forked from ESAPI/esapi-java-legacy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathPercentCodec.java
More file actions
97 lines (87 loc) · 2.65 KB
/
Copy pathPercentCodec.java
File metadata and controls
97 lines (87 loc) · 2.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project. For details, please see
* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
*
* Copyright (c) 2007 - The OWASP Foundation
*
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
* LICENSE before you use, modify, and/or redistribute this software.
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
* @created 2007
*/
package org.owasp.esapi.codecs;
/**
* Implementation of the Codec interface for percent encoding (aka URL encoding).
*
* @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
* href="http://www.aspectsecurity.com">Aspect Security</a>
* @since June 1, 2007
* @see org.owasp.esapi.Encoder
*/
public class PercentCodec implements Codec {
public PercentCodec() {
}
public String encode( String input ) {
return null;
}
public String encodeCharacter( Character c ) {
return null;
}
public String decode( String input ) {
StringBuffer sb = new StringBuffer();
PushbackString pbs = new PushbackString( input );
while ( pbs.hasNext() ) {
Character c = decodeCharacter( pbs );
if ( c != null ) {
sb.append( c );
} else {
sb.append( pbs.next() );
}
}
return sb.toString();
}
/**
* Returns the decoded version of the character starting at index, or
* null if no decoding is possible.
*
* Formats all are legal both upper/lower case:
* %hh;
*/
public Character decodeCharacter( PushbackString input ) {
input.mark();
Character first = input.next();
if ( first == null ) {
input.reset();
return null;
}
// if this is not an encoded character, return null
if ( first.charValue() != '%' ) {
input.reset();
return null;
}
// Search for exactly 2 hex digits following
StringBuffer sb = new StringBuffer();
for ( int i=0; i<2; i++ ) {
Character c = input.nextHex();
if ( c != null ) sb.append( c );
}
if ( sb.length() == 2 ) {
try {
// parse the hex digit and create a character
int i = Integer.parseInt(sb.toString(), 16);
// TODO: in Java 1.5 you can test whether this is a valid code point
// with Character.isValidCodePoint() et al.
return new Character( (char)i );
} catch( NumberFormatException e ) {
// throw an exception for malformed entity?
// just continue which will reset and return null
}
}
input.reset();
return null;
}
}