not escape
			quotation characters and is thus unsafe for use with
			HTML attributes.  Use either forHtml or forHtmlAttribute for those
			methods.
        
        forHtmlContent
        forHtmlContent
        org.owasp.encoder.tag.ForHtmlContentTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        Encodes for XML and XHTML attribute content.
        forXmlAttribute
        forXmlAttribute
        org.owasp.encoder.tag.ForXmlAttributeTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        Encodes for XML and XHTML.
        forXml
        forXml
        org.owasp.encoder.tag.ForXmlTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for a JavaScript string.  It is safe for use in HTML
			script attributes (such as onclick), script
			blocks, JSON files, and JavaScript source.  The caller MUST
			provide the surrounding quotation characters for the string.
			Since this performs additional encoding so it can work in all
			of the JavaScript contexts listed, it may be slightly less
			efficient then using one of the methods targetted to a specific
			JavaScript context: forJavaScriptAttribute,
			forJavaScriptBlock, or forJavaScriptSource.

			Unless you are interested in saving a few bytes of output or
			are writing a framework on top of this library, it is recommend
			that you use this method over the others.
        
        forJavaScript
        forJavaScript
        org.owasp.encoder.tag.ForJavaScriptTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			This method encodes for JavaScript strings contained within
			HTML script attributes (such as onclick).  It is
			NOT safe for use in script blocks.  The caller MUST provide the
			surrounding quotation characters.  This method performs the
			same encode as Encode.forJavaScript(String) with the
			exception that / is not escaped.
        
        forJavaScriptAttribute
        forJavaScriptAttribute
        org.owasp.encoder.tag.ForJavaScriptAttributeTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			This method encodes for JavaScript strings contained within
			HTML script blocks.  It is NOT safe for use in script
			attributes (such as onclick).  The caller must
			provide the surrounding quotation characters.  This method
			performs the same encode as Encode.forJavaScript(String)} with
			the exception that " and ' are encoded as \" and \' respectively.
        
        forJavaScriptBlock
        forJavaScriptBlock
        org.owasp.encoder.tag.ForJavaScriptBlockTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			This method encodes for JavaScript strings contained within
			a JavaScript or JSON file. This method is NOT safe for
			use in ANY context embedded in HTML. The caller must
			provide the surrounding quotation characters.  This method
			performs the same encode as Encode.forJavaScript(String) with
			the exception that / and & are not escaped and " and ' are
			encoded as \" and \' respectively.
        
        forJavaScriptSource
        forJavaScriptSource
        org.owasp.encoder.tag.ForJavaScriptSourceTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for unquoted HTML attribute values. forHtml(String) or
			forHtmlAttribute(String) should usually be preferred over this
			method as quoted attributes are XHTML compliant.
        
        forHtmlUnquotedAttribute
        forHtmlUnquotedAttribute
        org.owasp.encoder.tag.ForHtmlUnquotedAttributeTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Performs percent-encoding of a URL according to RFC 3986.  The provided
			URL is assumed to a valid URL.  This method does not do any checking on
			the quality or safety of the URL itself.  In many applications it may
			be better to use java.net.URI instead.  Note: this is a
			particularly dangerous context to put untrusted content in, as for
			example a "javascript:" URL provided by a malicious user would be
			"properly" escaped, and still execute.
        
        forUri
        forUri
        org.owasp.encoder.tag.ForUriTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for CSS URL contexts. The context must be surrounded by "url()".  It
			is safe for use in both style blocks and attributes in HTML. Note: this does
			not do any checking on the quality or safety of the URL itself.  The caller
			should insure that the URL is safe for embedding (e.g. input validation) by
			other means.
        
        forCssUrl
        forCssUrl
        org.owasp.encoder.tag.ForCssUrlTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encoder for XML comments. NOT FOR USE WITH (X)HTML CONTEXTS.
			(X)HTML comments may be interpreted by browsers as something
			other than a comment, typically in vendor specific extensions
			(e.g. <--if[IE]-->.
			For (X)HTML it is recommend that unsafe content never be included
			in a comment.
        
        forXmlComment
        forXmlComment
        org.owasp.encoder.tag.ForXmlCommentTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        Encodes for HTML text attributes.
        forHtmlAttribute
        forHtmlAttribute
        org.owasp.encoder.tag.ForHtmlAttributeTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for (X)HTML text content and text attributes.
        
