eXept Software AG Logo

Smalltalk/X Webserver

Documentation of class 'HtmlSanitizer':
Home

everywhere
www.exept.de
for:
[back]

Class: HtmlSanitizer

Inheritance:

   Object
   |
   +--HtmlSanitizer
Package:
stx:goodies/webServer
Category:
Net-Communication-HTTP-Server
Version:
rev: 1.4 date: 2009/09/29 19:32:44
user: cg
file: HtmlSanitizer.st directory: goodies/webServer
module: stx stc-classLibrary: webServer
Author:
james (james@kokxnix)

Description:


A port of http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php.

The function should take a string and sanitize so it is safe from cross side scripting attacks (XSS). It adds <x> to dangerous keywords
and removes non viewable characters.

The main function of the class is #sanitizeHtml:aString.



[instance variables:]

[class variables:]

Related information:





Class protocol:

api




o 
 sanitizeHtml: aString


return a html string that has all potential crossscripting attacks disabled. 

     This version does not take Unicode into account





encoding




o 
 encodeToHtmlDec: aString


encoding a String to HTML decimal encoding





o 
 encodeToHtmlHex: aString


encoding a String to HTML hex encoding





o 
 encodeToUrlHex: aString


encoding a String to URL hex encoding





helpers




o 
 recursivelyDecodeHtml: aString


recursivelyDecode all characters





o 
 recursivelyDecodeHtml: aString do: aTwoArgCallbackBlock


    Recursively decode aString to decode hexidecimal and decimal encodings in 

    html strings. Decide how and what to decode by returning a string from the 

    aTwoArgCallbackBlock. The returned string is then set as the replaced character.



    The aTwoArgCallbackBlock receives a Char and the encoding as arguments.



    return: <String>





o 
 sanitizeKeywordsAndRemoveIllegalSpaces: aString


add <x> to dangerous keywords and remove the characters with ascii values: 9 10 13





initialization




o 
 emptyOrTNRWhitespaceAttacksRegex


a Regex that matches an emptyString or the hexidecimal or decimal encodings of cr lf and tab





o 
 initializeSanitizedKeywordsNerfedKeywordsAndPatterns






o 
 keywordRegex






o 
 nerfedKeywords






o 
 sanitizeKeywords


keywords that are considered a possible XSS attack








          		
        

        

          
            

          		
          
            

              
ST/X 6.1.1; WebServer 1.620 at exept:8081; Wed, 23 May 2012 19:29:53 GMT