Package org.opencms.jsp

Class CmsJspTagSecureParams

java.lang.Object

javax.servlet.jsp.tagext.TagSupport

org.opencms.jsp.CmsJspTagSecureParams

All Implemented Interfaces:

Serializable, javax.servlet.jsp.tagext.IterationTag, javax.servlet.jsp.tagext.JspTag, javax.servlet.jsp.tagext.Tag

public class CmsJspTagSecureParams
extends javax.servlet.jsp.tagext.TagSupport

This tag is used to enable parameter escaping for a single Flex Request.

See Also:

• Serialized Form

Field Summary

Fields inherited from class javax.servlet.jsp.tagext.TagSupport

id, pageContext

Fields inherited from interface javax.servlet.jsp.tagext.IterationTag

EVAL_BODY_AGAIN

Fields inherited from interface javax.servlet.jsp.tagext.Tag

EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE

Constructor Summary

Constructors

Constructor	Description
CmsJspTagSecureParams()

Method Summary

Modifier and Type	Method	Description
int	doStartTag()
static void	secureParamsTagAction(javax.servlet.ServletRequest request, String allowXml, String allowHtml, String policy, String replaceInvalid, String escapeInvalid)	Static method which provides the actual functionality of this tag.
void	setAllowHtml(String allowHtml)	Sets the 'allowHtml' parameter.
void	setAllowXml(String allowXml)	Sets the 'allowXml' parameter.
void	setEscapeInvalid(String escapeInvalid)	Sets the parameters which should still be XML escaped, even if replaceInvalid is set.
void	setPolicy(String policy)	Sets the 'policy' parameter.
void	setReplaceInvalid(String replaceInvalid)	Sets the 'bad value', which, if set, is used as a replacement for values that would otherwise be XML-escaped.

Methods inherited from class javax.servlet.jsp.tagext.TagSupport

doAfterBody, doEndTag, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CmsJspTagSecureParams

public CmsJspTagSecureParams()

Method Details

secureParamsTagAction

public static void secureParamsTagAction(javax.servlet.ServletRequest request,
 String allowXml,
 String allowHtml,
 String policy,
 String replaceInvalid,
 String escapeInvalid)

Static method which provides the actual functionality of this tag.

Parameters:

request - the request for which the parameters should be escaped

allowXml - the comma-separated list of parameters for which XML characters will not be escaped

allowHtml - the comma-separated list of parameters for which HTML will be allowed, but be escaped

policy - the site path of an AntiSamy policy file

replaceInvalid - if not null, replaces parameters that would otherwise be

escapeInvalid - a comma-separated list of the names of parameters which should still be escaped even if replaceInvalid is set

doStartTag

public int doStartTag()

Specified by:

doStartTag in interface javax.servlet.jsp.tagext.Tag

Overrides:

doStartTag in class javax.servlet.jsp.tagext.TagSupport

See Also:

• Tag.doStartTag()

setAllowHtml

public void setAllowHtml(String allowHtml)

Sets the 'allowHtml' parameter.

Parameters:

allowHtml - the new 'allowHtml' parameter

setAllowXml

public void setAllowXml(String allowXml)

Sets the 'allowXml' parameter.

Parameters:

allowXml - the new 'allowXml' parameter

setEscapeInvalid

public void setEscapeInvalid(String escapeInvalid)

Sets the parameters which should still be XML escaped, even if replaceInvalid is set.

Parameters:

escapeInvalid - a comma-separated list of parameter names

setPolicy

public void setPolicy(String policy)

Sets the 'policy' parameter.

Parameters:

policy - the new 'policy' parameter

setReplaceInvalid

public void setReplaceInvalid(String replaceInvalid)

Sets the 'bad value', which, if set, is used as a replacement for values that would otherwise be XML-escaped.

Parameters:

replaceInvalid - the bad value