        forHtml
        forHtml
        org.owasp.encoder.tag.ForHtmlTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for HTML text content.  It does not escape
			quotation characters and is thus unsafe for use with
			HTML attributes.  Use either forHtml or forHtmlAttribute for those
			methods.
        
        forXmlContent
        forXmlContent
        org.owasp.encoder.tag.ForXmlContentTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Performs percent-encoding for a component of a URI, such as a query
			parameter name or value, path or query-string.  In particular this
			method insures that special characters in the component do not get
			interpreted as part of another component.
        
        forUriComponent
        forUriComponent
        org.owasp.encoder.tag.ForUriComponentTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for CSS strings. The context must be surrounded by quotation characters.
			It is safe for use in both style blocks and attributes in HTML.
        
        forCssString
        forCssString
        org.owasp.encoder.tag.ForCssStringTag
        empty
        
            value to be written out
            value
            true
            true
            java.lang.String
        
    
    
        
			Encodes for (X)HTML text content and text attributes.
        
        forHtml
        forHtml
        org.owasp.encoder.Encode
        java.lang.String forHtml(java.lang.String)
        forHtml(unsafeData)
    
    
        
			This method encodes for HTML text content.  It does not escape
			quotation characters and is thus unsafe for use with
			HTML attributes.  Use either forHtml or forHtmlAttribute for those
			methods.
        
        forHtmlContent
        forHtmlContent
        org.owasp.encoder.Encode
        java.lang.String forHtmlContent(java.lang.String)
        forHtmlContent(unsafeData)
    
    
        Encodes for HTML text attributes.
        forHtmlAttribute
        org.owasp.encoder.Encode
        java.lang.String forHtmlAttribute(java.lang.String)
        forHtmlAttribute(unsafeData)
    
    
        
			Encodes for unquoted HTML attribute values. forHtml(String) or
			forHtmlAttribute(String) should usually be preferred over this
			method as quoted attributes are XHTML compliant.
        
        forHtmlUnquotedAttribute
        forHtmlUnquotedAttribute
        org.owasp.encoder.Encode
        java.lang.String forHtmlUnquotedAttribute(java.lang.String)
        forHtmlUnquotedAttribute(unsafeData)
    
    
        
			Encodes for CSS strings. The context must be surrounded by quotation characters.
			It is safe for use in both style blocks and attributes in HTML.
        
        forCssString
        forCssString
        org.owasp.encoder.Encode
        java.lang.String forCssString(java.lang.String)
        forCssString(unsafeData)
    
    
        
			Encodes for CSS URL contexts. The context must be surrounded by "url()".  It
			is safe for use in both style blocks and attributes in HTML. Note: this does
			not do any checking on the quality or safety of the URL itself.  The caller
			should insure that the URL is safe for embedding (e.g. input validation) by
			other means.
        
        forCssUrl
        forCssUrl
        org.owasp.encoder.Encode
        java.lang.String forCssUrl(java.lang.String)
        forCssUrl(unsafeData)
    
    
        
			Performs percent-encoding of a URL according to RFC 3986.  The provided
			URL is assumed to a valid URL.  This method does not do any checking on
			the quality or safety of the URL itself.  In many applications it may
			be better to use java.net.URI instead.  Note: this is a
			particularly dangerous context to put untrusted content in, as for
			example a "javascript:" URL provided by a malicious user would be
			"properly" escaped, and still execute.
        
        forUri
        forUri
        org.owasp.encoder.Encode
        java.lang.String forUri(java.lang.String)
        forUri(unsafeData)
    
    
        
			Performs percent-encoding for a component of a URI, such as a query
			parameter name or value, path or query-string.  In particular this
			method insures that special characters in the component do not get
			interpreted as part of another component.
        
        forUriComponent
        forUriComponent
        org.owasp.encoder.Encode
        java.lang.String forUriComponent(java.lang.String)
        forUriComponent(unsafeData)
    
    
        Encodes for XML and XHTML.
        forXml
        forXml
        org.owasp.encoder.Encode
        java.lang.String forXml(java.lang.String)
        forXml(unsafeData)
    
