Skip to content

Commit ffd60ef

Browse files
author
schallee@darkmist.net
committed
Backport current JSP tag libraries from 2.0rcs to 1.4.1rcs
No changes were needed.
1 parent 5350735 commit ffd60ef

16 files changed

Lines changed: 946 additions & 332 deletions

src/main/java/org/owasp/esapi/tags/BaseEncodeTag.java

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
/*
2+
* OWASP Enterprise Security API (ESAPI)
3+
*
4+
* This file is part of the Open Web Application Security Project (OWASP)
5+
* Enterprise Security API (ESAPI) project. For details, please see
6+
* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
7+
*
8+
* Copyright (c) 2007 - The OWASP Foundation
9+
*
10+
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
11+
* LICENSE before you use, modify, and/or redistribute this software.
12+
*
13+
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
14+
* @created 2007
15+
*/
16+
17+
package org.owasp.esapi.tags;
18+
19+
import java.io.IOException;
20+
21+
import javax.servlet.jsp.JspTagException;
22+
import javax.servlet.jsp.JspWriter;
23+
import javax.servlet.jsp.tagext.BodyTagSupport;
24+
25+
import org.owasp.esapi.ESAPI;
26+
import org.owasp.esapi.Encoder;
27+
28+
/** Abstract base class for tags that just encode their bodies with Encoder methods. */
29+
public abstract class BaseEncodeTag extends BodyTagSupport
30+
{
31+
private static final long serialVersionUID = 1L;
32+
33+
/**
34+
* Encode tag's content.
35+
* @param content The tag's content as a String
36+
* @param enc Encoder provided as a convinence.
37+
* @return content encoded by the subclass's implementation.
38+
*/
39+
protected abstract String encode(String content, Encoder enc) throws JspTagException;
40+
41+
/**
42+
* After tag body parsing handler. This provides the necessary
43+
* plubming to allow subclasses to just concern themselves with
44+
* encoding a single string.
45+
* @return {@link javax.servlet.jsp.tagext.Tag#SKIP_BODY}
46+
* @throws JspTagException if writing to the bodyContent's
47+
* enclosing writer throws an IOException.
48+
*/
49+
public int doAfterBody() throws JspTagException
50+
{
51+
String content;
52+
JspWriter out;
53+
54+
content = bodyContent.getString();
55+
out = bodyContent.getEnclosingWriter();
56+
57+
content = encode(content, ESAPI.encoder());
58+
try
59+
{
60+
out.print(content);
61+
}
62+
catch (IOException e)
63+
{
64+
throw new JspTagException("Error writing to body's enclosing JspWriter",e);
65+
}
66+
67+
bodyContent.clearBody();
68+
return SKIP_BODY;
69+
}
70+
}

