com.atlassian.bamboo.util
Class BambooStringUtils

java.lang.Object
  extended by com.atlassian.bamboo.util.BambooStringUtils

public class BambooStringUtils
extends java.lang.Object


Method Summary
static boolean containsXssRelatedCharacters(java.lang.String string)
          Returns true if the supplied string contains characters that could be used to deface a page or trigger an XSS exploit (characters: "&'<>\).
static java.lang.String encodeHtmlWithTagWhiteList(java.lang.String string)
          Escapes string but preserves few defined tags.
static java.lang.String forceAlphaNumeric(java.lang.String str)
           
static java.lang.String forceValidHtmlId(java.lang.String id)
          According to the HTML standard, ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods (".").
static java.lang.String getFirstXssRelatedCharacter(java.lang.String string)
          Retrieves first unsafe character from supplied string
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

forceAlphaNumeric

@NotNull
public static java.lang.String forceAlphaNumeric(@Nullable
                                                         java.lang.String str)

containsXssRelatedCharacters

public static boolean containsXssRelatedCharacters(@Nullable
                                                   java.lang.String string)
Returns true if the supplied string contains characters that could be used to deface a page or trigger an XSS exploit (characters: "&'<>\). Should be used in addition to normal escaping of output, not instead of it.

Parameters:
string - string to check
Returns:
true if string contains unsafe characters, false otherwise

getFirstXssRelatedCharacter

@NotNull
public static java.lang.String getFirstXssRelatedCharacter(@Nullable
                                                                   java.lang.String string)
Retrieves first unsafe character from supplied string

Parameters:
string - the string to check
Returns:
string with the first encountered unsafe character.

forceValidHtmlId

@NotNull
public static java.lang.String forceValidHtmlId(@NotNull
                                                        java.lang.String id)
According to the HTML standard, ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods ("."). This method strips the supplied id of all invalid characters. It does not enforce the "must begin with a letter" rule.


encodeHtmlWithTagWhiteList

public static final java.lang.String encodeHtmlWithTagWhiteList(java.lang.String string)
Escapes string but preserves few defined tags. Allows some html formatting inside strings while preventing XSS. Allowed tags are: <br /> <i> <b> <p> <div> <a>. Properties are not allowed except 'href' in anchor tag.

Parameters:
string -
Returns:
html escaped string with white listed tags preserved


Copyright © 2010 Atlassian. All Rights Reserved.