Class MessageSanitizerContainerResponseFilter

  • All Implemented Interfaces:
    javax.ws.rs.container.ContainerResponseFilter

    @Provider
    @Priority(4000)
    public class MessageSanitizerContainerResponseFilter
    extends java.lang.Object
    implements javax.ws.rs.container.ContainerResponseFilter
    (RESTEASY-1485) Thwart select XSS attack by escaping special chars in Exception message. User: rsearls Date: 9/16/16
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static java.util.HashMap<java.lang.String,​java.lang.String> replacementMap  
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private boolean containsHtmlText​(java.util.ArrayList<java.lang.Object> list)  
      private java.lang.String escapeXml​(java.lang.String str)
      Replace char with the hex encoding
      void filter​(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • replacementMap

        private static final java.util.HashMap<java.lang.String,​java.lang.String> replacementMap
    • Constructor Detail

      • MessageSanitizerContainerResponseFilter

        public MessageSanitizerContainerResponseFilter()
    • Method Detail

      • filter

        public void filter​(javax.ws.rs.container.ContainerRequestContext requestContext,
                           javax.ws.rs.container.ContainerResponseContext responseContext)
                    throws java.io.IOException
        Specified by:
        filter in interface javax.ws.rs.container.ContainerResponseFilter
        Throws:
        java.io.IOException
      • escapeXml

        private java.lang.String escapeXml​(java.lang.String str)
        Replace char with the hex encoding
        Parameters:
        str -
        Returns:
      • containsHtmlText

        private boolean containsHtmlText​(java.util.ArrayList<java.lang.Object> list)