Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Release 1.1.1 docs

  • Loading branch information...
commit ca046c4092c0e7be775a863faa86f261fe280331 1 parent 5f6582e
@jonpasski jonpasski authored
Showing with 4,247 additions and 87 deletions.
  1. +3 −3 allclasses-frame.html
  2. +3 −3 allclasses-noframe.html
  3. +5 −5 com/coverity/security/Escape.html
  4. +4 −4 com/coverity/security/EscapeEL.html
  5. +34 −11 com/coverity/security/Filter.html
  6. +22 −4 com/coverity/security/FilterEL.html
  7. +4 −4 com/coverity/security/class-use/Escape.html
  8. +4 −4 com/coverity/security/class-use/EscapeEL.html
  9. +4 −4 com/coverity/security/class-use/Filter.html
  10. +4 −4 com/coverity/security/class-use/FilterEL.html
  11. +3 −3 com/coverity/security/package-frame.html
  12. +11 −6 com/coverity/security/package-summary.html
  13. +4 −4 com/coverity/security/package-tree.html
  14. +4 −4 com/coverity/security/package-use.html
  15. +4 −4 constant-values.html
  16. +22 −0 coverity-escapers/docs/1.1.1/javadoc-api/allclasses-frame.html
  17. +22 −0 coverity-escapers/docs/1.1.1/javadoc-api/allclasses-noframe.html
  18. +647 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/Escape.html
  19. +373 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/EscapeEL.html
  20. +449 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/Filter.html
  21. +343 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/FilterEL.html
  22. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/class-use/Escape.html
  23. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/class-use/EscapeEL.html
  24. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/class-use/Filter.html
  25. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/class-use/FilterEL.html
  26. +23 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/package-frame.html
  27. +155 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/package-summary.html
  28. +127 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/package-tree.html
  29. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/package-use.html
  30. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/constant-values.html
  31. +115 −0 coverity-escapers/docs/1.1.1/javadoc-api/deprecated-list.html
  32. +216 −0 coverity-escapers/docs/1.1.1/javadoc-api/help-doc.html
  33. +290 −0 coverity-escapers/docs/1.1.1/javadoc-api/index-all.html
  34. +31 −0 coverity-escapers/docs/1.1.1/javadoc-api/index.html
  35. +131 −0 coverity-escapers/docs/1.1.1/javadoc-api/overview-tree.html
  36. +1 −0  coverity-escapers/docs/1.1.1/javadoc-api/package-list
  37. BIN  coverity-escapers/docs/1.1.1/javadoc-api/resources/background.gif
  38. BIN  coverity-escapers/docs/1.1.1/javadoc-api/resources/tab.gif
  39. BIN  coverity-escapers/docs/1.1.1/javadoc-api/resources/titlebar.gif
  40. BIN  coverity-escapers/docs/1.1.1/javadoc-api/resources/titlebar_end.gif
  41. +474 −0 coverity-escapers/docs/1.1.1/javadoc-api/stylesheet.css
  42. +4 −4 deprecated-list.html
  43. +4 −4 help-doc.html
  44. +11 −6 index-all.html
  45. +2 −2 index.html
  46. +4 −4 overview-tree.html
View
6 allclasses-frame.html
@@ -2,10 +2,10 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:52 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>All Classes (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>All Classes (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
View
6 allclasses-noframe.html
@@ -2,10 +2,10 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:52 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>All Classes (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>All Classes (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
View
10 com/coverity/security/Escape.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Escape (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Escape (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Escape (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Escape (coverity-escapers 1.1.1 API)";
}
//-->
</script>
@@ -116,7 +116,7 @@ <h2 title="Class Escape" class="title">Class Escape</h2>
Coverity products and these routines are completely standalone. Feel free to
use them! Just make sure you use them correctly.</div>
<dl><dt><span class="strong">Author:</span></dt>
- <dd>Romain Gaucher, Andy Chou, Jon Passki</dd></dl>
+ <dd>Romain Gaucher, Andy Chou, Jon Passki, Alex Kouzemtchenko</dd></dl>
</li>
</ul>
</div>
View
8 com/coverity/security/EscapeEL.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>EscapeEL (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>EscapeEL (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="EscapeEL (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="EscapeEL (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
45 com/coverity/security/Filter.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Filter (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Filter (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Filter (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Filter (coverity-escapers 1.1.1 API)";
}
//-->
</script>
@@ -98,6 +98,23 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
<br>
<pre>public class <span class="strong">Filter</span>
extends <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
+<div class="block">Filter is a small set of methods for filtering tainted data that cannot be escaped. These
+ methods may change the semantics of the data if it cannot be determined to be safe, however
+ great care has been taken in the design to ensure that they behave in a way that "makes
+ sense" intuitively
+ <p>
+ These methods fit into the nested escaper framework that the Escape class supports, and
+ should be used as the innermost "escaper" to ensure correctness, e.g.
+ &lt;iframe src="${cov:htmlEscape(cov:asURL(param.web)}"> &lt;/iframe>
+ Ensure that that param.web cannot escape the src attribute, but also ensures that it cannot
+ be a URL that causes XSS.
+ <p>
+ While Coverity's static analysis product references these escaping routines
+ as exemplars and understands their behavior, there is no dependency on
+ Coverity products and these routines are completely standalone. Feel free to
+ use them! Just make sure you use them correctly.</div>
+<dl><dt><span class="strong">Author:</span></dt>
+ <dd>Alex Kouzemtchenko, Romain Gaucher</dd></dl>
</li>
</ul>
</div>
@@ -229,7 +246,8 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
leading 0s and may be interpreted as octal numbers, in which case the leading 0s
are stripped.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>number</code> - the potential number to filter</dd>
-<dt><span class="strong">Returns:</span></dt><dd>a sanitised number or 0 if there is no conversion</dd></dl>
+<dt><span class="strong">Returns:</span></dt><dd>a sanitised number or 0 if there is no conversion</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.1</dd></dl>
</li>
</ul>
<a name="asNumber(java.lang.String, java.lang.String)">
@@ -242,7 +260,8 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;defaultNumber)</pre>
<div class="block">Identical to asNumber, except you can provide your own default value</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>number</code> - the potential number to filter</dd><dd><code>defaultNumber</code> - a default String to return if the number argument is not a Number</dd>
-<dt><span class="strong">Returns:</span></dt><dd>a sanitised number or defaultNumber if there is no conversion</dd></dl>
+<dt><span class="strong">Returns:</span></dt><dd>a sanitised number or defaultNumber if there is no conversion</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.1</dd></dl>
</li>
</ul>
<a name="asCssColor(java.lang.String)">
@@ -255,7 +274,7 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
<div class="block">asCssColor is useful when you need to insert dynamic data into a CSS color context, e.g.
