Package com.logicaldoc.web.filter.xss

Class XssRequestWrapper

java.lang.Object
javax.servlet.ServletRequestWrapper
javax.servlet.http.HttpServletRequestWrapper
com.logicaldoc.web.filter.xss.XssRequestWrapper
All Implemented Interfaces:
javax.servlet.http.HttpServletRequest, javax.servlet.ServletRequest
public class XssRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper
This wrapper implements the checks for avoiding the Cross Site Scripting (XSS).
See https://www.owasp.org/index.php/XSS
See https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html *
Since:
8.7
Author:
Marco Meschieri - LogicalDOC

  • Field Summary

    Fields inherited from interface javax.servlet.http.HttpServletRequest

    BASIC_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH, FORM_AUTH

  • Constructor Summary

    Constructors
    Constructor
    Description
    XssRequestWrapper(javax.servlet.http.HttpServletRequest servletRequest)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getHeader(String name)
     
    String
    getParameter(String parameter)
     
    String[]
    getParameterValues(String parameter)
     

    Methods inherited from class javax.servlet.http.HttpServletRequestWrapper

    authenticate, changeSessionId, getAuthType, getContextPath, getCookies, getDateHeader, getHeaderNames, getHeaders, getIntHeader, getMethod, getPart, getParts, getPathInfo, getPathTranslated, getQueryString, getRemoteUser, getRequestedSessionId, getRequestURI, getRequestURL, getServletPath, getSession, getSession, getUserPrincipal, isRequestedSessionIdFromCookie, isRequestedSessionIdFromUrl, isRequestedSessionIdFromURL, isRequestedSessionIdValid, isUserInRole, login, logout, upgrade

    Methods inherited from class javax.servlet.ServletRequestWrapper

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterMap, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequest, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, isWrapperFor, isWrapperFor, removeAttribute, setAttribute, setCharacterEncoding, setRequest, startAsync, startAsync

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface javax.servlet.ServletRequest

    getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameterMap, getParameterNames, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

  • Constructor Details

    • XssRequestWrapper

      public XssRequestWrapper(javax.servlet.http.HttpServletRequest servletRequest)

  • Method Details

    • getParameterValues

      public String[] getParameterValues(String parameter)
      Specified by:
      getParameterValues in interface javax.servlet.ServletRequest
      Overrides:
      getParameterValues in class javax.servlet.ServletRequestWrapper

    • getParameter

      public String getParameter(String parameter)
      Specified by:
      getParameter in interface javax.servlet.ServletRequest
      Overrides:
      getParameter in class javax.servlet.ServletRequestWrapper

    • getHeader

      public String getHeader(String name)
      Specified by:
      getHeader in interface javax.servlet.http.HttpServletRequest
      Overrides:
      getHeader in class javax.servlet.http.HttpServletRequestWrapper