A C D E F G H I L M O P Q R S U V X 
All Classes All Packages

A

activate() - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
activate(ComponentContext, XSSFilterImpl.Configuration) - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
ALPHA - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
AttributeTranslatingTransformerFactoryImpl - Class in org.apache.sling.xss.impl
Translates configuration calls to specific unsupported attributes to the XMLConstants.FEATURE_SECURE_PROCESSING feature
AttributeTranslatingTransformerFactoryImpl() - Constructor for class org.apache.sling.xss.impl.AttributeTranslatingTransformerFactoryImpl
 
AUTHORITY - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 

C

check(PolicyHandler, String) - Method in class org.apache.sling.xss.impl.HtmlToHtmlContentContext
 
check(PolicyHandler, String) - Method in class org.apache.sling.xss.impl.PlainTextToHtmlContentContext
 
check(PolicyHandler, String) - Method in interface org.apache.sling.xss.impl.XSSFilterRule
Check to see if a given string contains policy violations.
check(ProtectionContext, String) - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
check(ProtectionContext, String) - Method in interface org.apache.sling.xss.XSSFilter
Indicates whether or not a given source string contains XSS policy violations.

D

deactivate() - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
deactivate() - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
DEC_OCTET - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
DEFAULT_CONTEXT - Static variable in interface org.apache.sling.xss.XSSFilter
Default context.

E

encodeForCSSString(String) - Method in interface org.apache.sling.xss.XSSAPI
Encodes a source string for writing to CSS string content.
encodeForCSSString(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
encodeForHTML(String) - Method in interface org.apache.sling.xss.XSSAPI
Encodes a source string for HTML element content.
encodeForHTML(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
encodeForHTMLAttr(String) - Method in interface org.apache.sling.xss.XSSAPI
Encodes a source string for writing to an HTML attribute value.
encodeForHTMLAttr(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
encodeForJSString(String) - Method in interface org.apache.sling.xss.XSSAPI
Encodes a source string for writing to JavaScript string content.
encodeForJSString(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
encodeForXML(String) - Method in interface org.apache.sling.xss.XSSAPI
Encodes a source string for XML element content.
encodeForXML(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
encodeForXMLAttr(String) - Method in interface org.apache.sling.xss.XSSAPI
Encodes a source string for writing to an XML attribute value.
encodeForXMLAttr(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 

F

FallbackATag - Class in org.apache.sling.xss.impl
 
FallbackATag(Tag) - Constructor for class org.apache.sling.xss.impl.FallbackATag
 
FallbackSlingPolicy - Class in org.apache.sling.xss.impl
 
FallbackSlingPolicy(InputStream) - Constructor for class org.apache.sling.xss.impl.FallbackSlingPolicy
 
filter(String) - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
filter(String) - Method in interface org.apache.sling.xss.XSSFilter
Prevents the given source string from containing XSS stuff.
filter(PolicyHandler, String) - Method in class org.apache.sling.xss.impl.HtmlToHtmlContentContext
 
filter(PolicyHandler, String) - Method in class org.apache.sling.xss.impl.PlainTextToHtmlContentContext
 
filter(PolicyHandler, String) - Method in interface org.apache.sling.xss.impl.XSSFilterRule
Filter a given string to remove any policy violations.
filter(ProtectionContext, String) - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
filter(ProtectionContext, String) - Method in interface org.apache.sling.xss.XSSFilter
Protects the given source string from containing XSS stuff.
filterHTML(String) - Method in interface org.apache.sling.xss.XSSAPI
Filters potentially user-contributed HTML to meet the AntiSamy policy rules currently in effect for HTML output (see the XSSFilter service for details).
filterHTML(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
FRAGMENT - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
fromName(String) - Static method in enum org.apache.sling.xss.ProtectionContext
Gets a protection context from the specified name.

G

getAction() - Method in class org.apache.sling.xss.impl.FallbackATag
 
getActivePolicy() - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
getAntiSamy() - Method in class org.apache.sling.xss.impl.PolicyHandler
 
getAttributeByName(String) - Method in class org.apache.sling.xss.impl.FallbackATag
 
getFallbackAntiSamy() - Method in class org.apache.sling.xss.impl.PolicyHandler
 
getName() - Method in class org.apache.sling.xss.impl.FallbackATag
 
getName() - Method in enum org.apache.sling.xss.ProtectionContext
Gets the name of the protection context.
getPath() - Method in class org.apache.sling.xss.impl.XSSFilterImpl.AntiSamyPolicy
 
getPolicy() - Method in class org.apache.sling.xss.impl.PolicyHandler
 
getRegularExpression() - Method in class org.apache.sling.xss.impl.FallbackATag
 
getTagByLowercaseName(String) - Method in class org.apache.sling.xss.impl.FallbackSlingPolicy
 