src/main/java/org/owasp/esapi/tags/ELEncodeFunctions.java

Lines changed: 172 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,172 @@
1+
package org.owasp.esapi.tags;
2+
3+
import java.io.UnsupportedEncodingException;
4+
5+
import org.owasp.esapi.ESAPI;
6+
import org.owasp.esapi.Encoder;
7+
import org.owasp.esapi.errors.EncodingException;
8+
9+
/**
10+
* Static encoder methods for JSP EL expression functions.
11+
*/
12+
public class ELEncodeFunctions
13+
{
14+
private static final String DEFAULT_ENCODING = "UTF-8";
15+
16+
/**
17+
* Private constructor as this class shouldn't need to be
18+
* instantiated.
19+
*/
20+
private ELEncodeFunctions()
21+
{
22+
}
23+
24+
/**
25+
* Base64 encode a string. UTF-8 is used to encode the string and no line wrapping is performed.
26+
* @param str The string to encode.
27+
* @return The base64 encoded String.
28+
* @see Encoder#encodeForBase64(byte[],boolean)
29+
* @throws UnsupportedEncodingException if UTF-8 is an unsupported character set. This should not happen as UTF-8 is required to be supported by the JVM spec.
30+
*/
31+
public static String encodeForBase64(String str) throws UnsupportedEncodingException
32+
{
33+
return encodeForBase64Charset(DEFAULT_ENCODING, str);
34+
}
35+
36+
/**
37+
* Base64 encode a string with line wrapping. UTF-8 is used to encode the string and lines are wrapped at 64 characters..
38+
* @param str The string to encode.
39+
* @return The base64 encoded String.
40+
* @see Encoder#encodeForBase64(byte[],boolean)
41+
* @throws UnsupportedEncodingException if UTF-8 is an unsupported character set. This should not happen as UTF-8 is required to be supported by the JVM spec.
42+
*/
43+
public static String encodeForBase64Wrap(String str) throws UnsupportedEncodingException
44+
{
45+
return encodeForBase64CharsetWrap(DEFAULT_ENCODING, str);
46+
}
47+
48+
/**
49+
* Base64 encode a string after converting to bytes using the specified character set. No line wrapping is performed.
50+
* @param charset The character set used to convert str to bytes.
51+
* @param str The string to encode.
52+
* @return The base64 encoded String.
53+
* @see Encoder#encodeForBase64(byte[],boolean)
54+
* @throws UnsupportedEncodingException if charset is an unsupported character set.
55+
*/
56+
public static String encodeForBase64Charset(String charset, String str) throws UnsupportedEncodingException
57+
{
58+
return ESAPI.encoder().encodeForBase64(str.getBytes(charset), false);
59+
}
60+
61+
/**
62+
* Base64 encode a string after converting to bytes using the specified character set and wrapping lines. Lines are wrapped at 64 characters.
63+
* @param charset The character set used to convert str to bytes.
64+
* @param str The string to encode.
65+
* @return The base64 encoded String.
66+
* @see Encoder#encodeForBase64(byte[],boolean)
67+
* @throws UnsupportedEncodingException if charset is an unsupported character set.
68+
*/
69+
public static String encodeForBase64CharsetWrap(String charset, String str) throws UnsupportedEncodingException
70+
{
71+
return ESAPI.encoder().encodeForBase64(str.getBytes(charset), true);
72+
}
73+
74+
/**
75+
* Encode string for use in CSS.
76+
* @param str The string to encode.
77+
* @return str encoded for use in CSS.
78+
* @see Encoder#encodeForCSS(String)
79+
*/
80+
public static String encodeForCSS(String str)
81+
{
82+
return ESAPI.encoder().encodeForCSS(str);
83+
}
84+
85+
/**
86+
* Encode string for use in HTML.
87+
* @param str The string to encode.
88+
* @return str encoded for use in HTML.
89+
* @see Encoder#encodeForHTML(String)
90+
*/
91+
public static String encodeForHTML(String str)
92+
{
93+
return ESAPI.encoder().encodeForHTML(str);
94+
}
95+
96+
/**
97+
* Encode string for use in a HTML attribute.
98+
* @param str The string to encode.
99+
* @return str encoded for use in HTML attribute.
100+
* @see Encoder#encodeForHTMLAttribute(String)
101+
*/
102+
public static String encodeForHTMLAttribute(String str)
103+
{
104+
return ESAPI.encoder().encodeForHTMLAttribute(str);
105+
}
106+
107+
/**
108+
* Encode string for use in JavaScript.
109+
* @param str The string to encode.
110+
* @return str encoded for use in JavaScript.
111+
* @see Encoder#encodeForJavaScript(String)
112+
*/
113+
public static String encodeForJavaScript(String str)
114+
{
115+
return ESAPI.encoder().encodeForJavaScript(str);
116+
}
117+
118+
/**
119+
* Encode string for use in a URL.
120+
* @param str The string to encode.
121+
* @return str encoded for use in a URL.
122+
* @see Encoder#encodeForURL(String)
123+
*/
124+
public static String encodeForURL(String str) throws EncodingException
125+
{
126+
return ESAPI.encoder().encodeForURL(str);
127+
}
128+
129+
/**
130+
* Encode string for use in VBScript.
131+
* @param str The string to encode.
132+
* @return str encoded for use in VBScript.
133+
* @see Encoder#encodeForVBScript(String)
134+
*/
135+
public static String encodeForVBScript(String str)
136+
{
137+
return ESAPI.encoder().encodeForVBScript(str);
138+
}
139+
140+
/**
141+
* Encode string for use in XML.
142+
* @param str The string to encode.
143+
* @return str encoded for use in XML.
144+
* @see Encoder#encodeForXML(String)
145+
*/
146+
public static String encodeForXML(String str)
147+
{
148+
return ESAPI.encoder().encodeForXML(str);
149+
}
150+
151+
/**
152+
* Encode string for use in a XML attribute.
153+
* @param str The string to encode.
154+
* @return str encoded for use in XML attribute.
155+
* @see Encoder#encodeForXMLAttribute(String)
156+
*/
157+
public static String encodeForXMLAttribute(String str)
158+
{
159+
return ESAPI.encoder().encodeForXMLAttribute(str);
160+
}
161+
162+
/**
163+
* Encode string for use in XPath.
164+
* @param str The string to encode.
165+
* @return str encoded for use in XPath.
166+
* @see Encoder#encodeForXPath(String)
167+
*/
168+
public static String encodeForXPath(String str)
169+
{
170+
return ESAPI.encoder().encodeForXPath(str);
171+
}
172+
}

