src/main/java/org/apache/sling/scripting/jsp/taglib/EncodeTag.java - sling-org-apache-sling-scripting-jsp-taglib - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sling.scripting.jsp.taglib;

 import java.io.IOException;

 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.BodyTagSupport;

 import org.apache.commons.lang3.StringUtils;
 import org.apache.sling.scripting.jsp.taglib.internal.XSSSupport;
 import org.apache.sling.scripting.jsp.taglib.internal.XSSSupport.EncodingMode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 /**
  * Tag for writing properly XSS encoded text to the response using the OWASP
  * ESAPI for supporting a number of encoding modes.
  */
 public class EncodeTag extends BodyTagSupport {

     private static final long serialVersionUID = 5673936481350419997L;

     private static final Logger log = LoggerFactory.getLogger(EncodeTag.class);
     private String value;
     private String defaultValue;
     private EncodingMode mode;
     private boolean readBody = false;

     /*
      * (non-Javadoc)
      *
      * @see javax.servlet.jsp.tagext.TagSupport#doEndTag()
      */
     @Override
     public int doEndTag() throws JspException {
         log.trace("doEndTag");

         if (readBody && bodyContent != null && bodyContent.getString() != null) {
             String encoded = XSSSupport.encode(bodyContent.getString(), mode);
             write(encoded);
         }
         return EVAL_PAGE;
     }

     /*
      * (non-Javadoc)
      *
      * @see javax.servlet.jsp.tagext.BodyTagSupport#doStartTag()
      */
     @Override
     public int doStartTag() throws JspException {
         int res = SKIP_BODY;
         String unencoded = value;
         if (StringUtils.isBlank(unencoded)) {
             unencoded = defaultValue;
         }

         if (unencoded != null) {
             String encoded = XSSSupport.encode(unencoded, mode);
             write(encoded);
         } else {
             readBody = true;
             res = EVAL_BODY_BUFFERED;
         }
         return res;
     }

     /**
      * @return the default value
      */
     public String getDefault() {
         return defaultValue;
     }

     /**
      * @return the mode
      */
     public String getMode() {
         return mode.toString();
     }

     /**
      * @return the value
      */
     public String getValue() {
         return value;
     }

     /**
      * @param defaultValue the default value to set
      */
     public void setDefault(String defaultValue) {
         this.defaultValue = defaultValue;
     }

     /**
      * @param mode the mode to set
      */
     public void setMode(String mode) {
         this.mode = XSSSupport.getEncodingMode(mode);
     }

     /**
      * @param value the value to set
      */
     public void setValue(String value) {
         this.value = value;
     }

     /**
      * Writes the encoded text to the response.
      *
      * @param encoded the encoded text to write to the page
      * @throws JspException
      */
     private void write(String encoded) throws JspException {
         if (encoded != null && !encoded.isEmpty()) {
             try {
                 pageContext.getOut().write(encoded);
             } catch (IOException e) {
                 log.error("Exception writing escaped content to page", e);
                 throw new JspException("Exception writing escaped content to page", e);
             }
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sling.scripting.jsp.taglib;

	import java.io.IOException;

	import javax.servlet.jsp.JspException;
	import javax.servlet.jsp.tagext.BodyTagSupport;

	import org.apache.commons.lang3.StringUtils;
	import org.apache.sling.scripting.jsp.taglib.internal.XSSSupport;
	import org.apache.sling.scripting.jsp.taglib.internal.XSSSupport.EncodingMode;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	/**
	* Tag for writing properly XSS encoded text to the response using the OWASP
	* ESAPI for supporting a number of encoding modes.
	*/
	public class EncodeTag extends BodyTagSupport {

	private static final long serialVersionUID = 5673936481350419997L;

	private static final Logger log = LoggerFactory.getLogger(EncodeTag.class);
	private String value;
	private String defaultValue;
	private EncodingMode mode;
	private boolean readBody = false;

	/*
	* (non-Javadoc)
	*
	* @see javax.servlet.jsp.tagext.TagSupport#doEndTag()
	*/
	@Override
	public int doEndTag() throws JspException {
	log.trace("doEndTag");

	if (readBody && bodyContent != null && bodyContent.getString() != null) {
	String encoded = XSSSupport.encode(bodyContent.getString(), mode);
	write(encoded);
	}
	return EVAL_PAGE;
	}

	/*
	* (non-Javadoc)
	*
	* @see javax.servlet.jsp.tagext.BodyTagSupport#doStartTag()
	*/
	@Override
	public int doStartTag() throws JspException {
	int res = SKIP_BODY;
	String unencoded = value;
	if (StringUtils.isBlank(unencoded)) {
	unencoded = defaultValue;
	}

	if (unencoded != null) {
	String encoded = XSSSupport.encode(unencoded, mode);
	write(encoded);
	} else {
	readBody = true;
	res = EVAL_BODY_BUFFERED;
	}
	return res;
	}

	/**
	* @return the default value
	*/
	public String getDefault() {
	return defaultValue;
	}

	/**
	* @return the mode
	*/
	public String getMode() {
	return mode.toString();
	}

	/**
	* @return the value
	*/
	public String getValue() {
	return value;
	}

	/**
	* @param defaultValue the default value to set
	*/
	public void setDefault(String defaultValue) {
	this.defaultValue = defaultValue;
	}

	/**
	* @param mode the mode to set
	*/
	public void setMode(String mode) {
	this.mode = XSSSupport.getEncodingMode(mode);
	}

	/**
	* @param value the value to set
	*/
	public void setValue(String value) {
	this.value = value;
	}

	/**
	* Writes the encoded text to the response.
	*
	* @param encoded the encoded text to write to the page
	* @throws JspException
	*/
	private void write(String encoded) throws JspException {
	if (encoded != null && !encoded.isEmpty()) {
	try {
	pageContext.getOut().write(encoded);
	} catch (IOException e) {
	log.error("Exception writing escaped content to page", e);
	throw new JspException("Exception writing escaped content to page", e);
	}
	}
	}
	}