3131// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3232// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3333// OF THE POSSIBILITY OF SUCH DAMAGE.
34-
3534package org .owasp .encoder ;
3635
3736import java .util .HashMap ;
3837import java .util .Map ;
3938
4039/**
4140 * Encoders -- Public factory method for obtaining instances of Encoders.
42- * Classes implementing the encoders are not directly exposed as part of
43- * the API since encoding strategies are subject to change. In many cases
44- * encoders will share the same implementation, but have different internal
45- * flags for how to handle varied content. For example the XML_CONTENT and
46- * XML_ATTRIBUTE contexts may currently share the same class with each
47- * instances having a different set of flags. Future version may optimize
48- * them into different classes.
41+ * Classes implementing the encoders are not directly exposed as part of the API
42+ * since encoding strategies are subject to change. In many cases encoders will
43+ * share the same implementation, but have different internal flags for how to
44+ * handle varied content. For example the XML_CONTENT and XML_ATTRIBUTE contexts
45+ * may currently share the same class with each instances having a different set
46+ * of flags. Future version may optimize them into different classes.
4947 *
50- * <p>All encoders returned by the factory are thread-safe.</p>
48+ * <p>
49+ * All encoders returned by the factory are thread-safe.</p>
5150 *
5251 * @author Jeff Ichnowski
5352 */
5453public final class Encoders {
5554
56- /** No instances. */
57- private Encoders () {}
58-
59- /** Name of {@linkplain Encode#forHtml(String) HTML general} context. */
55+ /**
56+ * Name of {@linkplain Encode#forHtml(String) HTML general} context.
57+ */
6058 public static final String HTML = "html" ;
61- /** Name of {@linkplain Encode#forHtmlContent(String) HTML content} context. */
59+ /**
60+ * Name of {@linkplain Encode#forHtmlContent(String) HTML content} context.
61+ */
6262 public static final String HTML_CONTENT = "html-content" ;
63- /** Name of {@linkplain Encode#forHtmlAttribute(String) HTML attribute} context. */
63+ /**
64+ * Name of {@linkplain Encode#forHtmlAttribute(String) HTML attribute}
65+ * context.
66+ */
6467 public static final String HTML_ATTRIBUTE = "html-attribute" ;
65- /** Name of {@linkplain Encode#forHtmlUnquotedAttribute(String) unquoted HTML attribute} context. */
68+ /**
69+ * Name of
70+ * {@linkplain Encode#forHtmlUnquotedAttribute(String) unquoted HTML attribute}
71+ * context.
72+ */
6673 public static final String HTML_UNQUOTED_ATTRIBUTE = "html-attribute-unquoted" ;
67-
68- /** Name of {@linkplain Encode#forXml(String) XML general} context. */
74+ /**
75+ * Name of {@linkplain Encode#forXml(String) XML general} context.
76+ */
6977 public static final String XML = "xml" ;
70- /** Name of {@linkplain Encode#forXmlContent(String) XML content} context. */
78+ /**
79+ * Name of {@linkplain Encode#forXmlContent(String) XML content} context.
80+ */
7181 public static final String XML_CONTENT = "xml-content" ;
72- /** Name of {@linkplain Encode#forXmlAttribute(String) XML attribute} context. */
82+ /**
83+ * Name of {@linkplain Encode#forXmlAttribute(String) XML attribute}
84+ * context.
85+ */
7386 public static final String XML_ATTRIBUTE = "xml-attribute" ;
74- /** Name of {@linkplain Encode#forXmlComment(String) XML comment} context. */
87+ /**
88+ * Name of {@linkplain Encode#forXmlComment(String) XML comment} context.
89+ */
7590 public static final String XML_COMMENT = "xml-comment" ;
76- /** Name of {@linkplain Encode#forCDATA(String) CDATA} context. */
91+ /**
92+ * Name of {@linkplain Encode#forCDATA(String) CDATA} context.
