Module jakarta.mvc

Interface Encoders


public interface Encoders
Interface that provides encoders to escape code in JavaScript, HTML, etc. Encoding data is a way to prevent XSS attacks by ensuring it is not misinterpreted as running code. Implementations of this interface are injectable and accessible from EL via the MvcContext class as mvc.encoders.
Since:
1.0
See Also:
  • Method Summary

    Modifier and Type
    Method
    Description
    Encoding for HTML code in attributes or content.
    Encoding for JavaScript code in attributes or script blocks.
  • Method Details

    • js

      String js(String s)

      Encoding for JavaScript code in attributes or script blocks. It MUST support encoding of (at least) the following characters:

      Encoding Table
      Input CharacterEncoding
      U+0008 (BS)\b
      U+0009 (HT)\t
      U+000A (LF)\n
      U+000C (FF)\f
      U+000D (CR)\r
      /\/
      \\\
      "\x22
      &\x26
      '\x27
      U+0000-U001F\x##
      Parameters:
      s - string to encode.
      Returns:
      encoded string.
    • html

      String html(String s)

      Encoding for HTML code in attributes or content. It MUST support encoding of (at least) the following characters:

      Encoding Table
      Input CharacterEncoding
      &&
      <&lt;
      >&gt;
      "&#34;
      '&#39;
      Parameters:
      s - string to encode.
      Returns:
      encoded string.