&lt;style>
.userprofile {
- background-colo: ${cov:asCssColor(param.web)};
+ background-color: ${cov:asCssColor(param.web)};
}
&lt;/style>
@@ -274,7 +293,8 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
background-color defaults to transparent, while color defaults to inherit. This will
essentially preserve those semantics.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>color</code> - the potential css color to filter</dd>
-<dt><span class="strong">Returns:</span></dt><dd>the color specified or the string "invalid"</dd></dl>
+<dt><span class="strong">Returns:</span></dt><dd>the color specified or the string "invalid"</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.1</dd></dl>
</li>
</ul>
<a name="asCssColor(java.lang.String, java.lang.String)">
@@ -287,7 +307,8 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;defaultColor)</pre>
<div class="block">Identical to asCssColor, except you can provide your own default value</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>color</code> - the potential css color to filter</dd><dd><code>defaultColor</code> - a default String to return if the color argument is not a potentially valid CSS color</dd>
-<dt><span class="strong">Returns:</span></dt><dd>a sanitised color or defaultColor if there is no conversion</dd></dl>
+<dt><span class="strong">Returns:</span></dt><dd>a sanitised color or defaultColor if there is no conversion</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.1</dd></dl>
</li>
</ul>
<a name="asURL(java.lang.String)">
@@ -331,7 +352,8 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
<li>etc</li>
</ul></div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>url</code> - The potentially tainted URL to be Filtered</dd>
-<dt><span class="strong">Returns:</span></dt><dd>a safe version of the URL or <code>null</code> if <code>input</code> is null</dd></dl>
+<dt><span class="strong">Returns:</span></dt><dd>a safe version of the URL or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.1</dd></dl>
</li>
</ul>
<a name="asFlexibleURL(java.lang.String)">
@@ -352,7 +374,8 @@ <h2 title="Class Filter" class="title">Class Filter</h2>
The complexity of this function is necessary due to the parsing that browsers do when
they encounter URLs, e.g. stripping new lines and NUL bytes.</div>
<dl><dt><span class="strong">Parameters:</span></dt><dd><code>url</code> - The potentially tainted URL to be Filtered</dd>
-<dt><span class="strong">Returns:</span></dt><dd>a safe version of the URL or <code>null</code> if <code>input</code> is null</dd></dl>
+<dt><span class="strong">Returns:</span></dt><dd>a safe version of the URL or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.1</dd></dl>
</li>
</ul>
</li>
View
26 com/coverity/security/FilterEL.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>FilterEL (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>FilterEL (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="FilterEL (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="FilterEL (coverity-escapers 1.1.1 API)";
}
//-->
</script>
@@ -98,6 +98,24 @@ <h2 title="Class FilterEL" class="title">Class FilterEL</h2>
<br>
<pre>public class <span class="strong">FilterEL</span>
extends <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
+<div class="block">FilterEL is a wrapper class the provides alternative names for the filtering
+ methods in com.coverity.security.Filter. These alternative names are useful
+ primarily as EL functions in JSP files.
+ <p>
+ To use these functions in EL, use mvn package and then drop
+ <code>coverity-escapers-X.X.jar</code> into <code>WEB-INF/lib</code>. Then you can use the
+ following incantation to incorporate the tag library into EL to invoke these
+ functions:
+ <pre>
+ &lt;%@ taglib uri="http://coverity.com/security" prefix="cov" %&gt;
+
+ &lt;!-- Example of usage within a JSP --&gt;
+ &lt;script>
+ var userNum = ${cov:asNumber(param.index)};
+ &lt;/script>
+ </pre></div>
+<dl><dt><span class="strong">Author:</span></dt>
+ <dd>Alex Kouzemtchenko, Romain Gaucher</dd></dl>
</li>
</ul>
</div>
View
8 com/coverity/security/class-use/Escape.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Uses of Class com.coverity.security.Escape (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Uses of Class com.coverity.security.Escape (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Uses of Class com.coverity.security.Escape (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Uses of Class com.coverity.security.Escape (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
8 com/coverity/security/class-use/EscapeEL.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Uses of Class com.coverity.security.EscapeEL (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Uses of Class com.coverity.security.EscapeEL (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Uses of Class com.coverity.security.EscapeEL (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Uses of Class com.coverity.security.EscapeEL (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
8 com/coverity/security/class-use/Filter.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Uses of Class com.coverity.security.Filter (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Uses of Class com.coverity.security.Filter (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Uses of Class com.coverity.security.Filter (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Uses of Class com.coverity.security.Filter (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
8 com/coverity/security/class-use/FilterEL.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Uses of Class com.coverity.security.FilterEL (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Uses of Class com.coverity.security.FilterEL (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Uses of Class com.coverity.security.FilterEL (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Uses of Class com.coverity.security.FilterEL (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
6 com/coverity/security/package-frame.html
@@ -2,10 +2,10 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>com.coverity.security (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>com.coverity.security (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
View
17 com/coverity/security/package-summary.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>com.coverity.security (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>com.coverity.security (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="com.coverity.security (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="com.coverity.security (coverity-escapers 1.1.1 API)";
}
//-->
</script>
@@ -90,11 +90,16 @@ <h1 title="Package" class="title">Package&nbsp;com.coverity.security</h1>
</tr>
<tr class="altColor">
<td class="colFirst"><a href="../../../com/coverity/security/Filter.html" title="class in com.coverity.security">Filter</a></td>
-<td class="colLast">&nbsp;</td>
+<td class="colLast">
+<div class="block">Filter is a small set of methods for filtering tainted data that cannot be escaped.</div>
