Package com.logicaldoc.web.xss
Class XssRequestWrapper
- java.lang.Object
-
- javax.servlet.ServletRequestWrapper
-
- javax.servlet.http.HttpServletRequestWrapper
-
- com.logicaldoc.web.xss.XssRequestWrapper
-
- All Implemented Interfaces:
javax.servlet.http.HttpServletRequest
,javax.servlet.ServletRequest
public class XssRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper
This wrapper implements the checks for avoiding the Cross Site Scripting (XSS).
See https://www.owasp.org/index.php/XSS
See https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html *- Since:
- 8.7
- Author:
- Marco Meschieri - LogicalDOC
-
-
Constructor Summary
Constructors Constructor Description XssRequestWrapper(javax.servlet.http.HttpServletRequest servletRequest)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getHeader(String name)
String
getParameter(String parameter)
String[]
getParameterValues(String parameter)
-
Methods inherited from class javax.servlet.http.HttpServletRequestWrapper
authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isUserInRole, login, logout, upgrade
-
Methods inherited from class javax.servlet.ServletRequestWrapper
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterMap, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync
-
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface javax.servlet.ServletRequest
getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterMap, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync
-
-
-
-
Method Detail
-
getParameterValues
public String[] getParameterValues(String parameter)
- Specified by:
getParameterValues
in interfacejavax.servlet.ServletRequest
- Overrides:
getParameterValues
in classjavax.servlet.ServletRequestWrapper
-
getParameter
public String getParameter(String parameter)
- Specified by:
getParameter
in interfacejavax.servlet.ServletRequest
- Overrides:
getParameter
in classjavax.servlet.ServletRequestWrapper
-
-