Last active
September 29, 2015 12:16
-
-
Save croucha/2e2925264890886cbf4d to your computer and use it in GitHub Desktop.
Util XSS escape test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package your.package.name; | |
// 2.6 | |
//import org.apache.commons.lang.StringEscapeUtils; | |
// 3 + | |
import org.apache.commons.lang3.StringEscapeUtils; | |
/** | |
* | |
* @author croucha | |
*/ | |
public class EscapeUtils { | |
/** | |
* Escapes the characters in a string using HTML entities. | |
* For example: | |
* "bread" & "butter" | |
* becomes: | |
* "bread" & "butter". | |
* | |
* @param input, the raw object to escape. | |
* @return the raw string with all HTML characters replaced with entity values. | |
*/ | |
public static String escape(Object input) { | |
if (input == null || "".equals(input)) { | |
return ""; | |
} else { | |
return StringEscapeUtils.escapeHtml4(input.toString()); | |
} | |
} | |
/** | |
* @example | |
* import static your.package.name.EscapeUtils.test; | |
* // Returns the bird’s are singing | |
* test(); | |
*/ | |
public static String test() { | |
String result = StringEscapeUtils.escapeHtml4("<script>alert('hackie')</script>"); | |
result = StringEscapeUtils.escapeHtml4("the bird's are singing"); | |
//String result = StringEscapeUtils.escapeHtml("<script>alert('hackie')</script>"); | |
//result = StringEscapeUtils.escapeHtml("the bird's are singing"); | |
return result; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment