Class MessageSanitizerContainerResponseFilter
- java.lang.Object
-
- org.jboss.resteasy.plugins.interceptors.encoding.MessageSanitizerContainerResponseFilter
-
- All Implemented Interfaces:
javax.ws.rs.container.ContainerResponseFilter
@Provider @Priority(4000) public class MessageSanitizerContainerResponseFilter extends java.lang.Object implements javax.ws.rs.container.ContainerResponseFilter
(RESTEASY-1485) Thwart select XSS attack by escaping special chars in Exception message. User: rsearls Date: 9/16/16
-
-
Field Summary
Fields Modifier and Type Field Description private static java.util.HashMap<java.lang.String,java.lang.String>
replacementMap
-
Constructor Summary
Constructors Constructor Description MessageSanitizerContainerResponseFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private boolean
containsHtmlText(java.util.ArrayList<java.lang.Object> list)
private java.lang.String
escapeXml(java.lang.String str)
Replace char with the hex encodingvoid
filter(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext)
-
-
-
Method Detail
-
filter
public void filter(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext) throws java.io.IOException
- Specified by:
filter
in interfacejavax.ws.rs.container.ContainerResponseFilter
- Throws:
java.io.IOException
-
escapeXml
private java.lang.String escapeXml(java.lang.String str)
Replace char with the hex encoding- Parameters:
str
-- Returns:
-
containsHtmlText
private boolean containsHtmlText(java.util.ArrayList<java.lang.Object> list)
-
-