+</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a href="../../../com/coverity/security/FilterEL.html" title="class in com.coverity.security">FilterEL</a></td>
-<td class="colLast">&nbsp;</td>
+<td class="colLast">
+<div class="block">FilterEL is a wrapper class the provides alternative names for the filtering
+ methods in com.coverity.security.Filter.</div>
+</td>
</tr>
</tbody>
</table>
View
8 com/coverity/security/package-tree.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>com.coverity.security Class Hierarchy (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>com.coverity.security Class Hierarchy (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="com.coverity.security Class Hierarchy (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="com.coverity.security Class Hierarchy (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
8 com/coverity/security/package-use.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:52 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Uses of Package com.coverity.security (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Uses of Package com.coverity.security (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Uses of Package com.coverity.security (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Uses of Package com.coverity.security (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
8 constant-values.html
@@ -2,16 +2,16 @@
<!-- NewPage -->
<html lang="en">
<head>
-<!-- Generated by javadoc (version 1.7.0_09) on Fri Feb 22 14:05:54 PST 2013 -->
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
-<title>Constant Field Values (coverity-escapers 1.2-SNAPSHOT API)</title>
-<meta name="date" content="2013-02-22">
+<title>Constant Field Values (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
</head>
<body>
<script type="text/javascript"><!--
if (location.href.indexOf('is-external=true') == -1) {
- parent.document.title="Constant Field Values (coverity-escapers 1.2-SNAPSHOT API)";
+ parent.document.title="Constant Field Values (coverity-escapers 1.1.1 API)";
}
//-->
</script>
View
22 coverity-escapers/docs/1.1.1/javadoc-api/allclasses-frame.html
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:52 PST 2013 -->
+<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
+<title>All Classes (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
+<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
+</head>
+<body>
+<h1 class="bar">All Classes</h1>
+<div class="indexContainer">
+<ul>
+<li><a href="com/coverity/security/Escape.html" title="class in com.coverity.security" target="classFrame">Escape</a></li>
+<li><a href="com/coverity/security/EscapeEL.html" title="class in com.coverity.security" target="classFrame">EscapeEL</a></li>
+<li><a href="com/coverity/security/Filter.html" title="class in com.coverity.security" target="classFrame">Filter</a></li>
+<li><a href="com/coverity/security/FilterEL.html" title="class in com.coverity.security" target="classFrame">FilterEL</a></li>
+</ul>
+</div>
+</body>
+</html>
View
22 coverity-escapers/docs/1.1.1/javadoc-api/allclasses-noframe.html
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:52 PST 2013 -->
+<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
+<title>All Classes (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
+<link rel="stylesheet" type="text/css" href="stylesheet.css" title="Style">
+</head>
+<body>
+<h1 class="bar">All Classes</h1>
+<div class="indexContainer">
+<ul>
+<li><a href="com/coverity/security/Escape.html" title="class in com.coverity.security">Escape</a></li>
+<li><a href="com/coverity/security/EscapeEL.html" title="class in com.coverity.security">EscapeEL</a></li>
+<li><a href="com/coverity/security/Filter.html" title="class in com.coverity.security">Filter</a></li>
+<li><a href="com/coverity/security/FilterEL.html" title="class in com.coverity.security">FilterEL</a></li>
+</ul>
+</div>
+</body>
+</html>
View
647 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/Escape.html
@@ -0,0 +1,647 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
+<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
+<title>Escape (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
+<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
+</head>
+<body>
+<script type="text/javascript"><!--
+ if (location.href.indexOf('is-external=true') == -1) {
+ parent.document.title="Escape (coverity-escapers 1.1.1 API)";
+ }
+//-->
+</script>
+<noscript>
+<div>JavaScript is disabled on your browser.</div>
+</noscript>
+<!-- ========= START OF TOP NAVBAR ======= -->
+<div class="topNav"><a name="navbar_top">
+<!-- -->
+</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../com/coverity/security/package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/Escape.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../index-all.html">Index</a></li>
+<li><a href="../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li>Prev Class</li>
+<li><a href="../../../com/coverity/security/EscapeEL.html" title="class in com.coverity.security"><span class="strong">Next Class</span></a></li>
+</ul>
+<ul class="navList">
+<li><a href="../../../index.html?com/coverity/security/Escape.html" target="_top">Frames</a></li>
+<li><a href="Escape.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_top">
+<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_top");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary:&nbsp;</li>
+<li>Nested&nbsp;|&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail:&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_detail">Method</a></li>
+</ul>
+</div>
+<a name="skip-navbar_top">
+<!-- -->
+</a></div>
+<!-- ========= END OF TOP NAVBAR ========= -->
+<!-- ======== START OF CLASS DATA ======== -->
+<div class="header">
+<div class="subTitle">com.coverity.security</div>
+<h2 title="Class Escape" class="title">Class Escape</h2>
+</div>
+<div class="contentContainer">
+<ul class="inheritance">
+<li><a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
+<li>
+<ul class="inheritance">
+<li>com.coverity.security.Escape</li>
+</ul>
+</li>
+</ul>
+<div class="description">
+<ul class="blockList">
+<li class="blockList">
+<hr>
+<br>
+<pre>public class <span class="strong">Escape</span>
+extends <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
+<div class="block">Escape is a small set of methods for escaping tainted data. These escaping
+ methods are useful in transforming user-controlled ("tainted") data into
+ forms that are safe from being interpreted as something other than data, such
+ as JavaScript.
+ <p>
+ At this time most of these escaping routines focus on cross-site scripting
+ mitigations. Each method is good for a different HTML context. For a primer
+ on HTML contexts, see OWASP's XSS Prevention Cheat Sheet (note however that
+ the escaping routines are not implemented exactly according to OWASP's
+ recommendations) or the Coverity Security Advisor documentation.
+ Also see the Coverity Security Research Laboratory blog on
+ how to properly use each function.