    
        
			Encodes for HTML text content.  It does not escape
			quotation characters and is thus unsafe for use with
			HTML attributes.  Use either forHtml or forHtmlAttribute for those
			methods.
        
        forXmlContent
        forXmlContent
        org.owasp.encoder.Encode
        java.lang.String forXmlContent(java.lang.String)
        forXmlContent(unsafeData)
    
    
        Encodes for XML and XHTML attribute content.
        forXmlAttribute
        forXmlAttribute
        org.owasp.encoder.Encode
        java.lang.String forXmlAttribute(java.lang.String)
        forXmlAttribute(unsafeData)
    
    
        
			Encoder for XML comments. NOT FOR USE WITH (X)HTML CONTEXTS.
			(X)HTML comments may be interpreted by browsers as something
			other than a comment, typically in vendor specific extensions
			(e.g. <--if[IE]-->.
			For (X)HTML it is recommend that unsafe content never be included
			in a comment.
        
        forXmlComment
        org.owasp.encoder.Encode
        java.lang.String forXmlComment(java.lang.String)
        forXmlComment(unsafeData)
    
    
        
            Encodes data for an XML CDATA section.  On the chance that the input
            contains a terminating
            "]]>", it will be replaced by
            "]]>]]<![CDATA[>".
            As with all XML contexts, characters that are invalid according to the
            XML specification will be replaced by a space character.  Caller must
            provide the CDATA section boundaries.
        
        forCDATA
        forCDATA
        org.owasp.encoder.Encode
        java.lang.String forCDATA(java.lang.String)
        forCDATA(unsafeData)
    
    
        
			Encodes for a JavaScript string.  It is safe for use in HTML
			script attributes (such as onclick), script
			blocks, JSON files, and JavaScript source.  The caller MUST
			provide the surrounding quotation characters for the string.
			Since this performs additional encoding so it can work in all
			of the JavaScript contexts listed, it may be slightly less
			efficient then using one of the methods targetted to a specific
			JavaScript context: forJavaScriptAttribute,
			forJavaScriptBlock, or forJavaScriptSource.

			Unless you are interested in saving a few bytes of output or
			are writing a framework on top of this library, it is recommend
			that you use this method over the others.
        
        forJavaScript
        forJavaScript
        org.owasp.encoder.Encode
        java.lang.String forJavaScript(java.lang.String)
        forJavaScript(unsafeData)
    
    
        
			This method encodes for JavaScript strings contained within
			HTML script attributes (such as onclick).  It is
			NOT safe for use in script blocks.  The caller MUST provide the
			surrounding quotation characters.  This method performs the
			same encode as Encode.forJavaScript(String) with the
			exception that / is not escaped.
        
        forJavaScriptAttribute
        forJavaScriptAttribute
        org.owasp.encoder.Encode
        java.lang.String forJavaScriptAttribute(java.lang.String)
        forJavaScriptAttribute(unsafeData)
    
    
        
			This method encodes for JavaScript strings contained within
			HTML script blocks.  It is NOT safe for use in script
			attributes (such as onclick).  The caller must
			provide the surrounding quotation characters.  This method
			performs the same encode as Encode.forJavaScript(String)} with
			the exception that " and ' are encoded as \" and \' respectively.
        
        forJavaScriptBlock
        forJavaScriptBlock
        org.owasp.encoder.Encode
        java.lang.String forJavaScriptBlock(java.lang.String)
        forJavaScriptBlock(unsafeData)
    
    
        
			This method encodes for JavaScript strings contained within
			a JavaScript or JSON file. This method is NOT safe for
			use in ANY context embedded in HTML. The caller must
			provide the surrounding quotation characters.  This method
			performs the same encode as Encode.forJavaScript(String) with
			the exception that / and & are not escaped and " and ' are
			encoded as \" and \' respectively.
        
        forJavaScriptSource
        forJavaScriptSource
        org.owasp.encoder.Encode
        java.lang.String forJavaScriptSource(java.lang.String)
        
			<%@page contentType="text/javascript; charset=UTF-8"%>
			var data = '${forJavaScriptSource(unsafeData)}';
        
    




© 2015 - 2024 Weber Informatics LLC | Privacy Policy