Class CmsJspTagSecureParams

  • All Implemented Interfaces:
    java.io.Serializable, javax.servlet.jsp.tagext.IterationTag, javax.servlet.jsp.tagext.JspTag, javax.servlet.jsp.tagext.Tag

    public class CmsJspTagSecureParams
    extends javax.servlet.jsp.tagext.TagSupport
    This tag is used to enable parameter escaping for a single Flex Request.

    See Also:
    Serialized Form
    • Field Summary

      • Fields inherited from class javax.servlet.jsp.tagext.TagSupport

        id, pageContext
      • Fields inherited from interface javax.servlet.jsp.tagext.IterationTag

        EVAL_BODY_AGAIN
      • Fields inherited from interface javax.servlet.jsp.tagext.Tag

        EVAL_BODY_INCLUDE, EVAL_PAGE, SKIP_BODY, SKIP_PAGE
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      int doStartTag()  
      static void secureParamsTagAction​(javax.servlet.ServletRequest request, java.lang.String allowXml, java.lang.String allowHtml, java.lang.String policy, java.lang.String replaceInvalid, java.lang.String escapeInvalid)
      Static method which provides the actual functionality of this tag.
      void setAllowHtml​(java.lang.String allowHtml)
      Sets the 'allowHtml' parameter.
      void setAllowXml​(java.lang.String allowXml)
      Sets the 'allowXml' parameter.
      void setEscapeInvalid​(java.lang.String escapeInvalid)
      Sets the parameters which should still be XML escaped, even if replaceInvalid is set.
      void setPolicy​(java.lang.String policy)
      Sets the 'policy' parameter.
      void setReplaceInvalid​(java.lang.String replaceInvalid)
      Sets the 'bad value', which, if set, is used as a replacement for values that would otherwise be XML-escaped.
      • Methods inherited from class javax.servlet.jsp.tagext.TagSupport

        doAfterBody, doEndTag, findAncestorWithClass, getId, getParent, getValue, getValues, release, removeValue, setId, setPageContext, setParent, setValue
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • secureParamsTagAction

        public static void secureParamsTagAction​(javax.servlet.ServletRequest request,
                                                 java.lang.String allowXml,
                                                 java.lang.String allowHtml,
                                                 java.lang.String policy,
                                                 java.lang.String replaceInvalid,
                                                 java.lang.String escapeInvalid)
        Static method which provides the actual functionality of this tag.

        Parameters:
        request - the request for which the parameters should be escaped
        allowXml - the comma-separated list of parameters for which XML characters will not be escaped
        allowHtml - the comma-separated list of parameters for which HTML will be allowed, but be escaped
        policy - the site path of an AntiSamy policy file
        replaceInvalid - if not null, replaces parameters that would otherwise be
        escapeInvalid - a comma-separated list of the names of parameters which should still be escaped even if replaceInvalid is set
      • doStartTag

        public int doStartTag()
        Specified by:
        doStartTag in interface javax.servlet.jsp.tagext.Tag
        Overrides:
        doStartTag in class javax.servlet.jsp.tagext.TagSupport
        See Also:
        Tag.doStartTag()
      • setAllowHtml

        public void setAllowHtml​(java.lang.String allowHtml)
        Sets the 'allowHtml' parameter.

        Parameters:
        allowHtml - the new 'allowHtml' parameter
      • setAllowXml

        public void setAllowXml​(java.lang.String allowXml)
        Sets the 'allowXml' parameter.

        Parameters:
        allowXml - the new 'allowXml' parameter
      • setEscapeInvalid

        public void setEscapeInvalid​(java.lang.String escapeInvalid)
        Sets the parameters which should still be XML escaped, even if replaceInvalid is set.
        Parameters:
        escapeInvalid - a comma-separated list of parameter names
      • setPolicy

        public void setPolicy​(java.lang.String policy)
        Sets the 'policy' parameter.

        Parameters:
        policy - the new 'policy' parameter
      • setReplaceInvalid

        public void setReplaceInvalid​(java.lang.String replaceInvalid)
        Sets the 'bad value', which, if set, is used as a replacement for values that would otherwise be XML-escaped.
        Parameters:
        replaceInvalid - the bad value