+ <p>
+ While Coverity's static analysis product references these escaping routines
+ as exemplars and understands their behavior, there is no dependency on
+ Coverity products and these routines are completely standalone. Feel free to
+ use them! Just make sure you use them correctly.</div>
+<dl><dt><span class="strong">Author:</span></dt>
+ <dd>Romain Gaucher, Andy Chou, Jon Passki, Alex Kouzemtchenko</dd></dl>
+</li>
+</ul>
+</div>
+<div class="summary">
+<ul class="blockList">
+<li class="blockList">
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor_summary">
+<!-- -->
+</a>
+<h3>Constructor Summary</h3>
+<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
+<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
+<tr>
+<th class="colOne" scope="col">Constructor and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colOne"><code><strong><a href="../../../com/coverity/security/Escape.html#Escape()">Escape</a></strong>()</code>&nbsp;</td>
+</tr>
+</table>
+</li>
+</ul>
+<!-- ========== METHOD SUMMARY =========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method_summary">
+<!-- -->
+</a>
+<h3>Method Summary</h3>
+<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
+<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
+<tr>
+<th class="colFirst" scope="col">Modifier and Type</th>
+<th class="colLast" scope="col">Method and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#cssString(java.lang.String)">cssString</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">CSS String escaper.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#html(java.lang.String)">html</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">HTML entity escaping for text content and attributes.</div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#htmlText(java.lang.String)">htmlText</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">Faster HTML entity escaping for tag content or quoted attributes values only.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#jsRegex(java.lang.String)">jsRegex</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">JavaScript regex content escaper.</div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#jsString(java.lang.String)">jsString</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">JavaScript String Unicode escaper.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#sqlLikeClause(java.lang.String)">sqlLikeClause</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">SQL LIKE clause escaper.</div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#sqlLikeClause(java.lang.String, char)">sqlLikeClause</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input,
+ char&nbsp;escape)</code>
+<div class="block">SQL LIKE clause escaper.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#uri(java.lang.String)">uri</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">Same as <a href="../../../com/coverity/security/Escape.html#uriParam(java.lang.String)"><code>uriParam(String)</code></a> for now.</div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Escape.html#uriParam(java.lang.String)">uriParam</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">URI encoder.</div>
+</td>
+</tr>
+</table>
+<ul class="blockList">
+<li class="blockList"><a name="methods_inherited_from_class_java.lang.Object">
+<!-- -->
+</a>
+<h3>Methods inherited from class&nbsp;java.lang.<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
+<code><a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang">clone</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang">equals</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang">finalize</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang">getClass</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang">hashCode</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang">notify</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang">notifyAll</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang">toString</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait(long, int)" title="class or interface in java.lang">wait</a></code></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="details">
+<ul class="blockList">
+<li class="blockList">
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor_detail">
+<!-- -->
+</a>
+<h3>Constructor Detail</h3>
+<a name="Escape()">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>Escape</h4>
+<pre>public&nbsp;Escape()</pre>
+</li>
+</ul>
+</li>
+</ul>
+<!-- ============ METHOD DETAIL ========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method_detail">
+<!-- -->
+</a>
+<h3>Method Detail</h3>
+<a name="html(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>html</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;html(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">HTML entity escaping for text content and attributes.
+ <p>
+ HTML entity escaping that is appropriate for the most common HTML contexts:
+ PCDATA and "normal" attributes (non-URI, non-event, and non-CSS attributes). <br />
+ Note that we do not recommend using non-quoted HTML attributes since
+ the security obligations vary more between web browser. We recommend
+ to always quote (single or double quotes) HTML attributes.<br />
+ This method is generic to HTML entity escaping, and therefore escapes more
+ characters than usually necessary -- mostly to handle non-quoted attribute values.
+ If this method is somehow too slow, such as you output megabytes of text with spaces,
+ please use the <a href="../../../com/coverity/security/Escape.html#htmlText(java.lang.String)"><code>htmlText(String)</code></a> method which only escape HTML text specific
+ characters.
+
+ <p>
+ The following characters are escaped:
+ <ul>
+ <li>
+ HTML characters: <code>' (U+0022)</code>, <code>" (U+0027)</code>,
+ <code>\ (U+005C)</code>, <code>/ (U+002F)</code>,
+ <code>&lt; (U+003C)</code>, <code>&gt; (U+003E)</code>,
+ <code>&amp; (U+0026)</code>
+ </li>
+ <li>
+ Control characters: <code>\t (U+0009)</code>, <code>\n (U+000A)</code>,
+ <code>\f (U+000C)</code>, <code>\r (U+000D)</code>,
+ <code>SPACE (U+0020)</code>
+ </li>
+ <li>
+ Unicode newlines: <code>LS (U+2028)</code>, <code>PS (U+2029)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the HTML escaped string or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="htmlText(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>htmlText</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;htmlText(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">Faster HTML entity escaping for tag content or quoted attributes values only.
+ <p>
+ HTML entity escaping that is specific to text elements such as the content of
+ a typical HTML tag (<code>div</code>, <code>p</code>, etc.).<br />
+ This method is not appropriate in all cases, and especially when appending data
+ in a non-quoted context (e.g., an HTML attribute value that is not surrounded by
+ single or double quotes). Note that we however, highly discourage the use
+ of non-quoted attributes.
+
+ <p>
+ The following characters are escaped:
+ <ul>
+ <li>
+ HTML characters: <code>' (U+0022)</code>, <code>" (U+0027)</code>,
+ <code>&lt; (U+003C)</code>, <code>&gt; (U+003E)</code>,
+ <code>&amp; (U+0026)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the HTML escaped string or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="uriParam(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>uriParam</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;uriParam(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">URI encoder.
+ <p>
+ URI encoding for query string values of the URI:
+ <code>/example/?name=URI_ENCODED_VALUE_HERE</code> <br />
+ Note that this method is not sufficient to protect for cross-site scripting
+ in a generic URI context, but only for query string values. If you
+ need to escape a URI in an <code>href</code> attribute (for example),
+ ensure that:
+ <ul>
+ <li>The scheme is allowed (restrict to http, https, or mailto)</li>
+ <li>Use the HTML escaper <a href="../../../com/coverity/security/Escape.html#html(java.lang.String)"><code>html(String)</code></a> on the entire URI</li>
+ </ul>
+ <p>
+ This URI encoder processes the following characters:
+ <ul>
+ <li>
+ URI characters: <code>' (U+0022)</code>, <code>" (U+0027)</code>,
+ <code>\ (U+005C)</code>, <code>/ (U+002F)</code>,
+ <code>&lt; (U+003C)</code>, <code>&gt; (U+003E)</code>,
+ <code>&amp; (U+0026)</code>,
+ <code>&lt; (U+003C)</code>, <code>&gt; (U+003E)</code>,
+ <code>! (U+0021)</code>, <code># (U+0023)</code>,
+ <code>$ (U+0024)</code>, <code>% (U+0025)</code>,
+ <code>( (U+0028)</code>, <code>) (U+0029)</code>,
+ <code>* (U+002A)</code>, <code>+ (U+002B)</code>,
+ <code>, (U+002C)</code>, <code>. (U+002E)</code>,
+ <code>: (U+003A)</code>, <code>; (U+003B)</code>,
+ <code>= (U+003D)</code>, <code>? (U+003F)</code>,
+ <code>@ (U+0040)</code>, <code>[ (U+005B)</code>,
+ <code>] (U+005D)</code>
+ </li>
+ <li>
+ Control characters: <code>\t (U+0009)</code>, <code>\n (U+000A)</code>,
+ <code>\f (U+000C)</code>, <code>\r (U+000D)</code>,
+ <code>SPACE (U+0020)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the URI encoded string or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="uri(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>uri</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;uri(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">Same as <a href="../../../com/coverity/security/Escape.html#uriParam(java.lang.String)"><code>uriParam(String)</code></a> for now.
