com.whitestein.lsps.common.security

Class Encode

java.lang.Object

com.whitestein.lsps.common.security.Encode

public class Encode
extends Object

Sanitizes user input

Method Summary

Modifier and Type	Method and Description
static String	forHtml(String s) Encodes a string to HTML using the ASCII-code (e.
static String	forJava(Object input) Encodes for a Java string Escapes control characters, quotes and backslashes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

forHtml

public static String forHtml(String s)

Encodes a string to HTML using the ASCII-code (e. g. ü -> &#FC;) Escape user input which is displayed in JSP pages with this function. See CWE-80 http://cwe.mitre.org/data/definitions/80.html

Parameters:

s - the string to be converted

Returns:

HTML escaped string

forJava

public static String forJava(Object input)

Encodes for a Java string Escapes control characters, quotes and backslashes. See CWE-117 http://cwe.mitre.org/data/definitions/117.html

Parameters:

input - Object with toString() method to be neutralized

Returns:

Neutralized String