";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jakarta/src/test/java/org/owasp/encoder/tag/ForXmlTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForXmlTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForXmlTagTest extends EncodingTagTest {
44 |
45 | public ForXmlTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForXmlTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForXmlTag instance = new ForXmlTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/EncodingTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import javax.servlet.jsp.tagext.SimpleTagSupport;
38 |
39 | /**
40 | * The base class for the encoding tags within this package.
41 | *
42 | * @author Jeremy Long (jeremy.long@gmail.com)
43 | */
44 | public abstract class EncodingTag extends SimpleTagSupport {
45 | /**
46 | * The value to be written out by the tag.
47 | */
48 | protected String _value;
49 | /**
50 | * Sets the value to be written out by the tag.
51 | * @param value the value to be written out by the tag.
52 | */
53 | public void setValue(String value) {
54 | this._value = value;
55 | }
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForCDATATag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform encoding sufficient to place into a CDATA block.
43 | * This wraps the {@link org.owasp.encoder.Encode#forCDATA(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForCDATATag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forCDATA(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForCssStringTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform CSS encoding for CSS strings.
43 | * This wraps the {@link org.owasp.encoder.Encode#forCssString(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForCssStringTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forCssString(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForCssUrlTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform CSS encoding for CSS URL contexts.
43 | * This wraps the {@link org.owasp.encoder.Encode#forCssUrl(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForCssUrlTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forCssUrl(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlAttributeTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform HTML encoding for HTML text attributes.
43 | * This wraps the {@link org.owasp.encoder.Encode#forHtmlAttribute(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForHtmlAttributeTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forHtmlAttribute(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlContentTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform HTML encoding for text content.
43 | * This wraps the {@link org.owasp.encoder.Encode#forHtmlContent(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForHtmlContentTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forHtmlContent(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform HTML encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forHtml(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForHtmlTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forHtml(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForHtmlUnquotedAttributeTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform HTML Attribute encoding for an unquoted attribute.
43 | * This wraps the {@link org.owasp.encoder.Encode#forHtmlUnquotedAttribute(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForHtmlUnquotedAttributeTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forHtmlUnquotedAttribute(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptAttributeTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform JavaScript Attribute encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forJavaScriptAttribute(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForJavaScriptAttributeTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forJavaScriptAttribute(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptBlockTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform JavaScript Block encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forJavaScriptBlock(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForJavaScriptBlockTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forJavaScriptBlock(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptSourceTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform JavaScript Source encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forJavaScriptSource(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForJavaScriptSourceTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forJavaScriptSource(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForJavaScriptTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform JavaScript encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forJavaScript(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForJavaScriptTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forJavaScript(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForUriComponentTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag that performs percent-encoding for a component of a URI, such as a query
43 | * parameter name or value, path, or query-string.
44 | * This wraps the {@link org.owasp.encoder.Encode#forUriComponent(java.lang.String)}.
45 | *
46 | * @author Jeremy Long (jeremy.long@gmail.com)
47 | */
48 | public class ForUriComponentTag extends EncodingTag {
49 | @Override
50 | public void doTag() throws JspException, IOException {
51 | Encode.forUriComponent(getJspContext().getOut(), _value);
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForUriTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform percent-encoding of a URL according to RFC 3986.
43 | * This wraps the {@link org.owasp.encoder.Encode#forUri(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForUriTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forUri(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForXmlAttributeTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform XML Attribute Encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forXmlAttribute(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForXmlAttributeTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forXmlAttribute(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForXmlCommentTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform XML Comment Encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forXmlAttribute(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForXmlCommentTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forXmlComment(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForXmlContentTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform XML Content Encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forXmlAttribute(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForXmlContentTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forXmlContent(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java/org/owasp/encoder/tag/ForXmlTag.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 | package org.owasp.encoder.tag;
36 |
37 | import java.io.IOException;
38 | import javax.servlet.jsp.JspException;
39 | import org.owasp.encoder.Encode;
40 |
41 | /**
42 | * A tag to perform XML Encoding.
43 | * This wraps the {@link org.owasp.encoder.Encode#forXml(java.lang.String)}.