getValidCSSColor(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate a CSS color value.
getValidCSSColor(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidDimension(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate a string which should contain a dimension, returning a default value if the source is empty, can't be parsed, or contains XSS risks.
getValidDimension(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidDouble(String, double) - Method in interface org.apache.sling.xss.XSSAPI
Validate a string which should contain an double, returning a default value if the source is null, empty, can't be parsed, or contains XSS risks.
getValidDouble(String, double) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidHref(String) - Method in interface org.apache.sling.xss.XSSAPI
Sanitizes a URL for writing as an HTML href or src attribute value.
getValidHref(String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidInteger(String, int) - Method in interface org.apache.sling.xss.XSSAPI
Validate a string which should contain an integer, returning a default value if the source is null, empty, can't be parsed, or contains XSS risks.
getValidInteger(String, int) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidJSON(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate a JSON string
getValidJSON(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidJSToken(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate a Javascript token.
getValidJSToken(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidLong(String, long) - Method in interface org.apache.sling.xss.XSSAPI
Validate a string which should contain a long, returning a default value if the source is null, empty, can't be parsed, or contains XSS risks.
getValidLong(String, long) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidMultiLineComment(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate multi-line comment to be used inside a <script>...</script> or <style>...</style> block.
getValidMultiLineComment(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidStyleToken(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate a style/CSS token.
getValidStyleToken(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 
getValidXML(String, String) - Method in interface org.apache.sling.xss.XSSAPI
Validate an XML string
getValidXML(String, String) - Method in class org.apache.sling.xss.impl.XSSAPIImpl
 

H

H16 - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
HEX_DIGIT - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
HIER_PART - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
HOST - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
HTML_HTML_CONTENT - org.apache.sling.xss.ProtectionContext
Escape HTML for use inside element content (rules #6 and - to some degree - #1), using a policy to remove potentially malicous HTML
HtmlToHtmlContentContext - Class in org.apache.sling.xss.impl
This class implements an escaping rule to be used for cleaning up existing HTML content.
HtmlToHtmlContentContext() - Constructor for class org.apache.sling.xss.impl.HtmlToHtmlContentContext
 

I

IP_LITERAL - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
IPv4_ADDRESS - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
IPv6_ADDRESS - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
isAction(String) - Method in class org.apache.sling.xss.impl.FallbackATag
 
isEmbedded() - Method in class org.apache.sling.xss.impl.XSSFilterImpl.AntiSamyPolicy
 
isValidHref(String) - Method in class org.apache.sling.xss.impl.XSSFilterImpl
 
isValidHref(String) - Method in interface org.apache.sling.xss.XSSFilter
Checks if the given URL is valid to be used for the href attribute in a a tag.

L

LS32 - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 

M

mutateAction(String) - Method in class org.apache.sling.xss.impl.FallbackATag
 

O

org.apache.sling.xss - package org.apache.sling.xss
XSS Protection Service
org.apache.sling.xss.impl - package org.apache.sling.xss.impl
 

P

PATH_ABEMPTY - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PATH_ABSOLUTE - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PATH_EMPTY - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PATH_NOSCHEME - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PATH_ROOTLESS - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PCHAR - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PCT_ENCODED - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
PLAIN_HTML_CONTENT - org.apache.sling.xss.ProtectionContext
Escape plain text for use inside HTML content (rule #1)
PlainTextToHtmlContentContext - Class in org.apache.sling.xss.impl
Class that provides the capability of securing input provided as plain text for HTML output.
PlainTextToHtmlContentContext() - Constructor for class org.apache.sling.xss.impl.PlainTextToHtmlContentContext
 
PolicyHandler - Class in org.apache.sling.xss.impl
Class that provides the capability of securing input provided as plain text for HTML output.
PolicyHandler(InputStream) - Constructor for class org.apache.sling.xss.impl.PolicyHandler
Creates a PolicyHandler from an InputStream.
PORT - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
ProtectionContext - Enum in org.apache.sling.xss
This enumeration defines the context for executing XSS protection.

Q

QUERY - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 

R

read() - Method in class org.apache.sling.xss.impl.XSSFilterImpl.AntiSamyPolicy
 
REG_NAME - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
RELATIVE_PART - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
RELATIVE_REF - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 

S

SCHEME_PATTERN - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
SEGMENT_NZ - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
SEGMENT_NZ_NC - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
setAttribute(String, Object) - Method in class org.apache.sling.xss.impl.AttributeTranslatingTransformerFactoryImpl
 
SUB_DELIMS - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
supportsPolicy() - Method in class org.apache.sling.xss.impl.HtmlToHtmlContentContext
 
supportsPolicy() - Method in class org.apache.sling.xss.impl.PlainTextToHtmlContentContext
 
supportsPolicy() - Method in interface org.apache.sling.xss.impl.XSSFilterRule
 

U

UNRESERVED_CHARACTERS - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
URI - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 
USER_INFO - Static variable in class org.apache.sling.xss.impl.XSSFilterImpl
 

V

valueOf(String) - Static method in enum org.apache.sling.xss.ProtectionContext
Returns the enum constant of this type with the specified name.
values() - Static method in enum org.apache.sling.xss.ProtectionContext
Returns an array containing the constants of this enum type, in the order they are declared.

X

XSSAPI - Interface in org.apache.sling.xss
A service providing validators and encoders for XSS protection during the composition of HTML pages.
XSSAPIImpl - Class in org.apache.sling.xss.impl
 
XSSAPIImpl() - Constructor for class org.apache.sling.xss.impl.XSSAPIImpl
 
XSSFilter - Interface in org.apache.sling.xss
This service should be used to protect output against potential XSS attacks.
XSSFilterImpl - Class in org.apache.sling.xss.impl
This class implements the XSSFilter using the Antisamy XSS protection library found at http://code.google.com/p/owaspantisamy/.
XSSFilterImpl() - Constructor for class org.apache.sling.xss.impl.XSSFilterImpl
 
XSSFilterImpl.AntiSamyPolicy - Class in org.apache.sling.xss.impl
 
XSSFilterRule - Interface in org.apache.sling.xss.impl
This interface defines a protection context.
A C D E F G H I L M O P Q R S U V X 
All Classes All Packages