org.jooby.csl

Class XSS

java.lang.Object

org.jooby.csl.XSS

All Implemented Interfaces:

Jooby.Module

public class XSS
extends Object
implements Jooby.Module

xss

Lightweight set of escaping routines for fixing cross-site scripting (XSS) via coverity-security-library

exports

• html escaper: HTML entity escaping for text content and attributes.
• htmlText escaper: Faster HTML entity escaping for tag content or quoted attributes values only.
• js escaper: JavaScript String Unicode escaper.
• jsRegex escaper: JavaScript regex content escaper.
• css escaper: CSS String escaper.
• uri escaper: URI encoder.

usage

 {
   use(new XSS());

   post("/", req -> {
     String safeHtml = req.param("text", "html").value();
   });
 }
 

Nested context are supported by providing multiple encoders:

 {
   use(new XSS());

   post("/", req -> {
     String safeHtml = req.param("text", "js", "html", "uri").value();
   });
 }
 

Encoders run in the order they are provided.

If you want to learn more about nested context and why they are important have a look at this nice guide from coverity-security-library.

Since:

1.0.0

Author:

edgar

Constructor Summary

Constructors

Constructor and Description
XSS()

Method Summary

Modifier and Type	Method and Description
void	configure(Env env, com.typesafe.config.Config conf, com.google.inject.Binder binder)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.jooby.Jooby.Module

config

Constructor Detail

XSS

public XSS()

Method Detail

configure

public void configure(Env env,
                      com.typesafe.config.Config conf,
                      com.google.inject.Binder binder)

Specified by:

configure in interface Jooby.Module