44 | *
45 | * @author Jeremy Long (jeremy.long@gmail.com)
46 | */
47 | public class ForXmlTag extends EncodingTag {
48 | @Override
49 | public void doTag() throws JspException, IOException {
50 | Encode.forXml(getJspContext().getOut(), _value);
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/jsp/src/main/java9/module-info.java:
--------------------------------------------------------------------------------
1 | module owasp.encoder.jsp {
2 | requires owasp.encoder;
3 |
4 | exports org.owasp.encoder.tag;
5 | }
--------------------------------------------------------------------------------
/jsp/src/main/resources/META-INF/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2015 Jeff Ichnowski
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions
6 | are met:
7 |
8 | * Redistributions of source code must retain the above
9 | copyright notice, this list of conditions and the following
10 | disclaimer.
11 |
12 | * Redistributions in binary form must reproduce the above
13 | copyright notice, this list of conditions and the following
14 | disclaimer in the documentation and/or other materials
15 | provided with the distribution.
16 |
17 | * Neither the name of the OWASP nor the names of its
18 | contributors may be used to endorse or promote products
19 | derived from this software without specific prior written
20 | permission.
21 |
22 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------
/jsp/src/site/markdown/index.md:
--------------------------------------------------------------------------------
1 | ## OWASP JSP
2 |
3 | The OWASP JSP Encoder is a collection of high-performance low-overhead
4 | contextual encoders that, when utilized correctly, is an effective tool in
5 | preventing Web Application security vulnerabilities such as Cross-Site
6 | Scripting (XSS).
7 |
8 | Please see the [OWASP XSS Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet)
9 | for more information on preventing XSS.
10 |
11 | ### JSP Usage
12 |
13 | The JSP Encoder makes the use of the Java Encoder within JSP simple via a TLD that
14 | includes tags and a set of JSP EL functions:
15 |
16 | ```xml
17 |
18 | org.owasp.encoder
19 | encoder-jsp
20 | 1.2.3
21 |
22 | ```
23 |
24 | ```JSP
25 | <%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %>
26 |
27 | <%-- ... --%>
28 |
29 |
Dynamic data via EL: ${e:forHtml(param.value)}
30 |
Dynamic data via tag:
31 | ```
32 |
--------------------------------------------------------------------------------
/jsp/src/site/site.xml:
--------------------------------------------------------------------------------
1 |
2 |
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForCDATATagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForCDATATag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForCDATATagTest extends EncodingTagTest {
44 |
45 | public ForCDATATagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForCDATATag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForCDATATag instance = new ForCDATATag();
69 | String value = "
]]>
";
70 | String expected = "
]]]]>
";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForCssStringTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForCssStringTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForCssStringTagTest extends EncodingTagTest {
44 |
45 | public ForCssStringTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForCssStringTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForCssStringTag instance = new ForCssStringTag();
69 | String value = "
";
70 | String expected = "\\3c div\\3e";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForCssUrlTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForCssUrlTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForCssUrlTagTest extends EncodingTagTest {
44 |
45 | public ForCssUrlTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForCssUrlTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForCssUrlTag instance = new ForCssUrlTag();
69 | String value = "\\';";
70 | String expected = "\\5c\\27;";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected, results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForHtmlAttributeTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForHtmlAttributeTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForHtmlAttributeTagTest extends EncodingTagTest {
44 |
45 | public ForHtmlAttributeTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForHtmlAttributeTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForHtmlAttributeTag instance = new ForHtmlAttributeTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForHtmlContentTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForHtmlContentTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForHtmlContentTagTest extends EncodingTagTest {
44 |
45 | public ForHtmlContentTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForHtmlContentTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForHtmlContentTag instance = new ForHtmlContentTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForHtmlTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForHtmlTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForHtmlTagTest extends EncodingTagTest {
44 |
45 | public ForHtmlTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForHtmlTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForHtmlTag instance = new ForHtmlTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForJavaScriptBlockTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForJavaScriptBlockTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForJavaScriptBlockTagTest extends EncodingTagTest {
44 |
45 | public ForJavaScriptBlockTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForJavaScriptBlockTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForJavaScriptBlockTag instance = new ForJavaScriptBlockTag();
69 | String value = "'\"\0";
70 | String expected = "\\'\\\"\\x00";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForJavaScriptSourceTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForJavaScriptSourceTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForJavaScriptSourceTagTest extends EncodingTagTest {
44 |
45 | public ForJavaScriptSourceTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForJavaScriptSourceTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForJavaScriptSourceTag instance = new ForJavaScriptSourceTag();
69 | String value = "\0'\"";
70 | String expected = "\\x00\\'\\\"";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForJavaScriptTagTest.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package org.owasp.encoder.tag;
6 |
7 | /**
8 | * Simple tests for the ForJavaScriptTag.