+ <p>
+ Eventually, this method will evolve into filtering the URI so that
+ it is safely considered as a URL by a web browser, and does not contain
+ malicious payloads (data:text/html..., javascript:, etc.).</div>
+</li>
+</ul>
+<a name="jsString(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>jsString</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;jsString(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">JavaScript String Unicode escaper.
+ <p>
+ JavaScript String Unicode escaping (<code>\UXXXX</code>) to be used in single or double quoted
+ JavaScript strings:
+ <pre>
+ &lt;script type="text/javascript"&gt;
+ window.myString = 'JS_STRING_ESCAPE_HERE';
+ window.yourString = "JS_STRING_ESCAPE_HERE";
+ &lt;/script&gt;
+ </pre>
+ <p>
+ This JavaScript string escaper processes the following characters:
+ <ul>
+ <li>
+ JS String characters: <code>' (U+0022)</code>, <code>" (U+0027)</code>,
+ <code>\ (U+005C)</code>
+ </li>
+ <li>
+ URI encoding characters: <code>% (U+0025)</code>
+ </li>
+ <li>
+ HTML characters: <code>/ (U+002F)</code>,
+ <code>&lt; (U+003C)</code>, <code>&gt; (U+003E)</code>,
+ <code>&amp; (U+0026)</code>
+ </li>
+ <li>
+ Control characters: <code>\b (U+0008)</code>, <code>\t (U+0009)</code>,
+ <code>\n (U+000A)</code>, <code>0x0b (U+000B)</code>,
+ <code>\f (U+000C)</code>, <code>\r (U+000D)</code>
+ </li>
+ <li>
+ Unicode newlines: <code>LS (U+2028)</code>, <code>PS (U+2029)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the JavaScript string Unicode escaped string or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="jsRegex(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>jsRegex</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;jsRegex(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">JavaScript regex content escaper.
+ <p>
+ Escape for a JavaScript regular expression:
+ <pre>
+ &lt;script type="text/javascript"&gt;
+ var b = /^JS_REGEX_ESCAPE_HERE/.test(document.location);
+ &lt;/script&gt;
+ </pre>
+ <p>
+ Note that when using a regular expression inside a JavaScript string such as:
+ <pre>&lt;script type="text/javascript"&gt;
+ var b = (new RegExp('^CONTENT_HERE')).test(document.location);
+ &lt;/script&gt;</pre>
+ You should first escape using the <a href="../../../com/coverity/security/Escape.html#jsRegex(java.lang.String)"><code>jsRegex(String)</code></a> escaper, and make sure
+ that the JavaScript string itself is properly rendered using the <a href="../../../com/coverity/security/Escape.html#jsString(java.lang.String)"><code>jsString(String)</code></a>
+ escaper. This is a nested context scenario in which we have a JavaScript regex
+ inside a JavaScript string, for which we need to first escape the inner most context
+ and walking back the stack of context to the outer most one.
+ </p>
+ <p>
+ This JavaScript regex escaper processes the following characters:
+ <ul>
+ <li>
+ Regex characters: <code>\ (U+005C)</code>, <code>/ (U+002F)</code>,
+ <code>( (U+0028)</code>, <code>[ (U+005B)</code>,
+ <code>{ (U+007B)</code>, <code>] (U+005D)</code>,
+ <code>} (U+007D)</code>, <code>) (U+0029)</code>,
+ <code>* (U+002A)</code>, <code>+ (U+002B)</code>,
+ <code>- (U+002D)</code>, <code>. (U+002E)</code>,
+ <code>? (U+003F)</code>, <code>! (U+0021)</code>,
+ <code>^ (U+005E)</code>, <code>$ (U+0024)</code>,
+ <code>| (U+007C)</code>
+ </li>
+ <li>
+ Control characters: <code>\t (U+0009)</code>, <code>\n (U+000A)</code>,
+ <code>\v (U+000B)</code>,
+ <code>\f (U+000C)</code>, <code>\r (U+000D)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the escaped JavaScript regex or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="cssString(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>cssString</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;cssString(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">CSS String escaper.
+ <p>
+ CSS escaper for strings such as CSS selector or quoted URI:
+ <pre>
+ &lt;style"&gt;
+ a[href *= "DATA_HERE"] {...}
+ li { background: url('DATA_HERE'); }
+ &lt;/style&gt;
+ </pre>
+ <p>
+ This CSS string escaper processes the following characters:
+ <ul>
+ <li>
+ CSS string characters: <code>' (U+0022)</code>, <code>" (U+0027)</code>,
+ <code>\ (U+005C)</code>
+ </li>
+ <li>
+ HTML characters: <code>/ (U+002F)</code>,
+ <code>&lt; (U+003C)</code>, <code>&gt; (U+003E)</code>,
+ <code>&amp; (U+0026)</code>
+ </li>
+ <li>
+ Control characters: <code>\b (U+0008)</code>,
+ <code>\t (U+0009)</code>, <code>\n (U+000A)</code>,
+ <code>\f (U+000C)</code>, <code>\r (U+000D)</code>
+ </li>
+ <li>
+ Unicode newlines: <code>LS (U+2028)</code>, <code>PS (U+2029)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the CSS string escaped or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="sqlLikeClause(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>sqlLikeClause</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;sqlLikeClause(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">SQL LIKE clause escaper.
+ <p>
+ This SQL LIKE clause escaper does not protect against SQL injection, but ensure
+ that the string to be consumed in SQL LIKE clause does not alter the current
+ LIKE query by inserting <code>%</code> or <code>_</code>:
+ <pre>
+ entityManager.createQuery("FROM MyEntity e WHERE e.content LIKE :like_query ESCAPE '@'")
+ .setParameter("like_query", "%" + Escape.sqlLikeClause(USER_DATA_HERE))
+ .getResultList();
+ </pre>
+ This escaper has to be used with a safe SQL query construct such as the JPQL
+ named parameterized query in the previous example.
+ <p>
+ This escaper uses by default the <code>@</code> as escape character. The other method
+ <a href="../../../com/coverity/security/Escape.html#sqlLikeClause(java.lang.String, char)"><code>sqlLikeClause(String,char)</code></a> allows for using a different escape character such as
+ <code>\</code>.
