Issue 34 - Solution Contributed by Ed Schaller (schallee (at) darkmist (dot) net)

chrisisbeef · chrisisbeef · commit cdf4221551ce · 2009-10-14T19:20:15.000Z
http://code.google.com/p/owasp-esapi-java/issues/detail?id=34
diff --git a/src/main/java/META-INF/esapi.tld b/src/main/java/META-INF/esapi.tld
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE taglib PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.1//EN" "http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd">
+
+<taglib>
+
+   <tlibversion>2.0</tlibversion>
+   <jspversion>1.1</jspversion>
+
+   <shortname>esapi</shortname>
+   <uri>http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</uri>
+
+   <tag>
+      <name>encodeForHTML</name>
+      <tagclass>org.owasp.esapi.tags.EncodeForHTMLTag</tagclass>
+      <bodycontent>JSP</bodycontent>
+    </tag>
+
+   <tag>
+      <name>encodeForJavaScript</name>
+      <tagclass>org.owasp.esapi.tags.EncodeForHTMLTag</tagclass>
+      <bodycontent>JSP</bodycontent>
+    </tag>
+
+   <tag>
+      <name>encodeForHTMLAttribute</name>
+      <tagclass>org.owasp.esapi.tags.EncodeForHTMLTag</tagclass>
+      <bodycontent>JSP</bodycontent>
+    </tag>
+    
+    <tag>
+      <name>encodeForVBScript</name>
+      <tagclass>org.owasp.esapi.tags.EncodeForVBScriptTag</tagclass>
+      <bodycontent>JSP</bodycontent>
+    </tag>
+    
+ </taglib>
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
@@ -5,7 +5,6 @@
 import javax.servlet.jsp.JspTagException;
 import javax.servlet.jsp.JspWriter;
 import javax.servlet.jsp.tagext.BodyContent;
-import javax.servlet.jsp.tagext.BodyTag;
 import javax.servlet.jsp.tagext.BodyTagSupport;
 
 import org.owasp.esapi.ESAPI;
@@ -20,26 +19,7 @@ public class EncodeForHTMLAttributeTag extends BodyTagSupport {
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = 1L;
-	private String name;
-	
-    /**
-     *
-     */
-    public EncodeForHTMLAttributeTag() {}
-	
-	
-	
-    /**
-     *
-     * @return
-     */
-    public int doStartTag() {
-					
-		//return EVAL_BODY_TAG; <-- Deprecated
-		return BodyTag.EVAL_BODY_BUFFERED;
-	}
-
+	private static final long serialVersionUID = 2L;
 	
     /**
      *
@@ -58,33 +38,14 @@ public int doAfterBody() throws JspTagException {
 			
 			Encoder e = ESAPI.encoder();
 			
-			out.println( e.encodeForHTMLAttribute(content) );
+			out.print( e.encodeForHTMLAttribute(content) );
 			body.clearBody();
 			
-			return EVAL_PAGE;
+			return SKIP_BODY;
 			
 		} catch (IOException ioe) {
-			throw new JspTagException("error in encodeForHTML tag doAfterBody()",ioe);
+			throw new JspTagException("error writing to body's enclosing writer",ioe);
 		}
 		
 	}
-
-	
-    /**
-     *
-     * @return
-     */
-    public String getName() {
-		return name;
-	}
-	
-    /**
-     *
-     * @param name
-     */
-    public void setName(String name) {
-		this.name = name;
-	}
-
-	
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLJavaScriptTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLJavaScriptTag.java
@@ -5,7 +5,6 @@
 import javax.servlet.jsp.JspTagException;
 import javax.servlet.jsp.JspWriter;
 import javax.servlet.jsp.tagext.BodyContent;
-import javax.servlet.jsp.tagext.BodyTag;
 import javax.servlet.jsp.tagext.BodyTagSupport;
 
 import org.owasp.esapi.ESAPI;
@@ -20,26 +19,7 @@ public class EncodeForHTMLJavaScriptTag extends BodyTagSupport {
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = 1L;
-	private String name;
-	
-    /**
-     *
-     */
-    public EncodeForHTMLJavaScriptTag() {}
-	
-	
-	
-    /**
-     *
-     * @return
-     */
-    public int doStartTag() {
-					
-		//return EVAL_BODY_TAG; <-- Deprecated
-		return BodyTag.EVAL_BODY_BUFFERED;
-	}
-
+	private static final long serialVersionUID = 2L;
 	