9 | *
10 | * @author Jeremy Long (jeremy.long@gmail.com)
11 | */
12 | public class ForJavaScriptTagTest extends EncodingTagTest {
13 |
14 | public ForJavaScriptTagTest(String testName) {
15 | super(testName);
16 | }
17 |
18 | @Override
19 | protected void setUp() throws Exception {
20 | super.setUp();
21 | }
22 |
23 | @Override
24 | protected void tearDown() throws Exception {
25 | super.tearDown();
26 | }
27 |
28 | /**
29 | * Test of doTag method, of class ForJavaScriptTag.
30 | * This is a very simple test that doesn't fully
31 | * exercise/test the encoder - only that the
32 | * tag itself works.
33 | * @throws Exception is thrown if the tag fails.
34 | */
35 | public void testDoTag() throws Exception {
36 | System.out.println("doTag");
37 | ForJavaScriptTag instance = new ForJavaScriptTag();
38 | String value = "\0'\"";
39 | String expected = "\\x00\\x27\\x22";
40 | instance.setJspContext(_pageContext);
41 | instance.setValue(value);
42 | instance.doTag();
43 | String results = _response.getContentAsString();
44 | assertEquals(expected,results);
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForUriComponentTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForUriComponentTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForUriComponentTagTest extends EncodingTagTest {
44 |
45 | public ForUriComponentTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForUriComponentTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForUriComponentTag instance = new ForUriComponentTag();
69 | String value = "&=test";
70 | String expected = "%26amp%3B%3Dtest";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForUriTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForUriTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForUriTagTest extends EncodingTagTest {
44 |
45 | public ForUriTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForUriTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForUriTag instance = new ForUriTag();
69 | String value = "\\\"";
70 | String expected = "%5C%22";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForXmlAttributeTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForXmlAttributeTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForXmlAttributeTagTest extends EncodingTagTest {
44 |
45 | public ForXmlAttributeTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForXmlAttributeTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForXmlAttributeTag instance = new ForXmlAttributeTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForXmlContentTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForXmlContentTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForXmlContentTagTest extends EncodingTagTest {
44 |
45 | public ForXmlContentTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForXmlContentTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForXmlContentTag instance = new ForXmlContentTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/jsp/src/test/java/org/owasp/encoder/tag/ForXmlTagTest.java:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2012 Jeff Ichnowski
2 | // All rights reserved.
3 | //
4 | // Redistribution and use in source and binary forms, with or without
5 | // modification, are permitted provided that the following conditions
6 | // are met:
7 | //
8 | // * Redistributions of source code must retain the above
9 | // copyright notice, this list of conditions and the following
10 | // disclaimer.
11 | //
12 | // * Redistributions in binary form must reproduce the above
13 | // copyright notice, this list of conditions and the following
14 | // disclaimer in the documentation and/or other materials
15 | // provided with the distribution.
16 | //
17 | // * Neither the name of the OWASP nor the names of its
18 | // contributors may be used to endorse or promote products
19 | // derived from this software without specific prior written
20 | // permission.
21 | //
22 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26 | // COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
27 | // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
29 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
33 | // OF THE POSSIBILITY OF SUCH DAMAGE.
34 |
35 |
36 | package org.owasp.encoder.tag;
37 |
38 | /**
39 | * Simple tests for the ForXmlTag.
40 | *
41 | * @author Jeremy Long (jeremy.long@gmail.com)
42 | */
43 | public class ForXmlTagTest extends EncodingTagTest {
44 |
45 | public ForXmlTagTest(String testName) {
46 | super(testName);
47 | }
48 |
49 | @Override
50 | protected void setUp() throws Exception {
51 | super.setUp();
52 | }
53 |
54 | @Override
55 | protected void tearDown() throws Exception {
56 | super.tearDown();
57 | }
58 |
59 | /**
60 | * Test of doTag method, of class ForXmlTag.
61 | * This is a very simple test that doesn't fully
62 | * exercise/test the encoder - only that the
63 | * tag itself works.
64 | * @throws Exception is thrown if the tag fails.
