BambooStringUtils (Atlassian Bamboo 3.1-SNAPSHOT API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.atlassian.bamboo.util
Class BambooStringUtils

java.lang.Object
  com.atlassian.bamboo.util.BambooStringUtils

public class BambooStringUtils
extends java.lang.Object
extends java.lang.Object

Field Summary
`static char`	`CHAR_APOSTROPHE`
`static char`	`CHAR_BACKSLASH`
`static char`	`CHAR_DOUBLE_QUOTE`
`static char`	`CHAR_NONE`

Method Summary
`static boolean`	`containsXssRelatedCharacters(java.lang.String string)` Returns true if the supplied string contains characters that could be used to deface a page or trigger an XSS exploit (characters: "&'<>\).
`static java.lang.String`	`encodeHtmlWithTagWhiteList(java.lang.String string)` Escapes string but preserves few defined tags.
`static com.google.common.base.Function<java.lang.String,java.lang.String>`	`encodeHtmlWithTagWhiteListFunction()`
`static java.lang.String`	`forceAlphaNumeric(java.lang.String str)`
`static java.lang.String`	`forceValidHtmlId(java.lang.String id)` According to the HTML standard, ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods (".").
`static java.lang.String`	`getFirstXssRelatedCharacter(java.lang.String string)` Retrieves first unsafe character from supplied string
`static java.lang.String`	`remove(java.lang.String quotedVarValue, int index)` Removes a character at specified index from string
`static java.lang.String`	`unquote(java.lang.String quotedVarValue, boolean processBackslashes)` Removes quotes from variable using shell rules.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

CHAR_NONE

public static final char CHAR_NONE

See Also:: Constant Field Values

CHAR_APOSTROPHE

public static final char CHAR_APOSTROPHE

See Also:: Constant Field Values

CHAR_BACKSLASH

public static final char CHAR_BACKSLASH

See Also:: Constant Field Values

CHAR_DOUBLE_QUOTE

public static final char CHAR_DOUBLE_QUOTE

See Also:: Constant Field Values

Method Detail

forceAlphaNumeric

@NotNull
public static java.lang.String forceAlphaNumeric(@Nullable
                                                         java.lang.String str)

containsXssRelatedCharacters

public static boolean containsXssRelatedCharacters(@Nullable
                                                   java.lang.String string)

Returns true if the supplied string contains characters that could be used to deface a page or trigger an XSS exploit (characters: "&'<>\). Should be used in addition to normal escaping of output, not instead of it.

Parameters:: string - string to check
Returns:: true if string contains unsafe characters, false otherwise

getFirstXssRelatedCharacter

@NotNull
public static java.lang.String getFirstXssRelatedCharacter(@Nullable
                                                                   java.lang.String string)

Retrieves first unsafe character from supplied string

Parameters:: string - the string to check
Returns:: string with the first encountered unsafe character.

forceValidHtmlId

@NotNull
public static java.lang.String forceValidHtmlId(@NotNull
                                                        java.lang.String id)

According to the HTML standard, ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods ("."). This method replaces all invalid characters in the supplied id with an underscore. It does not enforce the "must begin with a letter" rule. There are two functions that do it, one in FreeMarker functions.ftl and one in BambooStringUtils. They MUST be kept in sync.

encodeHtmlWithTagWhiteList

public static java.lang.String encodeHtmlWithTagWhiteList(java.lang.String string)

Escapes string but preserves few defined tags. Allows some html formatting inside strings while preventing XSS. Allowed tags are: <br /> <i> <b> <p> <div> <a>. Properties are not allowed except 'href' in anchor tag.

Parameters:: string -
Returns:: html escaped string with white listed tags preserved

encodeHtmlWithTagWhiteListFunction

public static com.google.common.base.Function<java.lang.String,java.lang.String> encodeHtmlWithTagWhiteListFunction()

unquote

@NotNull
public static java.lang.String unquote(@NotNull
                                               java.lang.String quotedVarValue,
                                               boolean processBackslashes)

Removes quotes from variable using shell rules.

Parameters:: quotedVarValue -; processBackslashes - whether backslash should be treated as a special character or not
Returns:

remove

@NotNull
public static java.lang.String remove(@NotNull
                                              java.lang.String quotedVarValue,
                                              int index)

Removes a character at specified index from string

Parameters:: quotedVarValue -; index -
Returns: