API tools faq
paste
Advertisement
Guest User

GarciaPL

a guest
Dec 5th, 2015
169
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 1.52 KB | None | 0 0
raw download clone embed print report
  1. package pl.garciapl.xss;
  2.  
  3. import org.jsoup.Jsoup;
  4. import org.jsoup.safety.Whitelist;
  5. import org.owasp.esapi.ESAPI;
  6.  
  7. import javax.servlet.http.HttpServletRequest;
  8. import javax.servlet.http.HttpServletRequestWrapper;
  9.  
  10. public class XSSRequestWrapper extends HttpServletRequestWrapper {
  11.  
  12.     public XSSRequestWrapper(HttpServletRequest request) {
  13.         super(request);
  14.     }
  15.  
  16.     @Override
  17.     public String[] getParameterValues(String parameter) {
  18.         String[] values = super.getParameterValues(parameter);
  19.  
  20.         if (values == null) {
  21.             return null;
  22.         }
  23.  
  24.         int count = values.length;
  25.         String[] encodedValues = new String[count];
  26.         for (int i = 0; i < count; i++) {
  27.             encodedValues[i] = stripXSS(values[i]);
  28.         }
  29.  
  30.         return encodedValues;
  31.     }
  32.  
  33.     @Override
  34.     public String getParameter(String parameter) {
  35.         String value = super.getParameter(parameter);
  36.         return stripXSS(value);
  37.     }
  38.  
  39.     @Override
  40.     public String getHeader(String name) {
  41.         String value = super.getHeader(name);
  42.         return stripXSS(value);
  43.     }
  44.  
  45.     private String stripXSS(String value) {
  46.         if (value != null) {
  47.             // It's highly recommended to use the ESAPI to avoid encoded attacks.
  48.             value = ESAPI.encoder().canonicalize(value);
  49.             // Avoid null characters
  50.             value = value.replaceAll("", "");
  51.  
  52.             value = Jsoup.clean(value, Whitelist.none());
  53.         }
  54.         return value;
  55.     }
  56.  
  57. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!