Class SecureFilter

• TopLevel.Object
  • dw.util.SecureFilter

SecureFilter contains many methods for manipulating untrusted data Strings into RFC-Compliant Strings for a given context by removing "bad" data from the untrusted data.

This class does not have a constructor, so you cannot create it directly.

Method	Description
static forHtmlContent(String)	Filters illegal characters from a given input for use in a general HTML context.
static forHtmlInDoubleQuoteAttribute(String)	Filters illegal characters from a given input for use in an HTML Attribute guarded by a double quote.
static forHtmlInSingleQuoteAttribute(String)	Filters illegal characters from a given input for use in an HTML Attribute guarded by a single quote.
static forHtmlUnquotedAttribute(String)	Filters illegal characters from a given input for use in an HTML Attribute left unguarded.
static forJSONValue(String)	Filters illegal characters from a given input for use in a JSON Object Value to prevent escaping into a trusted context.
static forJavaScriptInAttribute(String)	Filters illegal characters from a given input for use in JavaScript inside an HTML attribute.
static forJavaScriptInBlock(String)	Filters illegal characters from a given input for use in JavaScript inside an HTML block.
static forJavaScriptInHTML(String)	Filters illegal characters from a given input for use in JavaScript inside an HTML context.
static forJavaScriptInSource(String)	Filters illegal characters from a given input for use in JavaScript inside a JavaScript source file.
static forUriComponent(String)	Filters illegal characters from a given input for use as a component of a URI.
static forUriComponentStrict(String)	Filters illegal characters from a given input for use as a component of a URI.
static forXmlCommentContent(String)	Filters illegal characters from a given input for use in an XML comments.
static forXmlContent(String)	Filters illegal characters from a given input for use in a general XML context.
static forXmlInDoubleQuoteAttribute(String)	Filters illegal characters from a given input for use in an XML attribute guarded by a double quote.
static forXmlInSingleQuoteAttribute(String)	Filters illegal characters from a given input for use in an XML attribute guarded by a single quote.

assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values

static forHtmlContent(input: String): String

Filters illegal characters from a given input for use in a general HTML context. E.g. text content and text attributes. This method takes the UNION of allowed characters among all contexts, so may be more imprecise that the more specific contexts. Generally, this method is preferred unless you specifically understand the context in which untrusted data will be output.

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forHtmlInDoubleQuoteAttribute(input: String): String

Filters illegal characters from a given input for use in an HTML Attribute guarded by a double quote. This method is preferred if you understand exactly how the output of this will be used in the HTML document.

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forHtmlInSingleQuoteAttribute(input: String): String

Filters illegal characters from a given input for use in an HTML Attribute guarded by a single quote. This method is preferred if you understand exactly how the output of this will be used in the HTML document.

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filterd, if necessary

Returns:

• a properly filtered string for the given input

---

static forHtmlUnquotedAttribute(input: String): String

Filters illegal characters from a given input for use in an HTML Attribute left unguarded. This method is preferred if you understand exactly how the output of this will be used in the HTML document.

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forJSONValue(input: String): String

Filters illegal characters from a given input for use in a JSON Object Value to prevent escaping into a trusted context.

Example Usage:

Flow:

• Allow AlphaNumerics
• Remove all other characters

Parameters:

• input - ed input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forJavaScriptInAttribute(input: String): String

Filters illegal characters from a given input for use in JavaScript inside an HTML attribute. This method is preferred if you understand exactly how the output of the will be used in the page

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forJavaScriptInBlock(input: String): String

Filters illegal characters from a given input for use in JavaScript inside an HTML block. This method is preferred if you understand exactly how the output of the will be used in the page

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forJavaScriptInHTML(input: String): String

Filters illegal characters from a given input for use in JavaScript inside an HTML context. This method takes the UNION of allowed characters among the other contexts, so may be more imprecise that the more specific contexts. Generally, this method is preferred unless you specifically understand the context in which untrusted data will be output.

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forJavaScriptInSource(input: String): String

Filters illegal characters from a given input for use in JavaScript inside a JavaScript source file. This method is preferred if you understand exactly how the output of the will be used in the page

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forUriComponent(input: String): String

Filters illegal characters from a given input for use as a component of a URI. This is equivalent to javascript's filterURIComponent and does a realistic job of encoding.

Example Usage:

Allows:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forUriComponentStrict(input: String): String

Filters illegal characters from a given input for use as a component of a URI. This is a strict filter and fully complies with RFC3986.

Example Usage:

Allows:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forXmlCommentContent(input: String): String

Filters illegal characters from a given input for use in an XML comments. This method is preferred if you understand the context in which untrusted data will be output.

Note: It is recommended that you use a real parser, as this method can be misused, but is left here if a parser is unavailable to you

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forXmlContent(input: String): String

Filters illegal characters from a given input for use in a general XML context. E.g. text content and text attributes. This method takes the UNION of allowed characters between the other contexts, so may be more imprecise that the more specific contexts. Generally, this method is preferred unless you specifically understand the context in which untrusted data will be output.

Note: It is recommended that you use a real parser, as this method can be misused, but is left here if a parser is unavailable to you

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forXmlInDoubleQuoteAttribute(input: String): String

Filters illegal characters from a given input for use in an XML attribute guarded by a double quote. This method is preferred if you understand the context in which untrusted data will be output.

Note: It is recommended that you use a real parser, as this method can be misused, but is left here if a parser is unavailable to you

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---

static forXmlInSingleQuoteAttribute(input: String): String

Filters illegal characters from a given input for use in an XML attribute guarded by a single quote. This method is preferred if you understand the context in which untrusted data will be output.

Note: It is recommended that you use a real parser, as this method can be misused, but is left here if a parser is unavailable to you

Example Usage:

Flow:

• Allow AlphaNumerics and some Special characters
• Remove all other characters

Parameters:

• input - untrusted input to be filtered, if necessary

Returns:

• a properly filtered string for the given input

---