+
+ <p>
+ This SQL LIKE escaper processes the following characters:
+ <ul>
+ <li>
+ SQL LIKE characters: <code>_ (U+005F)</code>, <code>% (U+0025)</code>,
+ <code>@ (U+0040)</code>
+ </li>
+ </ul></div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the SQL LIKE escaped string or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+<a name="sqlLikeClause(java.lang.String, char)">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>sqlLikeClause</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;sqlLikeClause(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input,
+ char&nbsp;escape)</pre>
+<div class="block">SQL LIKE clause escaper.
+ <p>
+ Similar to <a href="../../../com/coverity/security/Escape.html#sqlLikeClause(java.lang.String)"><code>sqlLikeClause(String)</code></a>, but allows to specify the escape character
+ to be used. When a character different than <code>@</code> is used, <code>@</code> will
+ not be escaped by the escaper, and the specified escape character will be.</div>
+<dl><dt><span class="strong">Parameters:</span></dt><dd><code>input</code> - the string to be escaped</dd><dd><code>escape</code> - the escape character to be used</dd>
+<dt><span class="strong">Returns:</span></dt><dd>the SQL LIKE escaped string or <code>null</code> if <code>input</code> is null</dd><dt><span class="strong">Since:</span></dt>
+ <dd>1.0</dd></dl>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+<!-- ========= END OF CLASS DATA ========= -->
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<div class="bottomNav"><a name="navbar_bottom">
+<!-- -->
+</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../com/coverity/security/package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/Escape.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../index-all.html">Index</a></li>
+<li><a href="../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li>Prev Class</li>
+<li><a href="../../../com/coverity/security/EscapeEL.html" title="class in com.coverity.security"><span class="strong">Next Class</span></a></li>
+</ul>
+<ul class="navList">
+<li><a href="../../../index.html?com/coverity/security/Escape.html" target="_top">Frames</a></li>
+<li><a href="Escape.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_bottom">
+<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_bottom");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary:&nbsp;</li>
+<li>Nested&nbsp;|&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail:&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_detail">Method</a></li>
+</ul>
+</div>
+<a name="skip-navbar_bottom">
+<!-- -->
+</a></div>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+<p class="legalCopy"><small>Copyright &#169; 2013. All Rights Reserved.</small></p>
+</body>
+</html>
View
373 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/EscapeEL.html
@@ -0,0 +1,373 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
+<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
+<title>EscapeEL (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
+<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
+</head>
+<body>
+<script type="text/javascript"><!--
+ if (location.href.indexOf('is-external=true') == -1) {
+ parent.document.title="EscapeEL (coverity-escapers 1.1.1 API)";
+ }
+//-->
+</script>
+<noscript>
+<div>JavaScript is disabled on your browser.</div>
+</noscript>
+<!-- ========= START OF TOP NAVBAR ======= -->
+<div class="topNav"><a name="navbar_top">
+<!-- -->
+</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../com/coverity/security/package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/EscapeEL.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../index-all.html">Index</a></li>
+<li><a href="../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li><a href="../../../com/coverity/security/Escape.html" title="class in com.coverity.security"><span class="strong">Prev Class</span></a></li>
+<li><a href="../../../com/coverity/security/Filter.html" title="class in com.coverity.security"><span class="strong">Next Class</span></a></li>
+</ul>
+<ul class="navList">
+<li><a href="../../../index.html?com/coverity/security/EscapeEL.html" target="_top">Frames</a></li>
+<li><a href="EscapeEL.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_top">
+<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_top");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary:&nbsp;</li>
+<li>Nested&nbsp;|&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail:&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_detail">Method</a></li>
+</ul>
+</div>
+<a name="skip-navbar_top">
+<!-- -->
+</a></div>
+<!-- ========= END OF TOP NAVBAR ========= -->
+<!-- ======== START OF CLASS DATA ======== -->
+<div class="header">
+<div class="subTitle">com.coverity.security</div>
+<h2 title="Class EscapeEL" class="title">Class EscapeEL</h2>
+</div>
+<div class="contentContainer">
+<ul class="inheritance">
+<li><a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
+<li>
+<ul class="inheritance">
+<li>com.coverity.security.EscapeEL</li>
+</ul>
+</li>
+</ul>
+<div class="description">
+<ul class="blockList">
+<li class="blockList">
+<hr>
+<br>
+<pre>public class <span class="strong">EscapeEL</span>
+extends <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
+<div class="block">EscapeEL is a wrapper class the provides alternative names for the escaping
+ methods in com.coverity.security.Escape. These alternative names are useful
+ primarily as EL functions in JSP files.
