Package com.logicaldoc.web.xss

Class XssRequestWrapper

java.lang.Object

javax.servlet.ServletRequestWrapper

javax.servlet.http.HttpServletRequestWrapper

com.logicaldoc.web.xss.XssRequestWrapper

All Implemented Interfaces:

javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest

public class XssRequestWrapper
extends javax.servlet.http.HttpServletRequestWrapper

This wrapper implements the checks for avoiding the Cross Site Scripting (XSS).
See https://www.owasp.org/index.php/XSS
See https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html *

Since:

8.7

Author:

Marco Meschieri - LogicalDOC

Field Summary

Fields inherited from interface javax.servlet.http.HttpServletRequest

BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

Constructor Summary

Constructors

Constructor	Description
XssRequestWrapper(javax.servlet.http.HttpServletRequest servletRequest)

Method Summary

Modifier and Type	Method	Description
String	getHeader(String name)
String	getParameter(String parameter)
String[]	getParameterValues(String parameter)

Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isUserInRole, login, logout, upgrade

Methods inherited from class javax.servlet.ServletRequestWrapper

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterMap, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.servlet.ServletRequest

getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterMap, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

Constructor Details

XssRequestWrapper

public XssRequestWrapper(javax.servlet.http.HttpServletRequest servletRequest)

Method Details

getParameterValues

public String[] getParameterValues(String parameter)

Specified by:

getParameterValues in interface javax.servlet.ServletRequest

Overrides:

getParameterValues in class javax.servlet.ServletRequestWrapper

getParameter

public String getParameter(String parameter)

Specified by:

getParameter in interface javax.servlet.ServletRequest

Overrides:

getParameter in class javax.servlet.ServletRequestWrapper

getHeader

public String getHeader(String name)

Specified by:

getHeader in interface javax.servlet.http.HttpServletRequest

Overrides:

getHeader in class javax.servlet.http.HttpServletRequestWrapper