XSSFilter (Apache Sling 9 API)

```
@ProviderType
public interface XSSFilter
```
This service should be used to protect output against potential XSS attacks. The protection is context based.

Field Summary

Fields
Modifier and Type Field and Description

static ProtectionContext DEFAULT_CONTEXT
Default context.

Fields
Modifier and Type	Field and Description
`static ProtectionContext`	`DEFAULT_CONTEXT` Default context.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`boolean`	`check(ProtectionContext context, String src)` Indicates whether or not a given source string contains XSS policy violations.
`String`	`filter(ProtectionContext context, String src)` Protects the given source string from containing XSS stuff.
`String`	`filter(String src)` Prevents the given source string from containing XSS stuff.
`boolean`	`isValidHref(String url)` Checks if the given URL is valid to be used for the `href` attribute in a `a` tag.

- Field Detail
  - DEFAULT_CONTEXT
```
static final ProtectionContext DEFAULT_CONTEXT
```
    Default context.
- Method Detail
  - check
```
boolean check(ProtectionContext context,
              String src)
```
    Indicates whether or not a given source string contains XSS policy violations.
    
    Parameters:
    
    context - context to use for checking
    
    src - source string
    
    Returns:
    
    true if the source is violation-free
    
    Throws:
    
    NullPointerException - if context is null
  - filter
```
String filter(String src)
```
    Prevents the given source string from containing XSS stuff.
    The default protection context is used for checking.
    
    Parameters:
    
    src - source string
    
    Returns:
    
    string that does not contain XSS stuff
  - filter
```
String filter(ProtectionContext context,
              String src)
```
    Protects the given source string from containing XSS stuff.
    
    Parameters:
    
    context - context to use for checking
    
    src - source string
    
    Returns:
    
    string that does not contain XSS stuff
    
    Throws:
    
    NullPointerException - if context is null
  - isValidHref
```
boolean isValidHref(String url)
```
    Checks if the given URL is valid to be used for the href attribute in a a tag.
    The default protection context is used for checking.
    
    Parameters:
    
    url - the URL that should be validated
    
    Returns:
    
    true if the URL is violation-free

Interface XSSFilter

Field Summary

Method Summary

Field Detail

DEFAULT_CONTEXT

Method Detail

check

filter

filter

isValidHref