93+ */
7794 public static final String CDATA = "cdata" ;
78-
79- /** Name of {@linkplain Encode#forCssString(String) CSS string} context. */
95+ /**
96+ * Name of {@linkplain Encode#forCssString(String) CSS string} context.
97+ */
8098 public static final String CSS_STRING = "css-string" ;
81- /** Name of {@linkplain Encode#forCssUrl(String) CSS URL} context. */
99+ /**
100+ * Name of {@linkplain Encode#forCssUrl(String) CSS URL} context.
101+ */
82102 public static final String CSS_URL = "css-url" ;
83-
84- /** Name of {@linkplain Encode#forJava(String) Java String} context. */
103+ /**
104+ * Name of {@linkplain Encode#forJava(String) Java String} context.
105+ */
85106 public static final String JAVA = "java" ;
86-
87- /** Name of {@linkplain Encode#forJavaScript(String) JavaScript general} context. */
107+ /**
108+ * Name of {@linkplain Encode#forJavaScript(String) JavaScript general}
109+ * context.
110+ */
88111 public static final String JAVASCRIPT = "javascript" ;
89- /** Name of {@linkplain Encode#forJavaScriptAttribute(String) JavaScript attribute} context. */
112+ /**
113+ * Name of
114+ * {@linkplain Encode#forJavaScriptAttribute(String) JavaScript attribute}
115+ * context.
116+ */
90117 public static final String JAVASCRIPT_ATTRIBUTE = "javascript-attribute" ;
91- /** Name of {@linkplain Encode#forJavaScriptBlock(String) JavaScript block} context. */
118+ /**
119+ * Name of {@linkplain Encode#forJavaScriptBlock(String) JavaScript block}
120+ * context.
121+ */
92122 public static final String JAVASCRIPT_BLOCK = "javascript-block" ;
93- /** Name of {@linkplain Encode#forJavaScriptSource(String) JavaScript source} context. */
123+ /**
124+ * Name of {@linkplain Encode#forJavaScriptSource(String) JavaScript source}
125+ * context.
126+ */
94127 public static final String JAVASCRIPT_SOURCE = "javascript-source" ;
95-
96- /** Name of {@linkplain Encode#forUri(String) URI} context. */
128+ /**
129+ * Name of {@linkplain Encode#forUri(String) URI} context.
130+ */
97131 public static final String URI = "uri" ;
98- /** Name of {@linkplain Encode#forUriComponent(String) URI component} context. */
132+ /**
133+ * Name of {@linkplain Encode#forUriComponent(String) URI component}
134+ * context.
135+ */
99136 public static final String URI_COMPONENT = "uri-component" ;
100-
101137 /**
102138 * Map from encoder name to encoder singleton.
103139 */
104- private static final Map <String ,Encoder > ENCODERS_MAP =
105- new HashMap <String , Encoder >(32 );
140+ private static final Map <String , Encoder > ENCODERS_MAP
141+ = new HashMap <String , Encoder >(32 );
142+ // XML and HTML use the same encoder implementations currently
143+ /**
144+ * Encoder for general XML/HTML contexts.
145+ */
146+ static final XMLEncoder XML_ENCODER
147+ = map (HTML , map (XML , new XMLEncoder (XMLEncoder .Mode .ALL )));
148+ /**
149+ * Encoder for XML/HTML content contexts.
150+ */
151+ static final XMLEncoder XML_CONTENT_ENCODER
152+ = map (HTML_CONTENT , map (XML_CONTENT , new XMLEncoder (XMLEncoder .Mode .CONTENT )));
153+ /**
154+ * Encoder for XML/HTML attribute contexts.
155+ */
156+ static final XMLEncoder XML_ATTRIBUTE_ENCODER
157+ = map (HTML_ATTRIBUTE , map (XML_ATTRIBUTE , new XMLEncoder (XMLEncoder .Mode .ATTRIBUTE )));
158+ /**
159+ * Encoder for XML comments.
160+ */
161+ static final XMLCommentEncoder XML_COMMENT_ENCODER
162+ = map (XML_COMMENT , new XMLCommentEncoder ());
163+ /**
164+ * Encoder for CDATA contexts.