src/main/java/org/owasp/esapi/tags/EncodeForBase64Tag.java

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
package org.owasp.esapi.tags;
2+
3+
import java.io.UnsupportedEncodingException;
4+
5+
import javax.servlet.jsp.JspTagException;
6+
7+
import org.owasp.esapi.Encoder;
8+
9+
/**
10+
* JSP tag that encode's it's body using Base64.
11+
*/
12+
public class EncodeForBase64Tag extends BaseEncodeTag
13+
{
14+
private static final long serialVersionUID = 3L;
15+
/** @serial Flag determining line wrapping */
16+
private boolean wrap = false;
17+
/**
18+
* @serial Charset to use when converting content from a String
19+
* to byte[].
20+
*/
21+
private String encoding = "UTF-8";
22+
23+
/**
24+
* Encode tag's content using Base64.
25+
* @param content The tag's content as a String
26+
* @param enc Encoder used to call
27+
* {@link Encoder#encodeForBase64(byte[], boolean)}
28+
* @return content encoded in Base64
29+
*/
30+
protected String encode(String content, Encoder enc) throws JspTagException
31+
{
32+
try
33+
{
34+
return enc.encodeForBase64(content.getBytes(encoding), wrap);
35+
}
36+
catch(UnsupportedEncodingException e)
37+
{
38+
throw new JspTagException("Unsupported encoding " + enc,e);
39+
}
40+
}
41+
42+
/**
43+
* Set the encoding used to convert the content to bytes for
44+
* encoding. This defaults to UTF-8 if not specified.
45+
* @param encoding The encoding passed to {@link String#getBytes(String)}.
46+
*/
47+
public void setEncoding(String encoding)
48+
{
49+
this.encoding=encoding;
50+
}
51+
52+
/**
53+
* Get the encoding used to convert the content to bytes for
54+
* encoding.
55+
* @return encoding The encoding passed to
56+
* {@link String#getBytes(String)}.
57+
*/
58+
public String getEncoding()
59+
{
60+
return encoding;
61+
}
62+
63+
/**
64+
* Set whether line wrapping at 64 characters is performed. This
65+
* defaults to false.
66+
* @param wrap flag determining wrapping.
67+
*/
68+
public void setWrap(boolean wrap)
69+
{
70+
this.wrap=wrap;
71+
}
72+
73+
/**
74+
* Get whether line wrapping at 64 characters is performed. This
75+
* defaults to false.
76+
* @return value of flag determining wrapping.
77+
*/
78+
public boolean getWrap()
79+
{
80+
return wrap;
81+
}
82+
}

src/main/java/org/owasp/esapi/tags/EncodeForCSSTag.java

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
package org.owasp.esapi.tags;
2+
3+
import org.owasp.esapi.Encoder;
4+
5+
/**
6+
* JSP tag that encode's it's body for use in CSS.
7+
*/
8+
public class EncodeForCSSTag extends BaseEncodeTag
9+
{
10+
private static final long serialVersionUID = 3L;
11+
12+
/**
13+
* Encode tag's content for usage in CSS.
14+
* @param content The tag's content as a String
15+
* @param enc Encoder used to call
16+
* {@link Encoder#encodeForCSS(String)}
17+
* @return content encoded for usage in CSS
18+
*/
19+
protected String encode(String content, Encoder enc)
20+
{
21+
return enc.encodeForCSS(content);
22+
}
23+
}

0 commit comments

Comments
 (0)