Package org.apache.sling.xss
Interface XSSFilter
@ProviderType
public interface XSSFilter
This service should be used to protect output against potential XSS attacks.
The protection is context based.
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionbooleancheck(ProtectionContext context, String src) Indicates whether or not a given source string contains XSS policy violations.Prevents the given source string from containing XSS stuff.filter(ProtectionContext context, String src) Protects the given source string from containing XSS stuff.booleanisValidHref(String url) Checks if the given URL is valid to be used for thehrefattribute in aatag.
-
Field Details
-
DEFAULT_CONTEXT
Default context.
-
-
Method Details
-
check
Indicates whether or not a given source string contains XSS policy violations.- Parameters:
context- context to use for checkingsrc- source string- Returns:
- true if the source is violation-free
- Throws:
NullPointerException- if context isnull
-
filter
Prevents the given source string from containing XSS stuff.The default protection context is used for checking.
- Parameters:
src- source string- Returns:
- string that does not contain XSS stuff
-
filter
Protects the given source string from containing XSS stuff.- Parameters:
context- context to use for checkingsrc- source string- Returns:
- string that does not contain XSS stuff
- Throws:
NullPointerException- if context isnull
-
isValidHref
Checks if the given URL is valid to be used for thehrefattribute in aatag.The default protection context is used for checking.
- Parameters:
url- the URL that should be validated- Returns:
- true if the URL is violation-free
-