BambooStringUtils (Atlassian Bamboo 3.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.bamboo.util
Class BambooStringUtils

java.lang.Object
  com.atlassian.bamboo.util.BambooStringUtils

public class BambooStringUtils
extends java.lang.Object
extends java.lang.Object

Method Summary
`static boolean`	`containsXssRelatedCharacters(java.lang.String string)` Returns true if the supplied string contains characters that could be used to deface a page or trigger an XSS exploit (characters: "&'<>\).
`static java.lang.String`	`encodeHtmlWithTagWhiteList(java.lang.String string)` Escapes string but preserves few defined tags.
`static com.google.common.base.Function<java.lang.String,java.lang.String>`	`encodeHtmlWithTagWhiteListFunction()`
`static java.lang.String`	`forceAlphaNumeric(java.lang.String str)`
`static java.lang.String`	`forceValidHtmlId(java.lang.String id)` According to the HTML standard, ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods (".").
`static java.lang.String`	`getFirstXssRelatedCharacter(java.lang.String string)` Retrieves first unsafe character from supplied string

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

forceAlphaNumeric

@NotNull
public static java.lang.String forceAlphaNumeric(@Nullable
                                                         java.lang.String str)

containsXssRelatedCharacters

public static boolean containsXssRelatedCharacters(@Nullable
                                                   java.lang.String string)

Returns true if the supplied string contains characters that could be used to deface a page or trigger an XSS exploit (characters: "&'<>\). Should be used in addition to normal escaping of output, not instead of it.

Parameters:: string - string to check
Returns:: true if string contains unsafe characters, false otherwise

getFirstXssRelatedCharacter

@NotNull
public static java.lang.String getFirstXssRelatedCharacter(@Nullable
                                                                   java.lang.String string)

Retrieves first unsafe character from supplied string

Parameters:: string - the string to check
Returns:: string with the first encountered unsafe character.

forceValidHtmlId

@NotNull
public static java.lang.String forceValidHtmlId(@NotNull
                                                        java.lang.String id)

According to the HTML standard, ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods ("."). This method strips the supplied id of all invalid characters. It does not enforce the "must begin with a letter" rule.

encodeHtmlWithTagWhiteList

public static final java.lang.String encodeHtmlWithTagWhiteList(java.lang.String string)

Escapes string but preserves few defined tags. Allows some html formatting inside strings while preventing XSS. Allowed tags are: <br /> <i> <b> <p> <div> <a>. Properties are not allowed except 'href' in anchor tag.

Parameters:: string -
Returns:: html escaped string with white listed tags preserved

encodeHtmlWithTagWhiteListFunction

public static com.google.common.base.Function<java.lang.String,java.lang.String> encodeHtmlWithTagWhiteListFunction()