165+ */
166+ static final CDATAEncoder CDATA_ENCODER
167+ = map (CDATA , new CDATAEncoder ());
168+ /**
169+ * Encoder for unquoted HTML attributes.
170+ */
171+ static final HTMLEncoder HTML_UNQUOTED_ATTRIBUTE_ENCODER
172+ = map (HTML_UNQUOTED_ATTRIBUTE , new HTMLEncoder ());
173+ /**
174+ * Encoder for general JavaScript contexts.
175+ */
176+ static final JavaScriptEncoder JAVASCRIPT_ENCODER
177+ = map (JAVASCRIPT , new JavaScriptEncoder (JavaScriptEncoder .Mode .HTML , false ));
178+ /**
179+ * Encoder for JavaScript appearing in XML/HTML attributes.
180+ */
181+ static final JavaScriptEncoder JAVASCRIPT_ATTRIBUTE_ENCODER
182+ = map (JAVASCRIPT_ATTRIBUTE , new JavaScriptEncoder (JavaScriptEncoder .Mode .ATTRIBUTE , false ));
183+ /**
184+ * Encoder for JavaScript appearing in HTML script blocks.
185+ */
186+ static final JavaScriptEncoder JAVASCRIPT_BLOCK_ENCODER
187+ = map (JAVASCRIPT_BLOCK , new JavaScriptEncoder (JavaScriptEncoder .Mode .BLOCK , false ));
188+ /**
189+ * Encoder for JavaScript in stand-alone contexts.
190+ */
191+ static final JavaScriptEncoder JAVASCRIPT_SOURCE_ENCODER
192+ = map (JAVASCRIPT_SOURCE , new JavaScriptEncoder (JavaScriptEncoder .Mode .SOURCE , false ));
193+ /**
194+ * Encoder for full URIs.
195+ */
196+ static final URIEncoder URI_ENCODER
197+ = map (URI , new URIEncoder (URIEncoder .Mode .FULL_URI ));
198+ /**
199+ * Encoder for components of URIs.
200+ */
201+ static final URIEncoder URI_COMPONENT_ENCODER
202+ = map (URI_COMPONENT , new URIEncoder (URIEncoder .Mode .COMPONENT ));
203+ /**
204+ * Encoder for Java strings.
205+ */
206+ static final JavaEncoder JAVA_ENCODER
207+ = map (JAVA , new JavaEncoder ());
208+ /**
209+ * Encoder for CSS strings.
210+ */
211+ static final CSSEncoder CSS_STRING_ENCODER
212+ = map (CSS_STRING , new CSSEncoder (CSSEncoder .Mode .STRING ));
213+ /**
214+ * Encoder for CSS URL values.
215+ */
216+ static final CSSEncoder CSS_URL_ENCODER
217+ = map (CSS_URL , new CSSEncoder (CSSEncoder .Mode .URL ));
106218
107219 /**
108220 * Internal method to setup and map encoder singletons.