65 | */
66 | public void testDoTag() throws Exception {
67 | System.out.println("doTag");
68 | ForXmlTag instance = new ForXmlTag();
69 | String value = "
";
70 | String expected = "<div>";
71 | instance.setJspContext(_pageContext);
72 | instance.setValue(value);
73 | instance.doTag();
74 | String results = _response.getContentAsString();
75 | assertEquals(expected,results);
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/src/main/config/checkstyle-header.txt:
--------------------------------------------------------------------------------
1 | ^// Copyright \(c\) 201[2-9] (Jeff Ichnowski|Jim Manico|Jeremy Long)\s*$
2 | ^// All rights reserved\.\s*$
3 | ^//
4 | ^// Redistribution and use in source and binary forms, with or without\s*$
5 | ^// modification, are permitted provided that the following conditions\s*$
6 | ^// are met:\s*$
7 | ^//\s*$
8 | ^// \* Redistributions of source code must retain the above\s*$
9 | ^// copyright notice, this list of conditions and the following\s*$
10 | ^// disclaimer\.\s*$
11 | ^//
12 | ^// \* Redistributions in binary form must reproduce the above\s*$
13 | ^// copyright notice, this list of conditions and the following\s*$
14 | ^// disclaimer in the documentation and/or other materials\s*$
15 | ^// provided with the distribution.\s*$
16 | ^//
17 | ^// \* Neither the name of the OWASP nor the names of its\s*$
18 | ^// contributors may be used to endorse or promote products\s*$
19 | ^// derived from this software without specific prior written\s*$
20 | ^// permission\.\s*$
21 | ^//
22 | ^// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\s*$
23 | ^// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\s*$
24 | ^// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\s*$
25 | ^// FOR A PARTICULAR PURPOSE ARE DISCLAIMED\. IN NO EVENT SHALL THE\s*$
26 | ^// COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,\s*$
27 | ^// INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\s*$
28 | ^// \(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\s*$
29 | ^// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION\)\s*$
30 | ^// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\s*$
31 | ^// STRICT LIABILITY, OR TORT \(INCLUDING NEGLIGENCE OR OTHERWISE\)\s*$
32 | ^// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\s*$
33 | ^// OF THE POSSIBILITY OF SUCH DAMAGE\.\s*$
34 |
--------------------------------------------------------------------------------
/src/site/markdown/index.md:
--------------------------------------------------------------------------------
1 | ## OWASP Java Encoder Project
2 |
3 | The OWASP Java Encoder Project is a collection of high-performance low-overhead
4 | contextual encoders, that when utilized correctly, is an effective tool in
5 | preventing Web Application security vulnerabilities such as Cross-Site
6 | Scripting (XSS).
7 |
8 | Please see the [OWASP XSS Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet)
9 | for more information on preventing XSS.
10 |
11 | ### Usage
12 |
13 | In addition to the usage guidance below, more examples can be found on the [OWASP Java Encoder Project Wiki](https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Use_the_Java_Encoder_Project).
14 |
15 | The JARs can be found in [Maven Central](https://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.owasp.encoder%22).
16 |
17 | ```xml
18 |
19 | org.owasp.encoder
20 | encoder
21 | 1.2.3
22 |
23 | ```
24 |
25 | Utilize the encoder:
26 |
27 | ```java
28 | import org.owasp.encoder.Encode;
29 |
30 | //...
31 |
32 | PrintWriter out = ....;
33 | out.println("
");
34 | ```
35 |
36 | ### JSP Usage
37 |
38 | The JSP Encoder makes the use of the Java Encoder within JSP simple via a TLD that
39 | includes tags and a set of JSP EL functions:
40 |
41 | ```xml
42 |
43 | org.owasp.encoder
44 | encoder-jsp
45 | 1.2.3
46 |
47 | ```
48 |
49 | ```JSP
50 | <%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %>
51 |
52 | <%-- ... --%>
53 |
54 |
Dynamic data via EL: ${e:forHtml(param.value)}
55 |
Dynamic data via tag:
56 | ```
57 |
--------------------------------------------------------------------------------
/src/site/resources/images/owasp.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/owasp-java-encoder/9645e8dad1c436dae98382a28549ff8d745ae3c0/src/site/resources/images/owasp.jpg
--------------------------------------------------------------------------------
/src/site/site.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/owasp-java-encoder/9645e8dad1c436dae98382a28549ff8d745ae3c0/src/site/site.xml
--------------------------------------------------------------------------------