     /**
      *
@@ -58,32 +38,14 @@ public int doAfterBody() throws JspTagException {
 			
 			Encoder e = ESAPI.encoder();
 			
-			out.println( e.encodeForJavaScript(content) );
+			out.print( e.encodeForJavaScript(content) );
 			body.clearBody();
 			
-			return EVAL_PAGE;
+			return SKIP_BODY;
 			
 		} catch (IOException ioe) {
-			throw new JspTagException("error in encodeForHTML tag doAfterBody()",ioe);
+			throw new JspTagException("error writing to body's enclosing writer",ioe);
 		}
 		
 	}
-
-	
-    /**
-     *
-     * @return
-     */
-    public String getName() {
-		return name;
-	}
-	
-    /**
-     *
-     * @param name
-     */
-    public void setName(String name) {
-		this.name = name;
-	}
-	
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
@@ -5,7 +5,6 @@
 import javax.servlet.jsp.JspTagException;
 import javax.servlet.jsp.JspWriter;
 import javax.servlet.jsp.tagext.BodyContent;
-import javax.servlet.jsp.tagext.BodyTag;
 import javax.servlet.jsp.tagext.BodyTagSupport;
 
 import org.owasp.esapi.ESAPI;
@@ -20,25 +19,7 @@ public class EncodeForHTMLTag extends BodyTagSupport {
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = 1L;
-	private String name;
-	
-    /**
-     *
-     */
-    public EncodeForHTMLTag() {}
-	
-	
-    /**
-     *
-     * @return
-     */
-    public int doStartTag() {
-					
-		//return EVAL_BODY_TAG; <-- Deprecated
-		return BodyTag.EVAL_BODY_BUFFERED;
-	}
-
+	private static final long serialVersionUID = 2L;
 	
     /**
      *
@@ -57,33 +38,14 @@ public int doAfterBody() throws JspTagException {
 			
 			Encoder e = ESAPI.encoder();
 			
-			out.println( e.encodeForHTML(content) );
+			out.print( e.encodeForHTML(content) );
 			body.clearBody();
 			
-			return EVAL_PAGE;
+			return SKIP_BODY;
 			
 		} catch (IOException ioe) {
-			throw new JspTagException("error in encodeForHTML tag doAfterBody()",ioe);
+			throw new JspTagException("error writing to body's enclosing writer",ioe);
 		}
 		
 	}
-
-	
-    /**
-     *
-     * @return
-     */
-    public String getName() {
-		return name;
-	}
-	
-    /**
-     *
-     * @param name
-     */
-    public void setName(String name) {
-		this.name = name;
-	}
-
-	
 }
diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
@@ -5,7 +5,6 @@
 import javax.servlet.jsp.JspTagException;
 import javax.servlet.jsp.JspWriter;
 import javax.servlet.jsp.tagext.BodyContent;
-import javax.servlet.jsp.tagext.BodyTag;
 import javax.servlet.jsp.tagext.BodyTagSupport;
 
 import org.owasp.esapi.ESAPI;
@@ -20,35 +19,7 @@ public class EncodeForVBScriptTag extends BodyTagSupport {
 	/**
 	 * 
 	 */
-	private static final long serialVersionUID = 1L;
-	private String name;
-	
-    /**
-     *
-     */
-    public EncodeForVBScriptTag() {}
-	
-	
-    /**
-     *
-     * @return
-     */
-    public int doStartTag() {
-					
-		//return EVAL_BODY_TAG; <-- Deprecated
-		return BodyTag.EVAL_BODY_BUFFERED;
-
-	}
-	
-    /**
-     *
-     * @return
-     */
-    public int doEndTag() {
-		
-		return SKIP_BODY;
-		
-	}
+	private static final long serialVersionUID = 2L;
 	
     /**
      *
@@ -67,32 +38,14 @@ public int doAfterBody() throws JspTagException {
 		
 		try {
 			
-			out.println( e.encodeForVBScript(content) );
+			out.print( e.encodeForVBScript(content) );
 			body.clearBody();
 			
 		} catch (IOException ioe) {
-			throw new JspTagException("error in encodeForHTML tag doAfterBody()",ioe);
+			throw new JspTagException("error writing to body's enclosing writer",ioe);
 		}
 		
 		return SKIP_BODY;
 
 	}
-	
-    /**
-     *
-     * @return
-     */
-    public String getName() {
-		return name;
-	}
-	
-    /**
-     *
-     * @param name
-     */
-    public void setName(String name) {
-		this.name = name;
-	}
-
-	
 }
