Class CmsJspTagSecureParams

java.lang.Object
javax.servlet.jsp.tagext.TagSupport
org.opencms.jsp.CmsJspTagSecureParams
All Implemented Interfaces:
Serializable, javax.servlet.jsp.tagext.IterationTag, javax.servlet.jsp.tagext.JspTag, javax.servlet.jsp.tagext.Tag

public class CmsJspTagSecureParams extends javax.servlet.jsp.tagext.TagSupport
This tag is used to enable parameter escaping for a single Flex Request.

See Also:
  • Field Summary

    Fields inherited from class javax.servlet.jsp.tagext.TagSupport

    id, pageContext

    Fields inherited from interface javax.servlet.jsp.tagext.IterationTag

    EVAL_BODY_AGAIN

    Fields inherited from interface javax.servlet.jsp.tagext.Tag

    EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    int
     
    static void
    secureParamsTagAction(javax.servlet.ServletRequest request, String allowXml, String allowHtml, String policy, String replaceInvalid, String escapeInvalid)
    Static method which provides the actual functionality of this tag.
    void
    setAllowHtml(String allowHtml)
    Sets the 'allowHtml' parameter.
    void
    setAllowXml(String allowXml)
    Sets the 'allowXml' parameter.
    void
    setEscapeInvalid(String escapeInvalid)
    Sets the parameters which should still be XML escaped, even if replaceInvalid is set.
    void
    setPolicy(String policy)
    Sets the 'policy' parameter.
    void
    setReplaceInvalid(String replaceInvalid)
    Sets the 'bad value', which, if set, is used as a replacement for values that would otherwise be XML-escaped.

    Methods inherited from class javax.servlet.jsp.tagext.TagSupport

    doAfterBody, doEndTag, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

  • Method Details

    • secureParamsTagAction

      public static void secureParamsTagAction(javax.servlet.ServletRequest request, String allowXml, String allowHtml, String policy, String replaceInvalid, String escapeInvalid)
      Static method which provides the actual functionality of this tag.

      Parameters:
      request - the request for which the parameters should be escaped
      allowXml - the comma-separated list of parameters for which XML characters will not be escaped
      allowHtml - the comma-separated list of parameters for which HTML will be allowed, but be escaped
      policy - the site path of an AntiSamy policy file
      replaceInvalid - if not null, replaces parameters that would otherwise be
      escapeInvalid - a comma-separated list of the names of parameters which should still be escaped even if replaceInvalid is set
    • doStartTag

      public int doStartTag()
      Specified by:
      doStartTag in interface javax.servlet.jsp.tagext.Tag
      Overrides:
      doStartTag in class javax.servlet.jsp.tagext.TagSupport
      See Also:
      • Tag.doStartTag()
    • setAllowHtml

      public void setAllowHtml(String allowHtml)
      Sets the 'allowHtml' parameter.

      Parameters:
      allowHtml - the new 'allowHtml' parameter
    • setAllowXml

      public void setAllowXml(String allowXml)
      Sets the 'allowXml' parameter.

      Parameters:
      allowXml - the new 'allowXml' parameter
    • setEscapeInvalid

      public void setEscapeInvalid(String escapeInvalid)
      Sets the parameters which should still be XML escaped, even if replaceInvalid is set.
      Parameters:
      escapeInvalid - a comma-separated list of parameter names
    • setPolicy

      public void setPolicy(String policy)
      Sets the 'policy' parameter.

      Parameters:
      policy - the new 'policy' parameter
    • setReplaceInvalid

      public void setReplaceInvalid(String replaceInvalid)
      Sets the 'bad value', which, if set, is used as a replacement for values that would otherwise be XML-escaped.
      Parameters:
      replaceInvalid - the bad value