+ <p>
+ To use these functions in EL, use mvn package and then drop
+ <code>coverity-escapers-X.X.jar</code> into <code>WEB-INF/lib</code>. Then you can use the
+ following incantation to incorporate the tag library into EL to invoke these
+ functions:
+ <pre>
+ &lt;%@ taglib uri="http://coverity.com/security" prefix="cov" %&gt;
+
+ &lt;!-- Example of usage within a JSP --&gt;
+ &lt;script type="text/javascript"&gt;
+ var x = '${cov:jsStringEscape(param.foobar)}';
+ &lt;/script&gt;
+ </pre></div>
+<dl><dt><span class="strong">Author:</span></dt>
+ <dd>Romain Gaucher, Andy Chou, Jon Passki</dd></dl>
+</li>
+</ul>
+</div>
+<div class="summary">
+<ul class="blockList">
+<li class="blockList">
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor_summary">
+<!-- -->
+</a>
+<h3>Constructor Summary</h3>
+<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
+<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
+<tr>
+<th class="colOne" scope="col">Constructor and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colOne"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#EscapeEL()">EscapeEL</a></strong>()</code>&nbsp;</td>
+</tr>
+</table>
+</li>
+</ul>
+<!-- ========== METHOD SUMMARY =========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method_summary">
+<!-- -->
+</a>
+<h3>Method Summary</h3>
+<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
+<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
+<tr>
+<th class="colFirst" scope="col">Modifier and Type</th>
+<th class="colLast" scope="col">Method and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#cssStringEscape(java.lang.String)">cssStringEscape</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#cssString(java.lang.String)"><code>Escape.cssString(String)</code></a></div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#htmlEscape(java.lang.String)">htmlEscape</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#html(java.lang.String)"><code>Escape.html(String)</code></a></div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#htmlText(java.lang.String)">htmlText</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#htmlText(java.lang.String)"><code>Escape.htmlText(String)</code></a>, equivalent to <code>fn:escapeXml</code>.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#jsRegexEscape(java.lang.String)">jsRegexEscape</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#jsRegex(java.lang.String)"><code>Escape.jsRegex(String)</code></a></div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#jsStringEscape(java.lang.String)">jsStringEscape</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#jsString(java.lang.String)"><code>Escape.jsString(String)</code></a></div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#uriEncode(java.lang.String)">uriEncode</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#uri(java.lang.String)"><code>Escape.uri(String)</code></a></div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/EscapeEL.html#uriParamEncode(java.lang.String)">uriParamEncode</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</code>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#uriParam(java.lang.String)"><code>Escape.uriParam(String)</code></a></div>
+</td>
+</tr>
+</table>
+<ul class="blockList">
+<li class="blockList"><a name="methods_inherited_from_class_java.lang.Object">
+<!-- -->
+</a>
+<h3>Methods inherited from class&nbsp;java.lang.<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
+<code><a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang">clone</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang">equals</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang">finalize</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang">getClass</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang">hashCode</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang">notify</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang">notifyAll</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang">toString</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait(long, int)" title="class or interface in java.lang">wait</a></code></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="details">
+<ul class="blockList">
+<li class="blockList">
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor_detail">
+<!-- -->
+</a>
+<h3>Constructor Detail</h3>
+<a name="EscapeEL()">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>EscapeEL</h4>
+<pre>public&nbsp;EscapeEL()</pre>
+</li>
+</ul>
+</li>
+</ul>
+<!-- ============ METHOD DETAIL ========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method_detail">
+<!-- -->
+</a>
+<h3>Method Detail</h3>
+<a name="htmlEscape(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>htmlEscape</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;htmlEscape(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#html(java.lang.String)"><code>Escape.html(String)</code></a></div>
+</li>
+</ul>
+<a name="htmlText(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>htmlText</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;htmlText(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#htmlText(java.lang.String)"><code>Escape.htmlText(String)</code></a>, equivalent to <code>fn:escapeXml</code>.</div>
+</li>
+</ul>
+<a name="uriParamEncode(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>uriParamEncode</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;uriParamEncode(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#uriParam(java.lang.String)"><code>Escape.uriParam(String)</code></a></div>
+</li>
+</ul>
+<a name="uriEncode(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>uriEncode</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;uriEncode(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#uri(java.lang.String)"><code>Escape.uri(String)</code></a></div>
+</li>
+</ul>
+<a name="jsStringEscape(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>jsStringEscape</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;jsStringEscape(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#jsString(java.lang.String)"><code>Escape.jsString(String)</code></a></div>
+</li>
+</ul>
+<a name="jsRegexEscape(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>jsRegexEscape</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;jsRegexEscape(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#jsRegex(java.lang.String)"><code>Escape.jsRegex(String)</code></a></div>
+</li>
+</ul>
+<a name="cssStringEscape(java.lang.String)">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>cssStringEscape</h4>
+<pre>public static&nbsp;<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;cssStringEscape(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;input)</pre>
+<div class="block">EL wrapper for <a href="../../../com/coverity/security/Escape.html#cssString(java.lang.String)"><code>Escape.cssString(String)</code></a></div>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+</div>
+<!-- ========= END OF CLASS DATA ========= -->
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<div class="bottomNav"><a name="navbar_bottom">
+<!-- -->
+</a><a href="#skip-navbar_bottom" title="Skip navigation links"></a><a name="navbar_bottom_firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../com/coverity/security/package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/EscapeEL.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../index-all.html">Index</a></li>
+<li><a href="../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li><a href="../../../com/coverity/security/Escape.html" title="class in com.coverity.security"><span class="strong">Prev Class</span></a></li>
+<li><a href="../../../com/coverity/security/Filter.html" title="class in com.coverity.security"><span class="strong">Next Class</span></a></li>
+</ul>
+<ul class="navList">
+<li><a href="../../../index.html?com/coverity/security/EscapeEL.html" target="_top">Frames</a></li>
+<li><a href="EscapeEL.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_bottom">
+<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_bottom");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary:&nbsp;</li>
+<li>Nested&nbsp;|&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail:&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_detail">Method</a></li>
+</ul>
+</div>
+<a name="skip-navbar_bottom">
+<!-- -->
+</a></div>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+<p class="legalCopy"><small>Copyright &#169; 2013. All Rights Reserved.</small></p>
+</body>
+</html>
View
449 coverity-escapers/docs/1.1.1/javadoc-api/com/coverity/security/Filter.html
@@ -0,0 +1,449 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc (version 1.7.0_09) on Mon Feb 25 16:58:51 PST 2013 -->
+<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