@@ -118,84 +230,31 @@ private static <T extends Encoder> T map(String name, T encoder) {
118230 return encoder ;
119231 }
120232
121- // XML and HTML use the same encoder implementations currently
122-
123- /** Encoder for general XML/HTML contexts. */
124- static final XMLEncoder XML_ENCODER =
125- map (HTML ,
126- map (XML , new XMLEncoder (XMLEncoder .Mode .ALL )));
127- /** Encoder for XML/HTML content contexts. */
128- static final XMLEncoder XML_CONTENT_ENCODER =
129- map (HTML_CONTENT ,
130- map (XML_CONTENT , new XMLEncoder (XMLEncoder .Mode .CONTENT )));
131- /** Encoder for XML/HTML attribute contexts. */
132- static final XMLEncoder XML_ATTRIBUTE_ENCODER =
133- map (HTML_ATTRIBUTE ,
134- map (XML_ATTRIBUTE , new XMLEncoder (XMLEncoder .Mode .ATTRIBUTE )));
135-
136- /** Encoder for XML comments. */
137- static final XMLCommentEncoder XML_COMMENT_ENCODER =
138- map (XML_COMMENT , new XMLCommentEncoder ());
139- /** Encoder for CDATA contexts. */
140- static final CDATAEncoder CDATA_ENCODER =
141- map (CDATA , new CDATAEncoder ());
142- /** Encoder for unquoted HTML attributes. */
143- static final HTMLEncoder HTML_UNQUOTED_ATTRIBUTE_ENCODER =
144- map (HTML_UNQUOTED_ATTRIBUTE , new HTMLEncoder ());
145- /** Encoder for general JavaScript contexts. */
146- static final JavaScriptEncoder JAVASCRIPT_ENCODER =
147- map (JAVASCRIPT , new JavaScriptEncoder (JavaScriptEncoder .Mode .HTML , false ));
148- /** Encoder for JavaScript appearing in XML/HTML attributes. */
149- static final JavaScriptEncoder JAVASCRIPT_ATTRIBUTE_ENCODER =
150- map (JAVASCRIPT_ATTRIBUTE , new JavaScriptEncoder (JavaScriptEncoder .Mode .ATTRIBUTE , false ));
151- /** Encoder for JavaScript appearing in HTML script blocks. */
152- static final JavaScriptEncoder JAVASCRIPT_BLOCK_ENCODER =
153- map (JAVASCRIPT_BLOCK , new JavaScriptEncoder (JavaScriptEncoder .Mode .BLOCK , false ));
154- /** Encoder for JavaScript in stand-alone contexts. */
155- static final JavaScriptEncoder JAVASCRIPT_SOURCE_ENCODER =
156- map (JAVASCRIPT_SOURCE , new JavaScriptEncoder (JavaScriptEncoder .Mode .SOURCE , false ));
157- /** Encoder for full URIs. */
158- static final URIEncoder URI_ENCODER =
159- map (URI , new URIEncoder (URIEncoder .Mode .FULL_URI ));
160- /** Encoder for components of URIs. */
161- static final URIEncoder URI_COMPONENT_ENCODER =
162- map (URI_COMPONENT , new URIEncoder (URIEncoder .Mode .COMPONENT ));
163- /** Encoder for Java strings. */
164- static final JavaEncoder JAVA_ENCODER =
165- map (JAVA , new JavaEncoder ());
166- /** Encoder for CSS strings. */
167- static final CSSEncoder CSS_STRING_ENCODER =
168- map (CSS_STRING , new CSSEncoder (CSSEncoder .Mode .STRING ));
169- /** Encoder for CSS URL values. */
170- static final CSSEncoder CSS_URL_ENCODER =
171- map (CSS_URL , new CSSEncoder (CSSEncoder .Mode .URL ));
172-
173-
174233 /**
175- * Returns a new instance of an Encoder for the specified context.
176- * The returned instance is thread-safe.
234+ * Returns a new instance of an Encoder for the specified context. The
235+ * returned instance is thread-safe.
177236 *
178- * @param contextName the context name (one of the String constants
179- * defined in this class)
237+ * @param contextName the context name (one of the String constants defined
238+ * in this class)
180239 * @return an encoder for the specified context.
181240 * @throws NullPointerException if {@code contextName} is null
182241 * @throws UnsupportedContextException if {@code contextName} is not
183242 * recognized.
184243 */
185- public static Encoder forName (String contextName )
186- throws NullPointerException ,
187- UnsupportedContextException
188- {
244+ public static Encoder forName (String contextName ) throws NullPointerException , UnsupportedContextException {
189245 if (contextName == null ) {
190246 throw new NullPointerException ();
191247 }
192-
193248 Encoder encoder = ENCODERS_MAP .get (contextName );
194-
195249 if (encoder == null ) {
196250 throw new UnsupportedContextException (contextName );
197251 }
198-
199252 return encoder ;
200253 }
254+
255+ /**
256+ * No instances.
257+ */
258+ private Encoders () {
259+ }
201260}
0 commit comments