Package org.apache.sling.xss

Interface XSSFilter

  • @ProviderType
public interface XSSFilter
    This service should be used to protect output against potential XSS attacks. The protection is context based.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean check​(ProtectionContext context, java.lang.String src)
      Indicates whether or not a given source string contains XSS policy violations.
      java.lang.String filter​(java.lang.String src)
      Prevents the given source string from containing XSS stuff.
      java.lang.String filter​(ProtectionContext context, java.lang.String src)
      Protects the given source string from containing XSS stuff.
      boolean isValidHref​(java.lang.String url)
      Checks if the given URL is valid to be used for the href attribute in a a tag.

    • Field Detail

    • Method Detail

      • check

        boolean check​(ProtectionContext context,
              java.lang.String src)
        Indicates whether or not a given source string contains XSS policy violations.
        Parameters:
        context - context to use for checking
        src - source string
        Returns:
        true if the source is violation-free
        Throws:
        java.lang.NullPointerException - if context is null

      • filter

        java.lang.String filter​(java.lang.String src)
        Prevents the given source string from containing XSS stuff.

        The default protection context is used for checking.

        Parameters:
        src - source string
        Returns:
        string that does not contain XSS stuff

      • filter

        java.lang.String filter​(ProtectionContext context,
                        java.lang.String src)
        Protects the given source string from containing XSS stuff.
        Parameters:
        context - context to use for checking
        src - source string
        Returns:
        string that does not contain XSS stuff
        Throws:
        java.lang.NullPointerException - if context is null

      • isValidHref

        boolean isValidHref​(java.lang.String url)
        Checks if the given URL is valid to be used for the href attribute in a a tag.

        The default protection context is used for checking.

        Parameters:
        url - the URL that should be validated
        Returns:
        true if the URL is violation-free