+<title>Filter (coverity-escapers 1.1.1 API)</title>
+<meta name="date" content="2013-02-25">
+<link rel="stylesheet" type="text/css" href="../../../stylesheet.css" title="Style">
+</head>
+<body>
+<script type="text/javascript"><!--
+ if (location.href.indexOf('is-external=true') == -1) {
+ parent.document.title="Filter (coverity-escapers 1.1.1 API)";
+ }
+//-->
+</script>
+<noscript>
+<div>JavaScript is disabled on your browser.</div>
+</noscript>
+<!-- ========= START OF TOP NAVBAR ======= -->
+<div class="topNav"><a name="navbar_top">
+<!-- -->
+</a><a href="#skip-navbar_top" title="Skip navigation links"></a><a name="navbar_top_firstrow">
+<!-- -->
+</a>
+<ul class="navList" title="Navigation">
+<li><a href="../../../com/coverity/security/package-summary.html">Package</a></li>
+<li class="navBarCell1Rev">Class</li>
+<li><a href="class-use/Filter.html">Use</a></li>
+<li><a href="package-tree.html">Tree</a></li>
+<li><a href="../../../deprecated-list.html">Deprecated</a></li>
+<li><a href="../../../index-all.html">Index</a></li>
+<li><a href="../../../help-doc.html">Help</a></li>
+</ul>
+</div>
+<div class="subNav">
+<ul class="navList">
+<li><a href="../../../com/coverity/security/EscapeEL.html" title="class in com.coverity.security"><span class="strong">Prev Class</span></a></li>
+<li><a href="../../../com/coverity/security/FilterEL.html" title="class in com.coverity.security"><span class="strong">Next Class</span></a></li>
+</ul>
+<ul class="navList">
+<li><a href="../../../index.html?com/coverity/security/Filter.html" target="_top">Frames</a></li>
+<li><a href="Filter.html" target="_top">No Frames</a></li>
+</ul>
+<ul class="navList" id="allclasses_navbar_top">
+<li><a href="../../../allclasses-noframe.html">All Classes</a></li>
+</ul>
+<div>
+<script type="text/javascript"><!--
+ allClassesLink = document.getElementById("allclasses_navbar_top");
+ if(window==top) {
+ allClassesLink.style.display = "block";
+ }
+ else {
+ allClassesLink.style.display = "none";
+ }
+ //-->
+</script>
+</div>
+<div>
+<ul class="subNavList">
+<li>Summary:&nbsp;</li>
+<li>Nested&nbsp;|&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_summary">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_summary">Method</a></li>
+</ul>
+<ul class="subNavList">
+<li>Detail:&nbsp;</li>
+<li>Field&nbsp;|&nbsp;</li>
+<li><a href="#constructor_detail">Constr</a>&nbsp;|&nbsp;</li>
+<li><a href="#method_detail">Method</a></li>
+</ul>
+</div>
+<a name="skip-navbar_top">
+<!-- -->
+</a></div>
+<!-- ========= END OF TOP NAVBAR ========= -->
+<!-- ======== START OF CLASS DATA ======== -->
+<div class="header">
+<div class="subTitle">com.coverity.security</div>
+<h2 title="Class Filter" class="title">Class Filter</h2>
+</div>
+<div class="contentContainer">
+<ul class="inheritance">
+<li><a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
+<li>
+<ul class="inheritance">
+<li>com.coverity.security.Filter</li>
+</ul>
+</li>
+</ul>
+<div class="description">
+<ul class="blockList">
+<li class="blockList">
+<hr>
+<br>
+<pre>public class <span class="strong">Filter</span>
+extends <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
+<div class="block">Filter is a small set of methods for filtering tainted data that cannot be escaped. These
+ methods may change the semantics of the data if it cannot be determined to be safe, however
+ great care has been taken in the design to ensure that they behave in a way that "makes
+ sense" intuitively
+ <p>
+ These methods fit into the nested escaper framework that the Escape class supports, and
+ should be used as the innermost "escaper" to ensure correctness, e.g.
+ &lt;iframe src="${cov:htmlEscape(cov:asURL(param.web)}"> &lt;/iframe>
+ Ensure that that param.web cannot escape the src attribute, but also ensures that it cannot
+ be a URL that causes XSS.
+ <p>
+ While Coverity's static analysis product references these escaping routines
+ as exemplars and understands their behavior, there is no dependency on
+ Coverity products and these routines are completely standalone. Feel free to
+ use them! Just make sure you use them correctly.</div>
+<dl><dt><span class="strong">Author:</span></dt>
+ <dd>Alex Kouzemtchenko, Romain Gaucher</dd></dl>
+</li>
+</ul>
+</div>
+<div class="summary">
+<ul class="blockList">
+<li class="blockList">
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor_summary">
+<!-- -->
+</a>
+<h3>Constructor Summary</h3>
+<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
+<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
+<tr>
+<th class="colOne" scope="col">Constructor and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colOne"><code><strong><a href="../../../com/coverity/security/Filter.html#Filter()">Filter</a></strong>()</code>&nbsp;</td>
+</tr>
+</table>
+</li>
+</ul>
+<!-- ========== METHOD SUMMARY =========== -->
+<ul class="blockList">
+<li class="blockList"><a name="method_summary">
+<!-- -->
+</a>
+<h3>Method Summary</h3>
+<table class="overviewSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
+<caption><span>Methods</span><span class="tabEnd">&nbsp;</span></caption>
+<tr>
+<th class="colFirst" scope="col">Modifier and Type</th>
+<th class="colLast" scope="col">Method and Description</th>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Filter.html#asCssColor(java.lang.String)">asCssColor</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;color)</code>
+<div class="block">asCssColor is useful when you need to insert dynamic data into a CSS color context, e.g.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Filter.html#asCssColor(java.lang.String, java.lang.String)">asCssColor</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;color,
+ <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;defaultColor)</code>
+<div class="block">Identical to asCssColor, except you can provide your own default value</div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Filter.html#asFlexibleURL(java.lang.String)">asFlexibleURL</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;url)</code>
+<div class="block">This function should be semantically identical to the above function with the exception
+ of using a scheme blacklist instead of a scheme whitelist.</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Filter.html#asNumber(java.lang.String)">asNumber</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;number)</code>
+<div class="block">asNumber is useful for outputting dynamic data as a number in a JavaScript
+ context, e.g.</div>
+</td>
+</tr>
+<tr class="altColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Filter.html#asNumber(java.lang.String, java.lang.String)">asNumber</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;number,
+ <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;defaultNumber)</code>
+<div class="block">Identical to asNumber, except you can provide your own default value</div>
+</td>
+</tr>
+<tr class="rowColor">
+<td class="colFirst"><code>static <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
+<td class="colLast"><code><strong><a href="../../../com/coverity/security/Filter.html#asURL(java.lang.String)">asURL</a></strong>(<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&nbsp;url)</code>
+<div class="block">URL filtering to ensure that the URL is a safe non-relative URL or transforms it to a safe relative URL.</div>
+</td>
+</tr>
+</table>
+<ul class="blockList">
+<li class="blockList"><a name="methods_inherited_from_class_java.lang.Object">
+<!-- -->
+</a>
+<h3>Methods inherited from class&nbsp;java.lang.<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
+<code><a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang">clone</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang">equals</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang">finalize</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang">getClass</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang">hashCode</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang">notify</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang">notifyAll</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#toString()" title="class or interface in java.lang">toString</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang">wait</a>, <a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Object.html?is-external=true#wait(long, int)" title="class or interface in java.lang">wait</a></code></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="details">
+<ul class="blockList">
+<li class="blockList">
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+<ul class="blockList">
+<li class="blockList"><a name="constructor_detail">
+<!-- -->
+</a>
+<h3>Constructor Detail</h3>
+<a name="Filter()">
+<!-- -->
+</a>
+<ul class="blockListLast">
+<li class="blockList">
+<h4>Filter</h4>
+<pre>public&nbsp;Filter()</pre>
+</li>